Contactless payment first arrived in the 1990s and is now having its moment. Both companies and consumers are looking for ways to conduct business with as little physical interaction as possible during in-person transactions.

We’ve been building to this moment, if you think about it. Organizations have been steadily increasing reliance on digital options and implementing new regulations for all sorts of interactions. For example, event management asks patrons not to bring bags or purses and to empty their pockets at metal detectors in order to streamline traffic flow at gates and ticket booths.

Consumers are minimizing what they carry, which means less cash on hand. The more they can conduct business with their phone, the better, for convenience and efficiency. But given this shift to using our phones for payment, are organizations doing enough to ensure mobile security?

The Rising Popularity of Contactless Payment

Consumers are driving the push toward contactless payment, with credit card companies revealing double-digit increases in its use during the first quarter of 2020. Consumers, Mastercard CEO Ajay Banga told Forbes, are “looking for a quick way to get in and out of stores without exchanging cash, touching terminals or anything else.”

Non-contact forms of payment have been put to use mostly by corporations. The move to digital payments has been slow for small and mid-size businesses (SMBs), which often lag behind enterprises when it comes to digital transformation and cybersecurity enhancements. Expect this to change as more customers feel that using their phone and contactless mobile payments is the safest way to exchange money.

Further, don’t expect that credit card companies are the only players in this contactless exchange. Apps like Venmo, Zelle and PayPal, as well as company-owned payment options, are more frequently preferred by consumers. Even the U.S. government allowed citizens to receive their relief checks through direct deposit via an app.

With Convenience Comes Risk

Contactless payment is convenient, but like any technology, it comes with both mobile security and data privacy risks. Because you don’t need a PIN, a lost credit card or stolen device potentially gives a criminal easy access to your account. A phone without the proper security features in place makes it easy for anyone to ring up purchases without detection. Because many of these transactions happen without a receipt, it is difficult for the owner to prove the charges were fraudulent.

Contactless credit cards use radio frequency identification (RFID) to transmit the data, and hackers have been successful in making fake scanners or using card skimmers designed to steal data transmitted via RFID. If a hacker gets the information from the card or wallet, they can create cloned cards. Mobile wallets, on the other hand, rely on near-field communication (NFC) that transmits data within a very close range. It remains one of the most secure ways to conduct financial transactions.

Since contactless payments can decrease fraud through more secure methods of transmission and mobile device locks, the bigger threat could be data privacy. Contactless systems collect immense amounts of data from users and can use that information to track them. And of course, any time you download an app to your smartphone, there is a risk of malware or man-in-the-middle (MitM) attacks that can access information stored on the device — bank account numbers, personal information or confidential work files to name a few types — as well as social engineering and phishing scams designed to steal sensitive data.

Adding Mobile Security to Decrease Risk

While consumers need to be aware of the risks involved with contactless mobile payments, organizations also need to mitigate potential risks on their side, especially if mobile devices within the corporation are used for both personal and business use. And even though NFC is as secure as using your credit card in a trusted environment, there are ways to add levels of security for customer transactions. They include:

  • Adding multifactor authentication (MFA) to the transaction. Yes, mobile payments are supposed to be quick and easy for everyone, but staying secure takes an extra couple seconds by requiring a password, a digital signature or some form of physical or biometric identification.
  • Making sure all transactions are encrypted.
  • Using device-centric cryptography, which verifies the information is coming from a singular device and can’t be shared with another. This way, hackers can’t steal the information and use it on their phones, cutting down on fraud.
  • Ensuring your company continues to follow all Payment Card Industry (PCI) Security Standards Council guidelines for credit card transactions and all data privacy regulations for using and storing any information gathered.

Contactless payments are one of the safest and most secure methods of financial transactions, and as more businesses add the technology and more consumers want to reduce physical contact as much as possible, the use of mobile wallets will only increase in the coming months. Tackling the security concerns around mobile usage now can save you from potential cybersecurity incidents in the future.

More from Banking & Finance

How the ZeuS Trojan Info Stealer Changed Cybersecurity

4 min read - Information stealer malware is a type of malicious software designed to collect sensitive information from a victim’s computer. Also known as info stealers, data stealers or data-stealing malware, this software is true to its name: after infecting a computer or device, it’s highly adept at exfiltrating login credentials, financial information and personal data. Info stealers typically operate by monitoring keyboard input, capturing screenshots and intercepting network traffic. They may also search a hard drive for specific types of data. The…

4 min read

2022 Industry Threat Recap: Finance and Insurance

5 min read - The finance and insurance sector proved a top target for cybersecurity threats in 2022. The IBM Security X-Force Threat Intelligence Index 2023 found this sector ranked as the second most attacked, with 18.9% of X-Force incident response cases. If, as Shakespeare tells us, past is prologue, this sector will likely remain a target in 2023. Finance and insurance ranked as the most attacked sector from 2016 to 2020, with the manufacturing sector the most attacked in 2021 and 2022. What…

5 min read

How to Spot a Nefarious Cryptocurrency Platform

4 min read - Do you ever wonder if your cryptocurrency platform cashes in ransomware payments? Maybe not, but it might be worth investigating. Bitcoin-associated ransomware continues to plague companies, government agencies and individuals with no signs of letting up. And if your platform gets sanctioned, you may instantly lose access to all your funds. What exchanges or platforms do criminals use to cash out or launder ransomware payments? And what implications does this have for people who use exchanges legitimately? Blacklisted Exchanges and Mixers…

4 min read

Kronos Malware Reemerges with Increased Functionality

6 min read - The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

6 min read