Principal Architect, Ezetap Mobile Solutions Pvt. Ltd.
Visa crossed a major milestone in India with over one million Visa payWave contactless cards issued in the market. Paying through a contactless card is easy, convenient, and fast (transaction gets completed in the fraction of a second). Since second factor authentications such as PIN or signature are not required up to floor limit, contactless payments have become very convenient for small purchases – just tap and go! Currently, the RBI has set Rs. 2000/- as the floor limit. Payments can be made through different instruments such as contactless cards, smartphones, wearable devices, and stickers. These instruments will change the way Indians pay at mass transits, tolls, parking, etc. With all these advantages, even though contactless payment has emerged as a popular method of payment, the migration is very slow in India…why?
Is security the concern?
Near Field Communication (NFC) is a magnetic field technology and medium through which the contactless card and reader can communicate. EMVCo facilitates with protocols, standards and type approvals to achieve worldwide interoperability and secure payment transactions. Many users think that a fraudster can steal their details from the contactless card through hidden readers. The fraudster’s gadget needs to be extremely close (<4cm) to a user’s card for them to be able to read it, and even then, all they would ever get is the card number and expiry date. That’s the same information you can see by simply looking at the front of any card, relatively from a farther distance. The NFC functions on your phone go into active mode only when you want them to. For instance, the chip will get activated only when you checkout at a retail store with contactless POS. The chip won’t even work if your phone is in standby as it needs to be invoked by you. Even if there are powerful readers placed at public places, it is not easy for those readers to copy the card information. EMV contactless cards work on a concept called load modulation. The modulation is so small that the heavy reader cannot be sensitive enough to construct the information correctly. Moreover, since NFC signals are very sensitive, they don’t respond unless all the planets get aligned, which happens only at a qualified reader PCD (Proximity Coupling Device). All that being said, to exercise a successful transaction, just getting the card number and expiry date is not enough. The personalization of cards by loading unique data into each EMV card is something which only the card issuer’s secure system can understand and authenticate.
Can a fraudster exercise Card Not Present (CNP) transaction at websites?
By default, an EMV contactless card doesn’t transmit all the information needed to construct the required card data to exercise a CNP transaction. A merchant’s website offering CNP service also asks for second factor authentication like VbV (Verified by Visa), CVV2 (Card Verification Value 2), AVS (Address Verification Service) or OTP. On top of this second factor authentication, credit card processing network operators also provide a set of risk management best practices to their merchants, which makes fraud transaction traceability easy. Unlike a case if you lose cash, if you are a victim of card fraud, you will get the money back from your bank.
I don’t see any reason to worry about security. Relax, go ahead, tap and sip your cashless coffee!
Coming back to the question, then why is migration slow in India?
Few major banks in India have issued contactless cards with dual interface (chip and contactless). For now, the customers of only those banks can get the advantage of contactless payment. But the acceptance infrastructure out in the market is not available and is in shortage. This is the main constraint why contactless card is not taking off as rapidly as anticipated. Ezetap is a leading company that provides all payment acceptance solutions. Reach out to Ezetap to learn more.