This subject came up a few weeks ago after a local news report on chip cards and fraud. I reached out to the local news agency for comment and received no reply. They stated that for consumers to avoid fraud with their chip card they needed to wrap their new Amarillo National Bank card in tin foil and place it in their wallet. Really? I have been in this industry for 20+ years, and apparently I need to invest in tin foil from Sam’s club to provide it to my clients. There is another local company that is selling and marketing “chip protectors”. I understand the need for keeping your financial data, but providing false hope or even mis-information is truly “fake news”, and creates an environment of fear. Below I have helped dispel some of the misconceptions that the public and even the industry has about Contact & Contactless chip cards.
Contact & Contactless cards have been widely adopted around the world, with customers appreciating the fast, frictionless payment experience they offer. But in the US, they are not very well known.
Despite the significant infrastructure in place for contactless (a third of merchants), not many people have a contactless card yet or have ever seen one used. But contactless card issuance is forecast to grow rapidly. And for its take-off to be successful, cardholders need to be confident about its security.
There are a number of common myths surrounding contactless EMV security that could hinder adoption, despite the benefits of faster checkout.
Here’s a rundown of the common myths and the reality behind them.
1. The myth: Long-range theft
This myth suggests that fraudsters would be able to use long-range RFID (radio frequency identification) readers to extract data from contactless cards over large distances. That data could then be used to access a cardholder’s accounts and steal money.
The reality: It’s not possible to use long-range RFID readers to extract data from contactless cards. The near field communication (NFC) technology in contactless cards uses a 13.56Mhz radio frequency that only transmits digital data within a very short range (typically 4cm or less). No communication can be performed beyond that short range.
2. The myth: Skimming close to the surface
According to this myth, a fraudster equipped with an NFC reader would be able to access contactless cards in someone’s pocket or bag in crowded public spaces. They would then be able to extract enough data to make a counterfeit card or complete online purchases.
The reality: Only a genuine POS (point of sale), provided by an acquiring bank, is capable of communicating with the card. In contactless mode, key data such as a cardholder’s name are blocked, meaning that any attempt to skim data from a contactless card would access less key data than can be read on the front of a card.
3. The myth: Spend, spend, spend
Because low-value contactless transactions can be made without requiring a PIN code, this myth says that a thief could spend large amounts of money through many repeated small purchases.
The reality: Even with a lost or stolen card, the total possible fraud amount would be low. In countries like France and the UK where small amounts of contactless transactions are authorized off-line, the number of contactless transactions that can be made in a row with a contactless EMV card is limited. After a certain number of transactions, a reset with chip and PIN in contact mode is required or the card will automatically stop functioning in contactless mode.