Online banking or mobile banking comes to mind when we think of cybersecurity in payments. We do not believe that our bank cards—debit or credit cards—are subject to cyberattacks. You must treat your bank cards with the same level of caution and security as you do your internet banking systems. With the introduction of contactless payment cards (or tap to pay as we know it), cybersecurity for bank cards is more important than ever.
Contactless payment cards allow customers to make payments by just tapping their debit or credit cards over an enabled contactless payment terminal such as a point of sale (POS) device. Tapping is an alternative to swiping or inserting a card into a payment terminal making it faster and easier to make payments. In most instances, tap to pay options do not require you to enter a PIN to authorize a payment up to a certain amount. In Eswatini, for transactions up to E500 you do not need to enter a PIN to complete the transaction, you just “tap and go”. However, for transactions above E500, you can still tap to pay, but you will need to enter PIN to complete the transaction.
HOW DO THEY WORK
Contactless payment cards communicate wirelessly with card readers using short-range Radio Frequency Identification (RFID). An RFID system consists of a tag, reader and antenna. When the tag is triggered by a pulse from an RFID reader device, data is transmitted to the reader enabling a payment. With RFID, the tag and the reader simply need to be within range (2cm for most card payments) for the transmission of data.
The speed and convenience, touch-free capabilities, and security of contactless cards are advantageous to both customers and retailers. The obvious benefit of contactless cards is the payment speed. The checkout process is up to 10 times faster with tap to pay, substantially faster than swiping, inserting, or cash. The COVID-19 pandemic raised anxiety levels. To avoid the spread of infectious viruses and reduce touch-contamination, tap to pay provides a touch-free payment option. To prevent counterfeit fraud, every contactless payment transaction, including tap to pay, contains a one-time use encryption code. In actuality, contactless cards have been determined to have the lowest fraud rate of any kind of payment.
As exciting as it may seem, contactless card payment options also come with some potential security concerns. First, because they do not require a PIN or a signature at authorisation, lost or stolen tap to pay cards can be used to make fraudulent transactions. With the contactless payment threshold of E500 in Eswatini, this means that thieves and opportunists can use a lost or stolen card to make substantial purchases over multiple transactions. Hackers can also modify the RFID tags on smart cards, enabling the transfer of users’ private data to an unauthorised device.
HOW TO PROTECT YOUR CARDS
Like many other payment methods, tap to pay requires that you assess your personal level of risk and decide whether you are willing to accept the associated risks. Here are some tips to help you decide if you should keep the tap to pay functionality enabled in your card.
THE SHORT AND SWEET OF IT
You must treat your bank cards with the same level of caution and security as you do your internet banking systems. This is especially true as we approach the festive season. Remember to always keep your contactless payment cards in check, and if you do not need it, do not sign up for it.