Security Risks of Contactless Payment

Uploaded on 2020-07-17 in FREE TO VIEW, BUSINESS-Services-Financial, TECHNOLOGY--Developments

Consumers are driving the push towards contactless payment, with credit card companies revealing double-digit increases in its use during the first quarter of 2020. Contactless payment was first used in the 1990s and currently with Covid companies and consumers are looking for ways to conduct business with as little physical interaction as possible.

Organisations have been steadily increasing reliance on digital options and implementing new regulations for all sorts of interactions. For example, event management asks patrons not to bring bags or purses and to empty their pockets at metal detectors in order to streamline traffic flow at gates and ticket booths.

Consumers are also minimising what they carry, which means less cash on hand. The more they can conduct business with their phone, the better, for convenience and efficiency. But given this shift to using our phones for payment, are organisations doing enough to ensure mobile security?

The Rising Popularity of Contactless Payment

Non-contact forms of payment have been put to use mostly by corporations. The move to digital payments has been slow for small and mid-size businesses (SMEs), which often lag behind enterprises when it comes to digital and cyber security enhancements.

Expect this to change as more customers feel that using their phone and contactless mobile payments is the safest way to exchange money.

Further, don’t expect that credit card companies are the only players in this contactless exchange. Apps like Venmo, Zelle and PayPal, as well as company-owned payment options, are more frequently preferred by consumers.

With Convenience Comes Risk

Contactless payment is convenient, but like any technology, it comes with both mobile security and data privacy risks. Because you don’t need a PIN, a lost credit card or stolen device potentially gives a criminal easy access to your account.

  • A phone without the proper security features in place makes it easy for anyone to ring up purchases without detection. Because many of these transactions happen without a receipt, it is difficult for the owner to prove the charges were fraudulent.
  • Contactless credit cards use radio frequency identification (RFID) to transmit the data, and hackers have been successful in making fake scanners or using card skimmers designed to steal data transmitted via RFID.
  • If a hacker gets the information from the card or wallet, they can create cloned cards. Mobile wallets, on the other hand, rely on near-field communication (NFC) that transmits data within a very close range. It remains one of the most secure ways to conduct financial transactions.

Since contactless payments can decrease fraud through more secure methods of transmission and mobile device locks, the biggest threat could be data privacy.

Contactless systems collect immense amounts of data from users and can use that information to track them. Any time you download an app to your smartphone, there is a risk of malware or man-in-the-middle (MitM) attacks that can access information stored on the device, bank account numbers, personal information or confidential work files to name a few types, as well as social engineering and phishing scams designed to steal sensitive data.

Mobile Security Decreases Risk

While consumers need to be aware of the risks involved with contactless mobile payments, organisations also need to mitigate potential risks on their side, especially if mobile devices within the corporation are used for both personal and business use.

Tapping Without Checking

Contactless payments are so simple to make that it’s easy to forget to check the amount before tapping. Research from card payments firm PaymentSense in 2017 showed that we’re more likely to be overcharged when we pay using contactless technology than any other way. They set up an experiment in London to check how good we are at spotting being charged the wrong amount.Their pop-up coffee stall accepted contactless payments but deliberately entered the wrong amount into the card machine. 

It found around 53% of shoppers were overcharged when using contactless payments compared to 41% when using cash. The research also found as many as 15% don’t request a receipt so we’re even less likely to notice we’ve been charged incorrectly.

Security Intelligence:       Cyware:           LoveMoney

You Might Also Read: 

Hackers Are Focused On Hijacking Payment Data:

 

« Australia To Spend Another A$1billion On Cyber Security
Hackers Targeting Turkey & Syria With Spyware »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CommuniTake

CommuniTake

CommuniTake builds security, enablement, and management solutions to provide people and organizations with better, and more secure mobile device use.

_cyel

_cyel

_cyel is introducing a new cybersecurity strategy: not a new generation of patches and firewalls, but moving target security – we take away the targets. Without replacing your existing system.

SEPPmail

SEPPmail

SEPPmail is a patented e-mail encryption solution to secure your electronic communication.

Johnson Controls International

Johnson Controls International

Johnson Controls is a global diversified technology company with a focus on smart cities, energy, infrastructure and transportation including the security of automation and control systems.

Calero Software

Calero Software

Calero is a leading global provider of Communications and Cloud Lifecycle Management (CLM) solutions designed to simplify the management of voice, mobile and other unified communications services.

RackTop Systems

RackTop Systems

RackTop Systems is the pioneer of CyberConverged data security, a new market that fuses data storage with advanced security and compliance into a single platform.

Qmulos

Qmulos

Qmulos’ real-time continuous monitoring risk management suite, Q-Compliance, provides a massively flexible and scalable solution to optimizing operational security.

DataExpert Singapore

DataExpert Singapore

DataExpert Singapore provide solutions and services in the areas of Digital Forensics, Data Recovery, Data Duplication, Data Degaussing & Wiping, Data Destruction, and IT Disposal.

Edgile

Edgile

Edgile is the trusted cyber risk and regulatory compliance partner to the world’s leading organizations, providing consulting, managed services, and harmonized regulatory content.

ImmuniWeb

ImmuniWeb

We Simplify, Accelerate and Reduce Costs of Security Testing, Protection and Compliance.

Cybolt

Cybolt

Cybolt helps companies, organizations, and governments manage digital risks and live in an environment of confidence and certainty.

Suresecure

Suresecure

Suresecure are a specialised consulting company providing Strategic IT security consulting, Managed Security Services, and Incident Response Management.

Redbot Security

Redbot Security

Redbot Security provides industry leading manual penetration testing. Protecting critical systems and data - red team attack and breach simulations, (OT) critical infrastructure testing.

Vala Secure

Vala Secure

Vala Secure is a cybersecurity and compliance consultancy that always stays ahead of regulations, future threats and ever-changing security environments.

Pakistan Telecommunication Company Limited (PTCL)

Pakistan Telecommunication Company Limited (PTCL)

Pakistan Telecommunication Company Limited (PTCL) is the largest integrated Information Communication Technology (ICT) company of Pakistan.

Safe Decision

Safe Decision

Safe Decision is an information technology company offering Cyber Security, Network, and Infrastructure Services and Solutions.