‘Contactless’ card payment fraud: Myth vs reality
Share this article
KUALA LUMPUR, March 20 — Humourist and philosopher Mark Twain once said, “Get your facts first, then you can distort them as you please.” Many “facts” on the Internet are more myth than reality.
Even card payment technology — like Visa payWave or the use of mobile phones to pay — is subjected to so called “experts” reporting half-truths or downright false information.
Many videos and social media posts claim it is easy to steal or clone a cardholder’s payment data, and therefore is vulnerable to fraud, simply is not true.
Despite the allegations, “contactless” forms of payment like Visa payWave are actually very safe to use.
Some videos and blogs claim that a thief equipped with a special scanner can lift Visa card data up to five to 10 metres away. The reality is that the Visa payWave card has an ultra-short read range of just about four centimetres.
That means the card must come very close to the reader to work. Anyone with a scanner would need to touch your wallet or purse.
Moreover, even if a thief manages to obtain card information, the type of data taken is limited and not sensitive. The data is simply not enough to facilitate fraud. Simply put, the stolen information is useless for counterfeiting or making a purchase.
Why? Visa payWave cards use advanced security features with an embedded chip. The cryptographic “keys” securely stored in the card generate a unique code every time you buy something. This makes fraudulent transactions easy to detect, and the chip makes it virtually impossible to clone a card.
Finally, contactless payments are not prone to accidental transactions. Some claim that it is possible to charge multiple debit or credit cards at the same time, or that walking near a point-of-sale (POS) card reader will charge the cards in your wallet.
The reality is that the POS machines scan only one card at a time, and, as stated, you need to be within four centimetres of the reader. Multiple cards only confuse the scanner.
Mobile phone and online payments
We use our mobiles for many aspects of our lives, including as a way to pay at a shop or online.
The good news is that they are filled with all the same security protections as a card, plus the added security of a PIN or thumbprint required to complete a transaction.
You are still protected even if you lose your phone. When you load your card into a phone using modern Apple Pay or Samsung Pay technology, the card number isn’t stored on the phone.
Rather a “token” or a new number exists that when run through the payment system triggers your card number; your actual card number is stored away in Visa’s payment system.
Once you have completed PIN or biometrics checks, only then is the payment approved.
Some videos and reports raise concern that online purchases can be easily completed using stolen payment data. This is also inaccurate.
Visa utilises a multi-layered approach to prevent fraud. For instance, you may be familiar with the Verified by Visa service that sends a one-time password to your phone.
To complete the transaction, you need to enter the code into the payment field before the transaction is completed. Unless you have your phone next to you, the purchase can’t be completed.
Another simple fraud prevention measure: the three-digit number printed on the back of your card located next to your name, also known as the CVV. Without it, online purchases are generally impossible. You have to be in possession of the card and enter it into the online purchase form.
With so many layers of security in place, fraud rates using cards and mobile phones are very low. Visa is always looking to keep not only the payment network safe — known as VisaNet — but also protect consumers, banks and merchants with the latest security features, many of which are unseen by the card user.
Payment security is Visa’s top priority. To ensure cardholders have a fast and easy payment experience, Visa will continue to invest in the latest fraud fighting technologies.
* Article courtesy of Visa.