Security Risks of Contactless Payment

Consumers are driving the push towards contactless payment, with credit card companies revealing double-digit increases in its use during the first quarter of 2020. Contactless payment was first used in the 1990s and currently with Covid companies and consumers are looking for ways to conduct business with as little physical interaction as possible.

Organisations have been steadily increasing reliance on digital options and implementing new regulations for all sorts of interactions. For example, event management asks patrons not to bring bags or purses and to empty their pockets at metal detectors in order to streamline traffic flow at gates and ticket booths.

Consumers are also minimising what they carry, which means less cash on hand. The more they can conduct business with their phone, the better, for convenience and efficiency. But given this shift to using our phones for payment, are organisations doing enough to ensure mobile security?

The Rising Popularity of Contactless Payment

Non-contact forms of payment have been put to use mostly by corporations. The move to digital payments has been slow for small and mid-size businesses (SMEs), which often lag behind enterprises when it comes to digital and cyber security enhancements.

Expect this to change as more customers feel that using their phone and contactless mobile payments is the safest way to exchange money.

Further, don’t expect that credit card companies are the only players in this contactless exchange. Apps like Venmo, Zelle and PayPal, as well as company-owned payment options, are more frequently preferred by consumers.

With Convenience Comes Risk

Contactless payment is convenient, but like any technology, it comes with both mobile security and data privacy risks. Because you don’t need a PIN, a lost credit card or stolen device potentially gives a criminal easy access to your account.

  • A phone without the proper security features in place makes it easy for anyone to ring up purchases without detection. Because many of these transactions happen without a receipt, it is difficult for the owner to prove the charges were fraudulent.
  • Contactless credit cards use radio frequency identification (RFID) to transmit the data, and hackers have been successful in making fake scanners or using card skimmers designed to steal data transmitted via RFID.
  • If a hacker gets the information from the card or wallet, they can create cloned cards. Mobile wallets, on the other hand, rely on near-field communication (NFC) that transmits data within a very close range. It remains one of the most secure ways to conduct financial transactions.

Since contactless payments can decrease fraud through more secure methods of transmission and mobile device locks, the biggest threat could be data privacy.

Contactless systems collect immense amounts of data from users and can use that information to track them. Any time you download an app to your smartphone, there is a risk of malware or man-in-the-middle (MitM) attacks that can access information stored on the device, bank account numbers, personal information or confidential work files to name a few types, as well as social engineering and phishing scams designed to steal sensitive data.

Mobile Security Decreases Risk

While consumers need to be aware of the risks involved with contactless mobile payments, organisations also need to mitigate potential risks on their side, especially if mobile devices within the corporation are used for both personal and business use.

Tapping Without Checking

Contactless payments are so simple to make that it’s easy to forget to check the amount before tapping. Research from card payments firm PaymentSense in 2017 showed that we’re more likely to be overcharged when we pay using contactless technology than any other way. They set up an experiment in London to check how good we are at spotting being charged the wrong amount.Their pop-up coffee stall accepted contactless payments but deliberately entered the wrong amount into the card machine. 

It found around 53% of shoppers were overcharged when using contactless payments compared to 41% when using cash. The research also found as many as 15% don’t request a receipt so we’re even less likely to notice we’ve been charged incorrectly.

Security Intelligence:       Cyware:           LoveMoney

You Might Also Read: 

Hackers Are Focused On Hijacking Payment Data:

 

« Australia To Spend Another A$1billion On Cyber Security
Hackers Targeting Turkey & Syria With Spyware »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Identiv

Identiv

Identiv is a global security technology company that establishes trust in the connected world, including premises, information and everyday items.

Japan Information Security Audit Association (JASA)

Japan Information Security Audit Association (JASA)

JASA is non-profit association active in developing and managing the quality of Information Security Auditing and Auditors in Japan.

MBL Technologies

MBL Technologies

MBL Technologies specializes in information assurance, enterprise security, privacy, and program/project management.

Blake, Cassels & Graydon (Blakes)

Blake, Cassels & Graydon (Blakes)

Blakes is one of Canada’s top business law firms serving national and international clients in specialist areas including cyber security.

Nubeva Technologies

Nubeva Technologies

Nubeva provide a breakthrough TLS Decrypt solution with Symmetric Key Intercept to gain the visibility needed to monitor and secure network traffic.

SecureLogix

SecureLogix

SecureLogix deliver a unified voice network security and call verification solution. Protect against call attacks & fraud.

In Fidem

In Fidem

In Fidem specializes in information security management, with a bold approach that views cybersecurity as a springboard to organizational transformation rather than a barrier to innovation.

MAXXeGUARD Data Safety

MAXXeGUARD Data Safety

MAXXeGUARD: The High Security Shredder. MAXXeGUARD easily destroys hard disks up to the highest security levels as well as other digital data carriers like SSD’s, LTO’s, USB’s, CD’s etc.

Enzen

Enzen

Enzen is a global knowledge practice that provides consulting, technology, engineering, operating and innovation services to the energy and utility sectors.

Vircom

Vircom

With a large majority of cyber attacks starting with email, Vircom provides protection against the worst email security threats to your business.

iNovex

iNovex

iNovex is a community of innovators that work together to solve hard problems. We partner with you to meet problems head-on and push boundaries with technology solutions.

Datapac

Datapac

Datapac is one of Ireland’s largest and most successful ICT solutions and services providers. We have been at the forefront of technology innovation in Ireland for the past three decades.

SecurityLoophole

SecurityLoophole

SecurityLoophole is an independent cyber security news platform with global coverage. Latest updates, reports, news and events related to cyber security.

HYCU

HYCU

HYCU was born of the need to simplify data protection and provide equivalent levels of backup and recovery support across on premises, public cloud, and SaaS workloads.

PureID

PureID

Protect your enterprise with PureAUTH #IAMFirewall, Resilient SSO platform, purpose built to provide Passwordless Authentication & Zero Trust Access, by default.

Infodot Technologies

Infodot Technologies

Infodot Technologies specialize in a co-managed IT support and services approach, where businesses share their IT responsibilities with a skilled Managed IT Services Provider (MSP).