PayPal & PayPass: How Contactless Payment Raises Security Concerns
14 Sept 2015Contactless payment has made credit card payments easier than ever, but should we have the choice to decide if we want to use it?
Back in March 2014, the Parliamentary Joint Committee on Law Enforcement launched an Inquiry into Financial Related Crime, with a two month window for public submissions to be made. In September 2015 the Committee handed down its report with one of a number of recommendation being that financial institutions which issue debit and credit cards create an ‘opt in’ function that requires customers to consent to contactless payment technology features being activated on their cards.
What is contactless payment?
There are a number of forms of contactless payment but arguably the two best known in Australia are Visa’s payWave and MasterCard’s PayPass technologies, whereby customers can pay for products and services by ‘waving’ or ‘tapping’ their card against payment terminals. The stated benefits for customers include faster transactions and in some cases, the ability to pay through the use of ‘near field communication’ (NFC) technology in mobile phones.
Currently in Australia customers can purchase up to $100 of items via this method without having to provide a PIN number.
How does contactless payment work?
There’s no need to wrap your credit card in alfoil or hide it at the bottom of your shopping bag. According to Visa, your card has to be waved within 4 centimetres of the card reader for more than half a second and the retailer must have first entered the amount for you to approve. Terminals can only process one payment transaction at a time, therefore reducing transaction errors.
Explanation of chip, PIN and contactless payments
So what are the problems with contactless payment?
According to the Committee, a number of public submissions raised fraud and security concerns with allowing purchases up to $100 with no secondary authentication.
The committee heard evidence from Victoria Police, for example, that the introduction of tap-and-go payments had led to a rise in low value fraud transactions using stolen cards by up to 100 transactions per week.
Victoria Police argued that whilst banks had weighed the cost of tap-and-go fraud against convenience and found it worked in favour of their balance sheets, they had failed to adequately recognise other policing concerns. Among them, said Victoria Police, was an increased motivation to steal credit and debit cards, which could drive and increase violent crime.
“The major banks provide a Zero Liability Policy to customers who are victims of fraudulent transactions,” said the Victoria Police submission. “This policy is clearly advertised in conjunction with ‘Tap and Go’ technology. Widespread promotion of the Zero Liability Policy is expected to motivate offenders who are likely to see that the victim will not be at a personal loss.”
Representatives of the banking industry disagreed that contactless payment technology poses a significant fraud threat, arguing that the contactless payment mechanism itself is not a large driver of fraud losses for consumers or the banks and is very popular with consumers.
The Committee, however, believes that consumers should have the option of disabling contactless payment features and has recommended that financial institutions which issue debit and credit cards create an ‘opt in’ function that requires customers to consent to contactless payment technology features being activated on their cards.
We’ll await further developments.
