Secure credit cards with NFC Contactless payment: 4 myths

Contactless payment is trending. UBS expert Marcel Drescher shows us that credit cards are just as secure with NFC.

by UBS Insights 23 Oct 2018

Illustration: Till Lauer

Myth 1

Accidental payments

Accidentally paying another customer’s bill or making several consecutive payments – supposedly possible according to this myth. “No, only one payment can be made at the same time. The system on the payment terminal automatically closes a transaction as soon as it has been paid.” And to make a payment for another customer, the transaction would have to be opened on the terminal first. “My tip: Always check the purchase amount on the card terminal display first before making the payment. I also recommend checking your monthly statements and immediately reporting any discrepancies in writing to the bank.”

Myth 2

Debits by passers-by

Fraudsters could pass by a card and debit money using near-field communication (NFC). This is a misconception: “You cannot simply execute a booking – you need a payment system that is registered with the credit card firms.” In addition, transactions are only possible from the immediate vicinity. Passers-by are usually too far away and do not have enough time. Furthermore, additional cards and coins in the person’s wallet make access difficult, even from very close by.

Myth 3

Stolen-card fraud

Stolen-card fraud

According to this myth, a stolen card could be used to make an endless number of NFC payments without anyone noticing. “No, not an endless number.” Various mechanisms are in place to protect card holders from such scenarios. One such mechanism requires entry of the PIN, for instance when the maximum number of NFC transactions defined by the card issuer is reached. For security reasons, an online authorization may be carried out in the background without the client noticing, even for amounts of less than 40 francs. What is more, card holders should block lost or stolen cards straightaway rather than waiting in the hope that they will turn up. They can be blocked immediately in UBS e-banking, UBS Mobile Banking or by telephone.

Myth 4

Data harvesting by app

Some people fear that criminals could harvest data from their card using special apps. To do so, they would simply have to be standing close enough to their victim – and away they go! “Yes, it is possible in principle to read the expiration date and card number. This information alone is not enough to commit fraud, however.” Here, too, coins and other cards make it difficult to connect the card to a smartphone. Furthermore, the name, CVV code and past transactions cannot be harvested from UBS cards.

Per App Daten auslesen

Anti-fraud expert

Marcel Drescher heads Fraud Services in the UBS Card Center and is an expert in attempted card misuse. He is also the specialist in the topic of secure credit cards, as the UBS Card Center processes 25 percent of all credit card transactions in Switzerland.