Forget about swiping your credit card or inserting a chip. Use of tap-and-go cards is catching on because it’s a simple way to speed through the checkout line. But are these contactless cards safe?
Some worry that the technology could allow thieves to commit credit card fraud with special chip readers. But tap and go could be a safe way to go.
Contactless Credit Cards Are the Next Step in Card Security
Tap-and-go credit cards provide about the same level of security as EMV chip cards but more convenience. EMV chips, which came to the U.S. just a few years ago, are much more secure than magnetic strips on the back of cards.
“The only uniqueness between contactless and EMV is, instead of having to insert your card and wait for the transaction to complete,” says Dan Sanford, head of global contactless payments at Visa, “you can just tap to pay and then go on with your life.”
The convenience factor may be one reason behind the rise of contactless payments. More than 100 million tap-and-go cards will be issued in the U.S. by the end of 2019, according to Visa. American Express, Capital One, Chase, Citi and Wells Fargo provide these cards.
Tap-and-go cards use the same near-field communication, or NFC, technology as mobile wallets such as Apple Pay. When you tap your card to the reader, a chip and an antenna in the card send a token via radio waves to complete your purchase.
That token is a random set of numbers and symbols that represents your card data and is distinct for each purchase. This means that if a fraudster steals your transaction data, it can’t be used again to make an unauthorized purchase. It also can’t be reverse engineered to get back to your card number.
The same process happens when you insert your card into a chip reader, except tap-and-go cards are much faster. An EMV transaction takes about 30 seconds, while a contactless payment takes between 13 and 15 seconds.
Does NFC Technology Have Flaws?
They may be called tap and go, but these cards can still process your purchase without touching a card reader. A card can communicate information from a distance of a few centimeters.
In theory, someone could use an NFC card reader to commit fraud through a victim’s pocket in a crowded public place, such as at a coffee shop or on a train. But this form of fraud is not a viable threat, according to the Identity Theft Resource Center. No documented cases exist outside of controlled environments.
Tokenization, the process that supports EMV and tap-and-go cards, removes the threat of card data theft. Data breaches can and do happen with magnetic strip cards.
“For all intents and purposes, fraudsters can’t re-create that unique code that protects both contactless and EMV technology from fraud,” Sanford says.
The bottom line: Consumers have little to worry about with tap-and-go credit cards. These cards offer security and peace of mind, making them worth using whenever you can.
How to Find Out if You Have a Tap-and-Go Credit Card
Check your credit card for the contactless symbol. The emblem has a set of four curved lines that look like radio waves. It resembles a Wi-Fi icon turned on its side.
You can use your card at any card reader with this symbol.
If you don’t see the logo on your card, call your issuer. Your issuer may have tap-and-go cards but simply hasn’t sent you one yet.
Should You Get an RFID-Blocking Wallet?
As use of contactless credit cards increases, RFID-blocking wallets have become a way to prevent card data theft. NFC is a subset of radio-frequency identification technology, or RFID.
These wallets use a mesh material made of conductive metals, such as copper, nickel or silver. The material cancels outside electromagnetic fields, say, from an NFC card reader.
You can save your money for now. You don’t need a special wallet because identity thieves haven’t stolen credit card data this way.
“Certainly, you can use an RFID wallet if you feel that makes you safer,” says Jason Glassberg, co-founder and managing principal of Casaba Security, a cybersecurity firm. “But there are really no known attacks against these NFC-aware credit cards right now.”
Tap-and-Go Credit Cards Don’t Stop All Fraud
NFC technology in a contactless credit card can keep your card data safe when making in-store purchases. But you’re still exposed to other forms of credit card fraud.
“All of these security measures that they put in the cards for when you’re giving the card to someone (have) drastically decreased that kind of fraud,” Glassberg says. “But card-not-present fraud is actually increasing.”
A 2018 study by Javelin Strategy & Research found that card-not-present fraud is 81% more likely than in-store fraud.
Card-not-present fraud can happen when you shop online and type in your card number or when you provide it over the phone, Glassberg says. Anyone who can access that data could use it to make purchases online without the merchant confirming whether it’s you.
Say you use the same password for your LinkedIn and Walmart.com accounts. If LinkedIn has a data breach, hackers may try to use stolen login information on a few websites. If they try Walmart.com and succeed, they may place an order using your saved credit card but ship it elsewhere.
You can protect your card data by using tap and go as much as possible. Of course, technology helps but doesn’t replace vigilance. Use your card data with care to avoid making identity theft easier.