NFC Terminals and Contactless Payments
For merchants, it’s always a shame to miss out on a sale because you didn’t accept a customer’s preferred method of payment. For many consumers, convenience is the most important thing, and that means having fewer credit cards or other payment instruments to keep track of. That’s one factor driving the increasing popularity of contactless payments—and the distancing guidelines in place due to the COVID-19 pandemic are another.
To accept contactless payments like Apple Pay and Google Pay, merchants need terminals equipped with near-field communication technology. Are NFC terminals secure, and is it really a good idea for merchants to implement them?
Contactless payment systems allow consumers to make payments using a personal device—usually their smartphone or a special card—which communicates wirelessly with the merchant’s terminal, exchanging information and authenticating the payment without any physical contact. This can allow for a much faster, frictionless checkout experience, and a safer one as well, in terms of reducing the chances for surface-to-surface transmission of viruses and other contaminants.
The United States had been lagging behind other countries when it comes to embracing contactless payments, but recent polling shows that just over half of all Americans have used some form of contactless payment. Consumers tend to like these systems, with 85% anticipating that they will continue to use contactless payments in the future, so it behooves merchants who have not yet upgraded to NFC-equipped terminals to weight the costs and benefits and decide whether it makes sense to continue holding out.
How Does NFC Technology Work?
Near-field communication is a close range form of radio-frequency identification technology, which uses electromagnetic fields and radio transponders to allow wireless communication between devices. NFC and RFID are used in many common applications—for example, the key fobs and ID cards that open up office buildings and private garages.
In a payments context, NFC technology allows the consumer to transmit data wirelessly from their device, which could be a smartphone or a NFC-enabled contactless credit card, to the merchant’s terminal.
The merchant can them use that data to authenticate the payment without ever having to scan or insert a physical card, and the consumer does not have to enter a PIN or sign a receipt.
These systems are often billed as “tap to pay” because the consumer is encouraged to simply tap their device against the reader to get them in close enough proximity to transmit and receive data. Apple Pay, Google Pay, and Samsung Pay are the leading providers of smartphone-based contactless payment systems in the US, while contactless payment cards are offered by various issuing banks including Bank of America, Capital One, and Chase. Many payment processors, such as Square, offer low-cost NFC terminals that make it easy and affordable for merchants to start using them.
In addition, many chain stores, transit authorities, and other organizations that deal with a high volume of payments have started offering their own contactless payment systems.
How Secure are NFC Terminals?
Few merchants need it explained to them how contactless payments will create a smoother and quicker checkout experience—whether it’s EMV chips that stubbornly refuse to be read, fistfuls of cash that have to be counted and recounted, or checks slowly written out by hand, traditional payment systems have a way of slowing things down. The real question is whether or not contactless payments are safe from fraudsters, hackers, and other cyber-threats.
The main difference between NFC and a regular card payment is the fact that it’s wireless—a credit card would require a physical connection between the EMV chip and the card reader.
However, both systems tokenize the sensitive payment data so there’s nothing useful for hackers to steal on the merchant side. Much like EMV cards, contactless cards use a special chip (the Secure Element) to validate the cardholder’s identity. So far, there is no evidence that the wireless aspect of these transactions creates any additional exposure to fraud.
In theory, it’s possible for “sniffer” devices to eavesdrop on wireless communications, but NFC requires the communicating devices to be in extremely close proximity—in many cases, it will be impossible for a fraudster to install or conceal a sniffer close enough to the merchant’s terminal.
All NFC transactions are required to be user-initiated, and the customer may be required to enter some additional information into their device to confirm their identity, especially if the purchase exceeds a certain dollar amount set by the provider. This prevents fraudsters from passively triggering transactions on other people’s devices.
Many contactless payment systems also include additional proprietary security measures. Apple Pay, for example, requires users to verify their identity with their thumbprint before making a payment. Because such devices are so secure against true fraud, you’re also less likely to see “friendly fraud” chargebacks follow such transactions.
Any merchant who was wavering about making the leap to contactless payments because of fears that they would be opening the door to new forms of fraud and contactless chargebacks should feel reassured that NFC terminals aren’t any riskier than other payment readers, and in some cases they may in fact offer even greater protections.
While contactless payments were on a slow burn towards widespread acceptance in the US prior to COVID-19, the pandemic has created much greater awareness and interest in contactless payment methods. In fact, NFC terminals can provide a genuine public health benefit in locations that are required to accept a high number of payments from multiple customers.
Where contactless payment systems are backed by card brands, the chargeback rules mandated by those brands apply. Proprietary systems may be subject to their own dispute rules, and merchants should always research those before signing up with them. Visa, MasterCard, and American Express branded NFC cards, however, can be safely expected without having to learn any new chargeback rules and regulations.
We may be headed for a future where contactless payments are more common than cash or cards, and merchants in markets where consumers value quick and convenient transactions would be well advised to look into upgrading to NFC terminals sooner rather than later.