Tap or dip? Are contactless cards safer than chip cards?

In recent years, the payment industry has encouraged customers and businesses to shift from magstripe technology in favor of:

• EMV credit cards 
• Contactless payments 

Both are more secure than their legacy magstripe counterparts, but which one offers the most protection from payment fraud? 

A closer look at EMV credit cards

EMV credit cards come with embedded security chips that are difficult to clone. As such, the original card must be present when initiating in-store purchases. Instead of “swiping” their plastic at the checkout counter, customers can “dip” their EMV cards into the chip reader. 

In most countries, authorizing the purchase requires a personal identification number (PIN) that only the user knows. This chip-and-PIN technology exists in the U.S., but some issuers also distribute chip-and-signature cards, too. 

Even though the credit card companies no longer require signatures as an authorization step, many merchants (and consumers) still expect it. This means if a criminal were to get his or her hands on a physical EMV credit card enabled with chip-and-signature capability, the criminal may technically be able to authorize fraudulent purchases using a forged signature.

A closer look at contactless credit cards

Contactless credit cards leverage near field communication (NFC) technology to establish a wireless connection with the cashier’s credit card reader. The transaction is initiated when the customer taps or waves his or her contactless card over the reader, but for a connection to occur: 

• The cashier must first ring up the sale 
• The contactless symbol must be displayed on the front of the card
• The card must be within inches of the terminal 

The transmission is secure, and since contactless cards are also typically EMV cards, they share the same encryption technology, making it difficult for a thief to create a counterfeit card.

Although because contactless cards don’t necessarily require the user to enter a PIN number, a thief could technically make a purchase if the card got into the wrong hands.

Which option is safer: contactless cards or EMV chip cards?

Both payment options are safer than magstripe plastic, but they also both possess security limitations: 

• Cards that use a signature requirement are easy to abuse if they ever fall into the wrong hands. After all, anyone can forge someone else’s signature. 
• When shopping online, it doesn’t matter which type of card you use. All credit cards use a three- or four-digit card verification value (CVV) or card identification number (CID), otherwise known as the code on the back of the card (or on the front of American Express). 

Additionally, if your card still has a magstripe on the back, it can still be used to make purchases with legacy readers. A thief could theoretically: 

• Steal an EMV chip-enabled credit card 
• Tell the cashier that his or her “chip” is broken 
• Request that he or she be allowed to “swipe” instead 

Unless a cashier is properly trained to identify a potential fraud threat, the transaction will go through. The same could hold true if that thief starts with a stolen contactless credit card instead. 

Yet, contactless payment technology does have one major advantage over EMV credit cards. 

Contactless technology means you can leave the card at home

It’s possible to securely “link” credit cards to smartphones or wearable devices — provided they also come with NFC capabilities. This makes it much harder to steal a user’s payment information since: 

• The smartphone or device must be unlocked first 
• The correct mobile payment app must be open 
• Two-factor authentication is enabled
• The phone or device must be very close to the terminal 

Payments made through mobile wallets, like Apple Pay® and Google Pay™, on smartphones or wearable technologies can benefit from the most fraud protection. Because legacy, contactless, and EMV credit cards can all be linked to NFC-enabled devices, this may be the safest strategy. 

Offer your customers secure payment options

While contactless payments are gaining more popularity, especially in the wake of a pandemic, some of your customers might still prefer using physical credit and debit cards, most of which now come embedded with an EMV chip.

Smart businesses take precautions to help reduce fraud risks within their payment environments. In addition to choosing a PCI-compliant payment processor and upgrading to payment terminals capable of accepting EMV and NFC payments, it’s important that you explore security features such as: 

• Credit card tokenization 
• Point-to-point encryption 

To learn more, schedule a free consultation with our merchant services team today.

The above is provided for information only and should not be relied on for other purposes.

* “Should Small Business Require Receipt Signatures,” Business News Daily, 4 December 2020