The technology behind tap to pay: is it safe?

As of the start of January 2021, New York subway users can use tap to pay at every station in the rail network. For those of us who live in London and have been using this technology on the tube since 2014, it may not seem huge news that this technology is finally becoming more widespread in the travel industry.

However, for users who are unfamiliar with this technology, there will undoubtedly be questions as to how it works and if it’s safe to use. This post will hopefully provide you with some clarity so that you can make an informed decision about whether you want to use this technology in the future.

How does the tap to pay technology work?

Tap to pay is a form of contactless payment that allows a customer to place their card or device (like your smartphone) against a reader to pay their transit fare, instead of loading money onto a metro card. 

When both reader and payment devices are close together (less than 4cm apart) and activated, encrypted information is exchanged between the card or device and the reader. This transfer of data occurs due to a type of radio technology called near-field communication (NFC).

This exchange of data follows four key steps:

1) The reader transmits the data it receives to a card processing network, like Visa. 

2) The network checks the data is in the correct format and forwards this information to an issuer.

3) The issuer does a fraud risk assessment. 

4) Once the issuer confirms the payment looks good and that you have sufficient funds the data flows back to the card network and the payment is approved, all within a matter of seconds.

If, at any one of these points, an error occurs, the payment will not complete and you will be denied from passing through the turnstile. 

Is the technology secure?

With regards to data privacy the technology can be considered completely secure. Your name is never transferred in the transaction process and each time you go to tap your card, the device generated encrypted information changes. This means if a malicious actor were to intercept the details somehow, the data stolen would only be useful for one transaction. 

Nonetheless, there are concerns that if a thief had a portable point of sales terminal and stood very close to you on the metro that they could steal money (up to the transaction limit set by each country). To reduce this type of fraud occurring, after five successive contactless transactions your bank is supposed to require you to type out the PIN to continue making transactions but, by then, some damage might have already been done.

How to increase the security of tap to pay transactions

One of the best things you can do to increase the security of tap to pay travel transactions, is to enable payment notifications from your bank on your phone – if you use mobile banking. With these notifications turned on, you can clearly see a record of your transactions as they happen. This means you can tell your bank early if you don’t recognise a payment. 

Additionally, if you are using a mobile device to make tap to pay payments, you may also want to consider adding two factor authentication, such as biometrics, or a passcode. That way, as you place your device on the reader to make the payment, your bank has an extra layer of security confirming it is you using the card. Understandably though, this is more difficult if you are using Face ID as your two factor authentication, especially if you are wearing a mask on the metro. 

Interestingly, in 2021, we also expect to start seeing the commercial rollout of biometric payment cards. These credit cards verify your contactless transactions with the help of your fingerprint and will help prevent contactless credit card fraud. If you can get your hands on one of these cards, your tap to pay and contactless transactions will be even more secure.

Lastly, try and keep your payment cards in a wallet and in a bag if possible. By increasing the thickness of materials between you and any card readers you reduce the risk of fraud via a person with a terminal nearby. 

It is worth noting that any fraud carried out by a contactless transaction is normally 100% refundable by your bank, so be sure to check your bank statements regularly for anything that looks suspicious.

If you have any questions or other technology queries comment below or tweet @techtroublesho1.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s