Online banking or mobile banking comes to mind when we think of cybersecurity in payments. We do not believe that our bank cards—debit or credit cards—are subject to cyberattacks.  You must treat your bank cards with the same level of caution and security as you do your internet banking systems. With the introduction of contactless payment cards (or tap to pay as we know it), cybersecurity for bank cards is more important than ever.

Contactless payment cards allow customers to make payments by just tapping their debit or credit cards over an enabled contactless payment terminal such as a point of sale (POS) device. Tapping is an alternative to swiping or inserting a card into a payment terminal making it faster and easier to make payments. In most instances, tap to pay options do not require you to enter a PIN to authorize a payment up to a certain amount. In Eswatini, for transactions up to E500 you do not need to enter a PIN to complete the transaction, you just “tap and go”. However, for transactions above E500, you can still tap to pay, but you will need to enter PIN to complete the transaction.

HOW DO THEY WORK 

Contactless payment cards communicate wirelessly with card readers using short-range Radio Frequency Identification (RFID). An RFID system consists of a tag, reader and antenna. When the tag is triggered by a pulse from an RFID reader device, data is transmitted to the reader enabling a payment. With RFID, the tag and the reader simply need to be within range (2cm for most card payments) for the transmission of data.

BENEFITS 

The speed and convenience, touch-free capabilities, and security of contactless cards are advantageous to both customers and retailers. The obvious benefit of contactless cards is the payment speed. The checkout process is up to 10 times faster with tap to pay, substantially faster than swiping, inserting, or cash. The COVID-19 pandemic raised anxiety levels. To avoid the spread of infectious viruses and reduce touch-contamination, tap to pay provides a touch-free payment option. To prevent counterfeit fraud, every contactless payment transaction, including tap to pay, contains a one-time use encryption code. In actuality, contactless cards have been determined to have the lowest fraud rate of any kind of payment.

RISKS 

As exciting as it may seem, contactless card payment options also come with some potential security concerns. First, because they do not require a PIN or a signature at authorisation, lost or stolen tap to pay cards can be used to make fraudulent transactions. With the contactless payment threshold of E500 in Eswatini, this means that thieves and opportunists can use a lost or stolen card to make substantial purchases over multiple transactions. Hackers can also modify the RFID tags on smart cards, enabling the transfer of users’ private data to an unauthorised device.

HOW TO PROTECT YOUR CARDS

Like many other payment methods, tap to pay requires that you assess your personal level of risk and decide whether you are willing to accept the associated risks. Here are some tips to help you decide if you should keep the tap to pay functionality enabled in your card.  

1. Always know where your card is: tap to pay cards require that your card is within your sight at all times. Decide if you can ensure this by evaluating your lifestyle and people you are surrounded by to see if you can make this happen. 
2. Talk to your banks: find out if you can reduce the limit to below the default E500 and see if you can set up notifications to your mobile phone for every time a payment is made. 
3. Opt-Out (or do not opt-in): you are not forced to enable the tap to pay function on your card. If you feel the risks outweigh the benefits, call your bank, and ask that they disable it for you. 
4. Lost your card: report it to your bank ASAP so they can block the card. 
5. Get an RFID blocking wallet: If you find it necessary, buy an RFID blocking wallet to block the radio signals between a card reader and the RFID chip in your card, helping prevent malicious scanning.

THE SHORT AND SWEET OF IT

You must treat your bank cards with the same level of caution and security as you do your internet banking systems. This is especially true as we approach the festive season. Remember to always keep your contactless payment cards in check, and if you do not need it, do not sign up for it.