In Europe, all contactless transactions are done with NFC (near field communication) technology, which is based on short-distance radio communication. When a unit with an RFID chip is held close to an NFC-enabled device, the chip is activated and sends out information that the device can pick up. This allows, for example, a terminal to communicate with a card without any physical contact – while cutting the payment time in half.
Consumers have been worried about the information on their contactless cards being stolen by a person walking past with an NFC device. But thankfully, the data within the card’s
chip is actually encrypted and for each payment it sends out a unique transaction number instead of the actual card information. This makes it nearly impossible for someone to swipe your contactless card through your pocket and create a functioning counterfeit version of it.
We have previously written about the EU’s new payment service directive, PSD2, and how it affects online merchants. But from an in-store perspective, PSD2 also gives contactless payments a new level of security if the card itself is stolen. With PSD2, the consumer will be asked to put in their PIN if they make five contactless transactions in a row or reach a cumulative value of 150€. This means that there is a limit to the use anyone can get from a stolen card.
Together with the technical safety solutions, all large card schemes have also agreed on a global zero liability policy, that ensures that card holders are not held responsible in most cases where their cards have been misused to make unauthorized transactions.
And one final reason why contactless payments are safe, is that they require no PIN. When you swipe a card or mobile phone next to the payment terminal, the PIN cannot be seen and stolen by anyone who is watching.