It’s the new payments buzzword – contactless. And for good reason. On May 31st, New York will become the first U.S. city to let the riders of their subways and buses start tapping a contactless bank card or their mobile wallet to pay fares. This is big news, as the U.S. significantly lags Europe in contactless adoption – with some research firms estimating that only 3% of U.S transactions are contactless.
However, experts don’t believe these low adoption numbers will continue, and many consider New York’s rollout of contactless transportation payments to be the first significant step in U.S. contactless adoption – with consultancies predicting a spike from just 5% penetration of contactless cards in 2018 to 56% penetration in 2022.
In contrast, the UK has seen a huge surge in adoption and usage of contactless cards, thanks in part to the fact that the London Transport System began accepting contactless payments in 2015. According to Mastercard, Europe leads contactless adoption globally – with almost 1 in 2 transactions, as of September 2018, being contactless. Visa finds that worldwide, contactless adoption continues to see strong growth, with nearly half of all face-to-face Visa transactions occurring with a tap outside the U.S. The company reports that:
- In Europe, more than two-thirds of face-to-face Visa transactions occur with a tap
- In Canada and CEMEA (Central Europe, Middle East, Africa), nearly 60% of face-to-face transactions occur with a tap
- In Asia Pacific, it is more than one-third of face-to-face transactions
Why Does the U.S. Trail Europe in Contactless?
Today, 80 out of Visa’s top 100 merchants by transactions in the U.S. currently offer customers the ability to tap to pay at checkout. But that doesn’t mean consumers are using this payment method.
According to Nick Starai, Chief Strategy Officer for NMI, there’s a fundamental difference between the U.S. and international markets in how contactless has been rolled out. For example, he notes that in some non-U.S. regions, card brands have mandated that their member banks issue contactless cards – which is not the case in the U.S., where the trend has been to let market forces take charge. Mobile wallet leaders like Apple Pay and Google Pay have needed to pave the way for contactless adoption, rather than having the payment networks or banks do it.
And the habit of handing over the plastic is going to be a tough one to break. A 2017 survey conducted by Forrester Consulting and commissioned by JPMorgan Chase found that 46% of consumers surveyed prefer paying with credit cards, while only 15% prefer mobile wallets to other forms of payment.
Experts believe, though, that the introduction of contactless in the New York transportation system could be the game-changer. Research firm A.T. Kearney states:
Just as contactless payments in the U.K. got a boost when the London Underground transportation system began using “pay as you go,” the implementation of the same technology by transit authorities in several major U.S. cities — including Boston, Chicago and San Diego, as well as New York — “should be a catalyst for broader contactless usage” nationwide, according to the authors of the report.
The reality is that contactless is one of the most convenient ways to pay, as the usage of smart phones rise globally, and will meet consumer demands for faster checkout by completing a transaction with just a single tap.
Securing Contactless Payments with P2PE
Even though contactless is highly convenient, it needs to be secured just like any other payment method – and this includes ensuring that contactless transactions are encrypted. Bluefin’s Chief Strategy Officer, Ruston Miles, states:
Many people think that there is something inherently secure about contactless. There isn’t. If it’s not encrypted, it’s not safe.
When you swipe a card, the magnetic stripe on the back of the card is physically swiped over an MSR (magnetic stripe reader). Point-to-point encryption (P2PE) encrypts the data inside of the firmware of the MSR before it reaches the application and network communication area of the card machine. It’s very similar for EMV (chip cards); the chip is inserted and touches the ICCR (integrated chip card reader) where the card data is encrypted in the firmware of the ICCR. And it’s the same thing with contactless; the phone or card is tapped on a device that has an NFC (near field communication) radio. P2PE is then used to encrypt the card data inside the firmware of the NFC radio before it reaches the other areas of the card machine where it can be exposed.
Merchants and providers need to ensure that the data coming in through contactless is encrypted, because hackers only want card data – they don’t care if that data was gathered through tap, dip, swipe or key entry. Once a hacker installs malware on the network, point of sale, or inside of the card machine, they can get all the card data that is clear-text, no matter how that data was entered. All signs point to contactless becoming a dominant payment method in the U.S., making it even more important to protect the NFC radio with technologies such as P2PE.
For more information on Bluefin’s security solutions for point of sale and online transactions, visit https://www.bluefin.com/security-solutions/.