Skip to main content

Why EMV Contactless Card Payments are Secure

October 18, 2018 - Resources

There have been many articles written, and much debate, about the security of EMV contactless card payments, and here at UMassFive we're looking to set the record straight.

For starters, let's breakdown what an EMV card is.

EMV stands for Europay, Mastercard, and Visa®, and indicates that a computer chip embedded is embedded into the debit or credit card. The chip in an EMV card creates a unique code for each transaction that can't be used again. So even if a hacker were to steal the EMV chip information from a transaction, it would be useless as the transaction code is only valid for a single use. Older cards that don't have EMV chips use a magnetic strip on the back to permanently store financial information- a much more accessible target for potential data thieves.

Now, let's move on to contactless cards. Contactless cards reference mobile payment and digital services, like UMassFive's Mobile Wallet, which allow the ability to load your debit and/or credit card onto your mobile compatible device to use for payment instead of using your physical card. To make a contactless payment, a person simply needs to tap their mobile compatible device near a point-of-sale (POS) terminal. The transaction is able to occur using radio-frequency identification (RFID) and near field communication (NFC).

With these definitions in mind, below you will find popular EMV contactless card payment myths, and explanations about why these myths have been proven to be false.

Myth #1. My data can be stolen from EMV contactless cards with long-range RFID/NFC readers

Thieves are NOT able to take your data by using an RFID/NFC reader. The reality is that RFID/NFC works within an extremely short range, only up to 4cm.

Myth #2. EMV contactless card skimming could occur with close-range readers

A stranger grabbing your card information through your bag in a public space is impossible. The only thing that can communicate with your EMV contactless card is a POS terminal. POS terminals are only provided by a credit union and/or bank, so it’s highly unlikely a fraudster would gain access to one of these terminals.

Myth #3. A stolen EMV contactless card leads to larger losses

If anything, a stolen card would lead to smaller losses that UMassFive will cover when you report the card lost or stolen. This is because a PIN is required for larger purchases, and not for a smaller purchase.

For more information on EMV contactless payment myths, click here to view Gemalto’s article and their blog post.

For more details on UMassFive security, click here.