The rise in contactless spend limit will come as good news for consumers, extending the size of shopping basket for which they can enjoy the seamless ‘tap and go’ experience. Contactless security has been on the receiving end of some negative – and misleading – headlines of late. It’s important to note that the reported weakness is nothing to do with the card. The same information would be exposed if you left your payment card face up on a table – your primary account number and expiry date. In a Card Not Present scenario, such as online, it is the responsibility of the retailer to cross reference this information with the cardholder name, address or security code.
Contactless cards use the same technology as Chip and PIN – secure generation and loading of cryptographic keys, with Hardware Security Modules to provide the root of trust. It is testament to the strength of the underlying security infrastructure that the issuing banks are confident to accept the higher risk associated with higher value transactions, without the need for a PIN. This increase in contactless volume can easily be supported by the established four-party network (cardholder, merchant, issuer, acquirer), by simply adding more capacity, without having to re-design the architecture.
About Thales e-Security
Thales e-Security is a leading global provider of data protection solutions with more than 40 years experience securing the world’s most sensitive information. Our customers—businesses, governments, and technology vendors with a broad range of challenges—use Thales products and services to improve the security of applications that rely on encryption and digital signatures. By protecting the confidentiality, integrity, and availability of sensitive information that flows through today’s traditional, virtualized, and cloud-based infrastructures, Thales is helping organizations reduce risk, demonstrate compliance, enhance agility, and pursue strategic goals with greater confidence.