After lagging behind the rest of the globe for years, the United States is finally beginning to adopt contactless payments. More people than ever are now tapping a contactless bank card or smartphone wallet to make payments in the U.S. The force behind this sudden change? Coronavirus.
As the pandemic continues, both consumers and merchants are now looking for ways to minimize germs. Contactless payments are a convenient way to handle less cash and minimize contact with point-of-sale devices. According to Mastercard, contactless payments jumped 40% in the first quarter of 2020 as the first wave of COVID-19 swept over the U.S.
Additionally, as businesses shut down and consumers sheltered in place, more transactions were forced to move online. Online payments saw an increase in Q1, with card-not-present transactions increasing 40% year over year.
Historically, Americans have been slow to adopt contactless transactions, unlike non-U.S. regions where contactless payments have long been the norm. Outside of the U.S., card companies and banks were mandated to roll out contactless cards. However, the U.S. has allowed market forces to lead the way for contactless cards, rather than make them mandatory. In 2018, only 3% of American bank cards were contactless, while 64% of cards in the U.K. and 96% in South Korea were tap-to-pay.
Are Contactless Payments Secure?
For U.S. consumers, concerns about security have long been a barrier to adoption. Prior to the pandemic, only 59% of consumers reported feeling confident in the security of contactless credit cards, as opposed to 89% who felt confident in magstripe cards. But this distrust in tap-and-pay cards isn’t necessarily warranted.
Contactless payments are generally safer than magnetic stripe cards. That’s because magstripe cards are easy for criminals to duplicate. Payment data is encoded in a pattern inside the magnetic stripe, which, when swiped through a fraudulent card reader or skimmer, is easy for thieves to clone.
Contactless and EMV chip cards, on the other hand, encode customers’ data in a way that can’t be duplicated. Tap-and-go payments use near-field communication (NFC) technology to communicate between the payment device and the microchip in the card or smartphone. Where a magstripe card uses the same code over and over again to store data, both contactless cards and mobile wallets use tokens, or one-time codes. Each time a customer touches to pay, a unique token is used to transfer their data.
Perhaps the biggest security concern around contactless forms of payment is data privacy. Large amounts of data traverse contactless payment systems, and without the right protection, that data is left vulnerable. That is why it is important for organizations to use point-to-point encryption, or P2PE, to encrypt sensitive data from the point of purchase to the processor.
However, not all POS systems automatically encrypt data.
“There are a lot of POS devices that accept contactless payments that don’t encrypt the data as it enters the terminal’s firmware,” said Ruston Miles, founder and adviser of Bluefin Payment Systems, in an interview with Digital Transactions.
“A lot of it has to do with the cost of P2PE, which is not mandated. Many merchants base their decision not to use a P2PE-certified solution on the scale of their transaction volume. The higher the volume, the higher the cost.”
While the cost of data security may be a consideration, the cost of a data breach is infinitely more expensive, with the average global cost of a breach at $3.8M – but rising to a whopping $8.64M average for U.S. breaches. That is why it is critical for organizations to invest in P2PE. Combined with tokenization, these security measures mean clear-text data never travels through a merchant’s payment system.
Are Contactless Payment Methods Cleaner than Swiping?
When it comes to germs, no major studies have been conducted on the safety of contactless payments versus chip cards or cash. But tapping to pay does reduce the amount of contact customers have with cashiers and point-of-sale devices, which could prevent the transfer of germs.
Because we raise our phones to our faces and touch them more often in general, paying with a mobile wallet may not be as clean as paying with a contactless card. Bank or credit cards usually don’t travel far outside of our wallets, and we don’t touch them nearly as often. So if you’re looking to minimize bacteria, a contactless card is most likely your best option.
But – where there is a need, there is invention and companies such as ENS Enclosures have introduced UV-Clean Solutions that used to eradicate harmful bacteria, including antibiotic resistant viruses (Coronaviruses, SARS and MERS), Staphylococcus aureus (MRSA) and Enterococcus (VRE), as well as E. coli, difficile, Proteus spp., Klebsiella spp and Listeria spp. Technologies such as these will be a great supplement to contactless payments.
Keep Your Contactless Payments Safe
Tap-and-pay methods may be more secure than a magstripe, but they still need extra layers of data security to create a defense-in-depth security strategy.
Whether you accept contactless payments, EMV chips, online transactions or even take payments through a call center, Bluefin is here to help you safeguard your customers’ data. Our PCI-validated point-to-point encryption (P2PE) and tokenization solutions ensure that sensitive information never traverses your system. We also offer one of the widest variety of P2PE-validated contactless devices on the market, interfacing with all of our products.
To find out more about our industry-leading cybersecurity solutions, contact Bluefin today.