Since the pandemic began, consumers have gravitated toward doing business in the most socially distanced, touch-free ways. Ecommerce spiked with stay-at-home orders and the economic shutdown, and then, as people ventured out again to brick-and-mortar stores and restaurants, the number of contactless card transactions increased.

Not only are contactless card transactions fast and easy – consumers just “tap and go” for small dollar-amount transactions. They have the security of knowing that higher-dollar transactions require a cardholder to present the card and enter a personal identification number (PIN). Therefore, if a card is ever lost or stolen, it couldn’t be used fraudulently for large purchases.

As with anything, there is always the potential for vulnerabilities that you need to be aware of and ensure that there are measures in place to account for them, especially when it comes to payment security. A prime example of this is the recent research conducted by at the Swiss Federal Institute of Technology (ETH) in Zurich, where they discovered a hack that lets them bypass the limit for Visa contactless payments.

Understand Measures that Protect EMV and Contactless Card Transactions

As trusted advisors, it’s vital that software developers and ISOs understand the measures that card issuers take to keep transactions safe. Educating yourself and your client on relevant aspects of payment security can help you both make good decisions if there is a question about the legitimacy or security of a transaction. For example:

  • Card transaction qualifiers: Card issuers set CTQs, which determine actions taken to verify a transaction at the point of sale (POS). In some regions, terminals may be configured not to require any cardholder verification (CV) under a certain transaction amount. Knowing the limit for a contactless payment without CV can help merchants minimize fraud.
  • Real-time authorization: Most transactions are sent online for authorization by the card issuer at the time of the purchase. The issuer will perform anti-fraud checks, and merchants should always stay alert to messages from the issuer.
  • Offline transactions: Some industries may allow offline transactions, and those that do, occasionally can run into a transaction that can’t be authenticated in real-time. In these instances, there are additional authentications that are performed on card data. If the CTQ has been modified, such as in the case of bypassing a PIN, offline authentication will fail, and the transaction will be declined.
  • Tokenization vs. actual card numbers: Card numbers printed on contactless cards are different than tokens used by mobile wallets such as Apple Pay. When a transaction is sent for approval, a card issuer will be able to tell whether the card or a token stored in a mobile wallet was used. The issuer will also be able to tell if the transaction required a PIN – and if no PIN is given, the card issuer’s anti-fraud mechanisms should flag the transaction as potentially fraudulent and require that it be rerun on the contact card interface.
  • High-value transactions: When an amount is higher than the limit for a contactless transaction, the card type or mobile wallet, the payment terminal and the operating environment will determine how it should be validated.

In addition to these anti-fraud checks, the card issuer, the terminal and the card itself include other measures that validate transactions.

Never Assume Someone Else Is Handling Security

There’s little debate that EMV and contactless payment technologies have made a substantial impact on card-present security. In 2019, Visa reported that chip technology had reduced card-present fraud by 76 percent over instances in 2015 when EMV was first introduced in the U.S. However, as with any technology that’s designed to be flexible and to allow use in different operating environments, hackers may continue to find ways to exploit features for misuse.

Stay informed and study research findings such as those from ETH – they’re important for identifying potential vulnerabilities, helping to find ways to fix them and maintain the highest level of payment security for EMV and contactless card transactions.

Fill out the form below and we will get in touch with you shortly

The Generational Shift in Consumer Shopping Behaviors
NMI Insights

The Generational Shift in Consumer Shopping Behaviors

With every generation, consumer behaviors change. Gen Z (ages 18-24) and Zillennial (25-26) shoppers grew up online. Many don’t remember a tim...

Learn More
An Introduction to Payment Terms and Concepts
NMI Insights

An Introduction to Payment Terms and Concepts

The payments space has a language all of its own. Who are acquirers? What’s a payment terminal? What about a PayFac? Whether you’re a new busi...

Learn More
How NMI is Making 2023 the Best Year Yet for Our Partners
NMI Insights

How NMI is Making 2023 the Best Year Yet for Our Partners

The payments industry has changed dramatically over the past several years. In 2020, consumer expectations shifted, and we saw a sudden rise i...

Learn More
What You Need to Know About Buy Now, Pay Later Legislation
NMI Insights

What You Need to Know About Buy Now, Pay Later Legislation

What if you could finance and pay for a purchase over time without a credit check or signing up for a personal loan? Buy Now, Pay Later (BNPL)...

Learn More
4 Steps to Make Your ISO Business More Profitable in 2023
NMI Insights

4 Steps to Make Your ISO Business More Profitable in 2023

As headlines warn of a potential recession, consumers are tightening their belts in preparation for a challenging year. While so much negative...

Learn More
NMI Illustrations Blog 2 01
NMI Insights

NMI Achieves Milestone Year in 2022 With Industry Recognition, Acquisitions and New Partnerships

Through acquisitions and continued platform investments, the company will continue to support partners from sign-up to pay-out across the comm...

Learn More
The Evolution of Public Parking Payments
NMI Insights

The Evolution of Public Parking Payments

Parking payment solutions have evolved significantly since their inception. The first parking meters were installed in Oklahoma City in 1935 (...

Learn More
The State of Public Transportation in the United States, the United Kingdom and Europe
NMI Insights

The State of Public Transportation in the United States, the United Kingdom and Europe

'A developed country is not a place where the poor have cars. It's where the rich use public transportation.' - Gustavo Petro Public transpor...

Learn More
Marketplace Hero Website
NMI Insights

Adding Value to Payment Solutions: 3 Ways to Generate More Revenue

Generating more revenue can be tricky - especially as consumers and businesses tighten their belts and cut back on spending. Should you add mo...

Learn More
New NMI Report Finds Convenience and Speed Drive Consumers’ Eagerness to Try New Payments Innovations
NMI Insights

New NMI Report Finds Convenience and Speed Drive Consumers’ Eagerness to Try New Payments Innovations

SCHAUMBURG, IL – JANUARY 17, 2023 – NMI, a leading full commerce enablement technology company, today released its inaugural Payments Innovati...

Learn More