Contactless Payment Card Security – An FAQ

Last modified: 28 November 2014

You may have noticed a new kind of payment card while waiting in line at a store, or you may already have a contactless payment card – now offered by Visa payWave™, MasterCard PayPass™ and Interac Flash™. These cards allow you to quickly pay for small purchases by waving your card in front of a contactless terminal. This article will answer some of the frequently asked questions (FAQ) about the security of contactless payment cards and provide tips on how to protect yourself from debit and credit card fraud.

How are contactless cards different from regular debit and credit cards?

With contactless cards, a small radio frequency antenna and microchip inside the card allow a transaction to be processed without having to enter a personal identification number (PIN) or sign a receipt. You pay for small purchases by waving your card in front of a merchant’s contactless terminal.

Should I be concerned about security of contactless payment cards?

No. Contactless card transactions are processed through the same secure networks used for all other Visa, MasterCard and Interac transactions. Your card never leaves your hand and each transaction has a unique, encrypted code that changes every time the card is used.

There have been news reports recently about electronic pick-pocketing, where a criminal with a card reader or smartphone can read the information on contactless cards and commit fraud. It’s important to know that contactless cards are embedded with multiple layers of security to protect you, so the chances of you becoming the victim of this type of fraud are extremely unlikely. These security features include:

  • Short range – Contactless cards can only work within short range of a retail terminal, which  makes it difficult for criminals to gain access to card information from a distance.  Even if they could, the stolen card data cannot be used to create a counterfeit card capable of being used for fraud. 
  • Encryption – Contactless cards do not use the same RFID technology typically used for inventory management that just transmit information, but instead use the much more secure international EMV chip standards and advanced cryptography.  During a transaction, the card and the terminal communicate with each other, doing security checks and transmitting a unique encryption code, which expires after the transaction is finished. If someone was able to get close enough to steal data from your card, they would not be able to use the encryption code because it would have expired.
  • Limited information – The information transmitted during a contactless transaction is very limited and includes things like language preference, card number and other coding.  The customer’s name,  bank account number and the three-digit security code on the back of your credit card are not transmitted during a contactless transaction. 
  • Low transaction limits – Contactless cards generally have low transaction limits – typically between $50 and $100  – and any larger purchase will require you to enter your PIN. If your card is lost, this will prevent large purchases from being made.
  • Zero liability – Visa, MasterCard and Interac all have zero liability policies for credit and debit card holders.  In cases of fraud, you won’t be held responsible and will get your money back.

What are my responsibilities?

While contactless payment cards are very safe and there are multiple levels of protection in place to prevent fraud, there are steps you can take to further protect yourself. Here are a few tips to help prevent credit and debit card fraud:

  • Report a lost or stolen card as soon as you notice it’s gone. Your card issuer will cancel your card and issue you a new one.
  • Choose a PIN that could not be easily detected if your card is lost or stolen - don't use your birth date or address
  • Make it a habit to regularly check your transactions online or on your monthly statement. If there are any charges that you didn’t make, report them to your card issuer right away.
  • Never give out your card number over the phone or Internet unless you know you are dealing with a reputable company.
  • Protect your Personal PIN: don't share it with anyone or write it down, memorize it.
  • Sometimes scammers will try to trick people into revealing information about their credit cards either over the phone or through e-mail. It’s important to know that your credit card company or bank would never call to ask for personal information like your credit card number, expiry number, PIN, or the security number on the back of your card.
  • Protect your credit card like you protect your cash. Never leave them unattended in your car or at work.
  • When travelling, carry your cards with you or make sure they are in a secure location such as a hotel safe.
  • Make a list of all your cards and their numbers and keep this is a secure place. This key information is helpful when reporting lost or stolen cards.

What if I think I am a victim of fraud?

If you have transactions on your credit or debit card that you didn’t make or if you think that you may have revealed your credit card number when you shouldn’t have, contact your bank or credit card issuer right away using the phone number on the back of your card. The card issuer will take the appropriate steps to protect you from fraud.

For more information about contactless payment cards check out the Visa, MasterCard and Interac websites:

Related content