How Secure Are Device Payments?

In this week’s blog, we discuss the importance of knowing that whatever payment device you choose to pay for your goods and services that the risks are minimal.

Paying for your goods and services via a contactless device is gaining popularity rather than paying by card. Nut with any modern technology, there comes a degree of risk and uncertainty. That is why measures are always being reviewed and improved by the different service providers to ensure your data and your money is kept as safe as possible.

Apple Pay

A popular payment device choice is Apple Pay, which since its launch in late 2014, has swiftly become one of the major options for mobile payments. For use with existing Apple devices such as iPads and Watches, the fact that it can work in conjunction with technology that the public has already adapted to has given it a solid foundation for growth.

Using Near Field Communication (NFC) in conjunction with a Contactless Card Machine, it operates in much the same way as a contactless card. As customers must ‘add’ their cards to the device, security concerns have been raised around the ease of which this is done. Apple has reassured its users that they do not have access to card numbers and that they can’t decrypt the Device Account Number, or store it, creating solid security measures on their part.

A lost device is made easy to cancel by Apple too, via a simple online process, in which you can quickly cancel Apple Pay and remove any card details from your registered product. Questions have been asked however oh how efficient banking institutions are at monitoring cards that have been added, and incidents have seen stolen cards added using simply the card number and CVV code.

Whilst this is a concern, it is worth noting that Apple Pay also features Touch ID, taking a biometric fingerprint reading in order to authenticate larger payments. As well as this, any contactless machine used to accept payment, which has been made with Apple Pay in mind, prevents any card details being provided to the seller, essentially closing down another potential avenue in which fraud could arise.

Secure Payment Device
Secure Payment Device

Android Pay

The other popular payment device Android Pay allows the user to make contactless payments using their Android phone, via NFC technology. Any location accepting contactless payments will accept the payment method, with most banks allowing their customers to do so. Like contactless card payments, there is no level of authentication needed for purchases up to a maximum of £30, with purchases over that requiring input of a PIN, pattern or fingerprint recognition.

As Android Pay utilizes Visa’s tokenization, security remains tight. The system operates by linking the card with a token, in place of card details being transferred. As well as the obvious advantage of retailers not receiving these, a further security measure is provided in the form of protection for lost or stolen phones. It would be impossible to use the handset to access bank details, and the token connected to the account can simply be canceled, rather than the card itself. As the card can effectively be left at home when out shopping, some view Android Pay as a way to ensure they are never left without access to money.

Contactless card payments

Of course, alongside these methods of payments, there is also the option of simply using a contactless card.  When it comes to security, it is important to remember that many measures are contained to prevent fraudulent activity. Sporadic and random PIN identification occurs, and a maximum £30 transaction is applied, with unusual behaviours, such as many small transactions in a brief period, being flagged as suspicious activity.

Full protection against fraud is also contained, meaning that money will be returned to you should your card be used for the unauthorized activity. It is also worth remembering that, despite a concern that contactless cards could be used to take money from an account whilst the card is still in the owner’s possession, there have actually been no reported instances of this occurring. This is due largely to the fact that the person attempting to do so would need to be in possession of a merchant account; one which is subject to stringent rules and monitoring, making unauthorized activity incredibly unlikely.