As the UK enters another lockdown and only essential shopping and travel is permitted, many will use contactless technology as a quick, and hopefully safe, means of paying for their goods and services.
The way we shop has evolved since the world was plunged into a global pandemic in early 2020, with the projected growth of contactless services only increasing. There is also talk of yet another rise in the amount spent in one transaction, possibly from the current £45 to £100 now that Brexit has taken place.
One thing to note is that contactless fraud is treated like any other kind of fraud and your bank should give you your money back, as long as you can prove you haven’t been negligent.
Here, The Fintech Times talks to those in the industry to discuss the potential benefits of contactless payments, and what security problems consumers should be aware of.
CAN CONTACTLESS BE SKIMMED?
Harman Singh is the Director at Cyphere, a technical risk services provider helping customers protect their most prized assets across UK and Europe. He said, “Although contactless payments limit exposure to the coronavirus and are safe for everyone, one may not be sure if they are protecting from fraudsters. In recent times, contactless fraud rates have come down overall. Although there are cybersecurity risks to contactless payments, they do not outweigh the safety measures in place for most consumers. Therefore, contactless payments are probably the safest option.
“Unfortunately, there are a few myths that are causing more scares than actually a risk from practical perspective. EMV (chip) cards issued by our banks in the UK secure the cardholder data and encrypt all communication through a Point of Sale terminal (PoS). These contactless cards do not work like the old magnetic stripes.”
Singh worries that the public is concerned with two such myths, the possibility of short distance skimming when using near-field communication (NFC), which is most commonly used by mobile payment services such as Apple Pay and G Pay, and repeated purchases from a stolen card.
Singh adds, “When it comes to NFC/short distance skimming, it is possible to skim a card, however, it’s not possible to skim a card without special apparatus. This special apparatus is a POS, provided by the relevant bank, which can communicate with the card. Someone using a bank’s provided PoS is easy to trace and banks have extra measures in place to block such suspicious transactions automatically.
“As for repeated purchases from a stolen card, while low-value transactions do not require user PIN to complete a transaction, there is a myth that a threat actor can repeat these transactions to rake up many £s. However, banks have limitations in place where only a limited number of contactless transactions can be made. Furthermore, tech-savvy banks even provide countermeasures such as being able to freeze your card facility through your banking app as soon as you notice.”
DOES USING CONTACTLESS KEEP US SAFER?
Ketan Parekh, Managing Director of Financial and Insurance Services at Fujitsu, said: “Ever since the coronavirus pandemic, online banking, eCommerce and contactless payments have become essential to day-to-day living. However, this has presented cybercriminals with an increased opportunity to exploit consumers online; the National Cyber Security Centre (NCSC) defended the UK from 723 cyber incidents in the last year, with around 200 related to coronavirus. This renewed focus for speed and convenience through digital services, underpinned by a need for safety, must be tempered with an awareness and understanding of how to mitigate risks in a digital-first world.
“As we continue to protect consumers by reducing physical presence and cash payments, a move toward a cashless society and ensuring digital currencies are easily accessible will be a priority. Offline digital wallets have improved and could provide the anonymity and security needed to adopt cashless payments at a scale.
“This could be done through smartphones but banks are also looking at plastic cards that use biometric authentication, which would be able to verify the identity of a user and hold offline digital currency. These alternatives to physical currency have the potential to tackle the safety barriers we face in a socially distanced society, while also giving consumers the confidence in a cashless society ensuring that no one is left behind.”
WHAT ARE THE RISKS WHEN SHOPPING ONLINE?
Gav Winter, CEO of RapidSpike outlines the key risks when shopping online and what eCommerce can do to make consumer shopping even safer.
“Magecart attacks, also known as web-skimming, formjacking or supply chain attacks, are a client-side attack method used to steal customers’ payment data from websites. Some attacks last weeks or even months. They are currently the number one threat to e-commerce sites today.
“These attacks occur by exploiting a vulnerability on the webserver to gain access to the website to either inject malicious JavaScript code into an existing file or edit the HTML of the website to call a new third-party JavaScript file that includes the malicious code. Third-party services include; advertising tools, customer analytics, live chat, and more.
“eCommerce owners need to take responsibility for customers’ data by actively monitoring where data is being sent to from their website and being alerted of any new hosts. RapidSpike advocates a layered approach using multiple tools to ensure coverage across a variety of potential security issues. Companies need to have security measures in place to both prevent and detect attacks.”
WHO USES CONTACTLESS?
According to Oded Zehavi, the CEO of Mesh Payments, contactless has seen a rapid growth since the first UK lockdown in March 2020 as businesses rush to innovate work from home solutions. He said, “Although individuals are affected during lockdown, we are seeing that driven by the need for remote payments and due to the fact that corporates have had to move off-premises (working from home) there has been a 10x growth in the shift from traditional plastic corporate cards to contactless solutions like Mesh Payments.
“We have been able to help companies globally to shift their corporate payments into controlled virtual cards, enabling them to use mobile wallets, i.e. Apple Pay for corporate spend.”
IS MOBILE CONTACTLESS SAFE?
Ian Mizon is the owner of Argentum Card Pay, here he says; “Contactless payments are one of the safest and most secure methods of financial transactions, and as more businesses add the technology and more consumers want to reduce physical contact as much as possible, the use of mobile wallets will only increase in the coming months. Tackling the security concerns around mobile usage now can save you from potential cybersecurity incidents in the future.”
Ian’s top tips include:
- Adding multi-factor authentication (MFA) to the transaction. Mizon adds, “Yes, mobile payments are supposed to be quick and easy for everyone, but staying secure takes an extra couple seconds by requiring a password, a digital signature or some form of physical or biometric identification.”
- Making sure all transactions are encrypted.
- Using device-centric cryptography, which verifies the information is coming from a singular device and can’t be shared with another. This way, hackers can’t steal the information and use it on their phones, cutting down on fraud.
- Ensuring your company continues to follow all Payment Card Industry (PCI) Security Standards Council guidelines for credit card transactions and all data privacy regulations for using and storing any information gathered.
