Contactless payments are gaining popularity as consumers continue to seek convenient and secure payment methods. The technology behind contactless payments is near-field communication, a two-way encrypted way of transmitting payment information at the point of sale. This post explains how NFC contactless payments work and how retailers can ensure POS systems that process NFC transactions are secure from threats and compromises.
- Near-field communication technology allows two devices in close proximity to each other—the card reader/POS and the NFC-enabled card or mobile device—to transmit payment information and process transactions.
- To minimize security risks, you must choose a PCI-compliant payment processing system and keep your NFC payment infrastructure up-to-date.
- All payment devices should be equipped with user authentication and access control to ensure sensitive information doesn’t fall into the wrong hands.
How do NFC Payments Work?
Near-field communication technology allows two devices in close proximity to each other—the card reader/POS and the NFC-enabled card or mobile device—to transmit payment information and process transactions.
There are two ways that NFC payments work: with mobile wallet apps, and with NFC-enabled contactless cards. With mobile wallets, such as Apple Pay, Google Pay and Samsung Pay, the user connects their card to the mobile wallet and uses their device at the payment terminal instead of their credit or debit card. NFC technology is also available with tap-to-pay card payments that work with the same technology as a mobile wallet at a payment terminal.
What is the difference between EMV credit card payments and NFC card/mobile payments?
The EMV chip was introduced to credit and debit cards as a measure to improve payment security over the magnetic stripe, which was a frequent target of fraudsters. EMV chip card payments require the customer to insert their chipped card into the payment terminal for authentication during the transaction. EMV card readers only process payment information while the card is inserted. Nowadays, very few payment systems operate without the secure element of an EMV chip reader.
NFC technology is faster and simply requires customers to tap their NFC-enabled card or mobile wallet to the payment terminal, taking a fraction of the time for the payment processing to complete. The difference between the two is frequently explained as “tapping” for contactless cards and “dipping” for EMV chip payments.
NFC security: How Secure are NFC Payments?
NFC payments are even more secure than traditional EMV card transactions. And consumer awareness of the security of NFC payments is growing—in fact, a recent Harris Poll reported that 42% of consumers view tap-to-pay as the safest payment method.
One key reason is during the NFC debit or credit card processing period, the customer must be within inches of the payment terminal, and the actual transaction takes seconds to process. This means there is very little time or opportunity for interception.
Further, PCI-compliant and up-to-date software in NFC terminals transmit payment information that is two-way encrypted. Meaning that even if fraudsters attempt to intercept the information, the card information would be shielded.
There are a couple of additional security measures specific to mobile wallets, the first is card number tokenization. This means the credit card number in a mobile wallet is different than the physical card, making mobile wallet NFC payments even more secure for the customer.
Additionally, with mobile wallet payments, the customer must initiate the transaction on their payment device and provide multi-factor authentication, either with biometrics or a passcode. Because of these additional measures, a mobile wallet used for a tap-to-pay transaction is very secure; the main threats to this transaction type are compromises to the mobile device itself.
Security Threats to NFC Payments
The biggest threat to NFC payments is vulnerable hardware and software that fraudsters could target. Business owners should ensure the hardware and software used for payment processing are updated regularly and PCI compliant. Another related NFC security threat is an unsecured wireless network that can be accessed and used to collect payment and other sensitive information.
5 Tips to Prevent Security Risks when Accepting NFC Payments
There are several ways to prevent your payment systems from being compromised. Below are five tips to prevent security risks to your payment processing system.
Choose a PCI-compliant payment processing system that provides ongoing support
Though the payment information is encrypted, NFC transactions transmit sensitive information that must be safeguarded. Choosing a payment processor that maintains PCI compliance for hardware and software is the foundation of thwarting fraudsters. Additionally, since hardware and software sometimes need maintenance and support, it must happen quickly to avoid downtime.
Stax offers the payment solutions your business needs, including PCI-compliant hardware and software and payment terminals enabled with NFC technology. Our solutions are scalable as your business grows and integrates between in-store and eCommerce transactions.
Should you need assistance at any time, we’re available 24/7 for customer support—and with a 95% customer satisfaction score, you can feel confident you will always have the support your business needs.
Keep your NFC payment infrastructure up-to-date
As mentioned earlier, out-of-date hardware and software and unsecured wireless networks are the biggest threats to payment security. Keeping your NFC payment infrastructure current means the payment terminals and software are updated and PCI compliant.
With Stax, you can rest assured that we will keep your technology compliant with the Payment Card Industry Data Security Standards (PCI DSS), an essential standard for preventing breaches and protecting sensitive information.
Enable authentication and access control with NFC payment gateways
Payment terminals, especially mobile POS systems, are a weak point if not protected. All payment devices should be equipped with user authentication and access control to ensure sensitive information doesn’t fall into the wrong hands. This includes the devices’ physical security, training employees to keep mobile POS systems secure, and enabling access controls to all payment terminals.
Make sure your NFC payments are encrypted
The transmission of payment information during an NFC transaction must be encrypted to most securely protect that data. Business owners should only choose a PCI DSS compliant payment processor that encrypts transaction information.
Develop a plan of action for a potential breach
It’s widely said that those who fail to plan, plan to fail. Though there are a number of best practices to protect your business, breaches still happen, and customer data can be compromised. When a breach happens, how a business responds can immediately affect revenue and customer trust. In such an event, it’s important to have a plan in place to mitigate any damage and communicate with affected people.
Developing a plan before something happens helps businesses respond faster, resulting in less downtime and financial loss. Communication and mitigation plans that are well developed also help to show customers that you value their trust and act in their best interest.
There are many benefits to adopting NFC payments in your business. As NFC technology continues to gain traction in the marketplace, business owners should consider expanding their payment offerings to keep up with demand—and experience the benefits of accepting more payment types. Our integrated payment system has solutions for every business and integrations with the most popular software applications.
Are you ready to learn how Stax can help your business implement NFC payments and more? Get in touch!