How do contactless payments work, and are they safe?

How do contactless payments work, and are they safe?

For millions of people across the UK, paying for something in cash increasingly resembles a throwback to a bygone age.

Yet given the current pace of technological progress, using a credit or debit card to pay for items in shops might also be filed under “oh, how quaint” in the near future.

Contactless payments represent the latest weapon in retailers’ efforts to part us from our hard-earned, without requiring any signatures or PIN codes.

In fact, it’s almost too easy to make contactless payments.

To speed up checkout transaction times and encourage low-value purchases, more and more businesses are offering contactless payment services.

While many of us are already familiar with tapping a debit card against a chip-and-PIN pad, smartphones and wearable devices are increasingly performing payment duties as well.

But before the Pixel replaces the plastic, and splashing the cash turns into tapping an iPhone against a self-service checkout, how does this technology work?

More importantly, is it safe to use?

So near and yet so far

The phenomenon of contactless payments is all down to a little-known method of smartphone technology called Radio Frequency Identification.

RFID temporarily distributes a signal from a chip containing basic account details, across a distance of less than one inch to an antenna-equipped terminal.

This process is commonly known as Near Field Communication, or NFC.

Activating the relevant software with a PIN code or biometric ID instructs the device to start distributing payment data across the 13.56MHz radio frequency range.

Holding an NFC-enabled mobile device against a payment portal (like a wireless reader at a cash desk) should instigate an information exchange.

Account data stored in the device’s chip will be transmitted to the payment terminal, which then withdraws funds from your account and concludes the sale.

Can NFC data be seen by anyone else?

The information being shared between device and terminal is securely encrypted, and payment details are distributed using a one-time key which can’t be replicated.

A criminal would need some pretty sophisticated technology to eavesdrop on the discreet signals of an RFID transaction, even from a few feet away.

Because contactless information transfers eliminate human input, people can’t watch a PIN number being entered or see how you sign your name.

Without holding the device themselves, fraud would be impractical for anyone other than a semi-professional hacker.

To prevent opportunist snatch-and-grab thefts, most contactless smartphone applications are activated using biometric data – usually fingerprint or iris recognition.

There is also a limit on the number of contactless transactions anyone can make, while the value of each purchase is generally capped at £30.

So next time you’re buying a sandwich at Morrisons, you might be able to pay for it without removing your wallet or purse.

Just make sure you’ve tested your contactless software beforehand, to be confident it’ll activate on demand…

Back To Top