What is contactless payment cards?
Contactless payment is a Low Value Payments.
Use of contactless cards to enable low value payments (cash substitution).
Contactless Payments are NOT just a technology fad.
Contactless payments are not like Mondex / Visa Cash the previous attempts to wage a war on cash.
Consumers like it
Delivers REAL benefits for merchants
- Something new
- No need for change
- Inevitability about contactless a natural extension of chip and PIN
This is not another chip & PIN
- Speed of transaction
- Increase in transaction size
- Easy to use
For high value payments ( > $30/ €25/ £20 )
- Incremental to EMV, not a paradigm shift
- Merchants opt in
For low value payments ( < $30/ €25/ £20 )
- No change to current Chip & PIN experience.
- MasterCard / Visa / American Express contactless interface - simply 'Tap & Go'
- Transaction risk managed by functionality on the EMV chip
- Cardholder forced online to enter PIN, once offline limit is used up
- Parameters set and updated by card issuer.
Contactless Payments History
Traditionally, to conduct a payment transaction at a POS (Point Of Sale) terminal,
actual physical contact was required between the card and the terminal.
The consumer was required to swipe their card... typically for a magnetic stripe card
or insert their card into a reader for contact chip cards.
The advent of RFID (Radio Frequency Identifier transponders) technology enables terminals and
cards to exchange data without physical contact.
The card (whether chip-enabled or not) can be tapped or waved by the consumer within radio frequency distance of the terminal.
This is referred to as "contactless" card support.
Contactless Payment Cards CPCs are debit, credit and
charge cards including...
- Mobile phone,
- contactless card,
- No CVM (Cardholder Verification Method),
- Easy payment,
- Tap and pay
- Pay tags (Paytag smart sticker) and
- Near field communication (NFC) technology... NFC contactless stickers.
With contactless payments using a mobile phone or a contactless card its possible to do point-of-sale POS transactions
without the need to verify the cardholder...
The so called "no-CVM" transactions, if the transaction is a "low value" transaction.
In case of a "high value" transaction cardholder verification is always required.
The amount which determines whether a transaction is a "low value" or a "high value" transaction:
- Is determined by the card scheme - MasterCard in case of Maestro PayPass, VISA or Card Issuer.
- Can vary per country or region. For example, in the country such as Holland/Netherlands it is set to €25
- Is configured in and checked by the POS terminal. Therefore, the terminal will ask for a PIN if the transaction amount equal to
€25 or higher.
Advantages and Disadvantages
of Contactless Cards
Advantages of contactless cards
- A brilliant idea if it is widespread.
- Easy, quick to use.
- Much easier and quicker than chip and PIN.
- Less hassle than cash.
- Welcomed the addition to their payment repertoire.
- Perfect for things like parking machines and newspaper.
- Easier than withdrawing cash from the ATM.
- Easier to carry around, no coins.
- Less need to go to bank.
- Some have changed their pattern of cash usage.
- Greater accuracy at till.
- Lower bank charges.
- More customers/customers spend more.
- Carry less cash.
- easier to handle than cash.
- Makes it easier to do retailing.
- Reduced cash float need and shortened end of day processes.
- Speed of transaction / moving customers through.
contactless smart cards
How do contactless payment cards work?
A good question to ask...how do contactless payment cards work?
UK banks and International banks such as NatWest/ Lloyds/ HSBC/
Australia/ Barclays/ Halifax/ Santander/ JCB/ Vodafone/ Oyster/ Japan/ Ireland/
Citi/ RBS/ TFL do advertise about its products - contactless payment cards.
With contactless payments "no-CVM" transactions can be done in any merchant environment...
Maestro PayPass/ Visa PayWave/ blink/ American Express ExpressPay
is accepted, whereas with contact payments "no-CVM" transactions are only allowed in specific merchant environments
(For example, parking garages, tollways, transit vending machines).
For example, in some countries, for example, MasterCard or Visa may grant a waiver that support for "no-CVM" transactions at
transit vending machines is not required.
CVM stands for Cardholder Verification Method, therefore, method to verify (authenticate) the cardholder
(For example, "Online PIN", "Offline PIN", "Signature", no CVM required).
The contactless application (PayPass) on the debit or credit card only supports Online PIN and no CVM required
as allowed CVM. So no CVM in this context means "no PIN".
The CVMs that EMV supports are:
Contactless Payments are about targeting cash payments and these are focussed in a number of key sectors.
- Online PIN (personal identification number) for credit or debit transactions, in which the PIN is electronically sent
to and validated by the card issuer.
The potential PIN requirement for credit transactions where a PIN pad is present is new with EMV, and will inevitably
require some degree of explanation to the consumer at the POS.
- Offline PIN, whereby instead of sending the PIN to the issuer, the PIN entered by the consumer is matched to that
on an application housed on the EMV chip card.
This functionality is exclusive to EMV card transactions. The authorization request may still be sent to the issuer.
- Signature, just as it is used today for magnetic-stripe card transactions.
- No CVM in low-dollar$/ euro€/ pound£ transactions, at merchants in low-risk
categories, such as fast food, convenience and grocery stores.
In this situation, an issuer-set transaction threshold allows the consummation of a sale without cardholder verification.
As both card-based contact and contactless payment usage grows for low-dollar$/ euro€/ pound£ transactions,
the frequency of no-CVM (i.e., no receipt-based signature required), transactions will increase as well.
Sectors such as...
- Quick Serve Food,
- Snacks & Sandwiches,
- Leisure & Entertainment/Hobby/Sport,
- Newsagents/Off Licence/Post Office,
- Take Away/Fast Food/Deli,
- Dry Cleaners/Shoe Repair/Keys,
- Convenience/Grocery/Supermarket etc...
Using contactless payment cards
Yes! You can use contactless payment cards on buses or trains. As you know, contactless payment cards (CPCs) are debit,
credit and charge cards that use radio frequency technology for quick and easy payments.
on buses or trains
They are increasingly being issued by banks and credit and charge card companies.
Customers who have CPCs can now use them to pay for single journeys on buses in London, United Kingdom (UK) or using OV-Chipkaart
on metro trains (metro travel) in Amsterdam, Holland/Netherlands.
If you have a debit, credit or charge card that has been issued in the UK and displays the contactless payment symbol
(pictured on the left), you should be able to use it on buses or underground tube (metro trains travel) to pay for single journeys.
When you touch your CPC on the yellow card reader, you are giving authorisation for
the cost of a single bus journey to be deducted from your card account.
You can visit London to see how they run Time zones and Transport and the Train Line, but don't drive as there is
congestion charging by the Greater London Authority in association with London Transport.
Check the Street map or Multimap or even the National Rail Enquiries for convenience alternative routes,
or perhaps you may take the National Express coach.
Opportunities and Benefits
For anyone who has recently travelled on the London Underground or bus network the idea of a contactless payment system
won't come as a complete surprise.
to both Consumers and Retailers
The Osyter card, run by the Transport for London (TfL), has been hailed as a success from both the transport
industry and, more importanly, from the Users themselves.
The payment card allows users to store transport ticket value on the contactless card, with each journey cost subtracted from the card,
simply by placing the card near a reader.
But given that this is a closed system only currently working on the Underground and London bus network, how would the concept of
contactless payments transfet into a retail environment?
In London UK, as a financial capital of the world, payment system uses contactless technology as a way of paying for
goods in retail outlets.
The basic concept of how contactless payments work is that the system has been devised to take the place of low-value cash transactions.
It is not another another payment method looking to replace existing credit or debit card payments.
Imagine and consider your average working day and it's not too difficult to understand what the contactless payment system is designed for.
May be you drive or take bus or catch the train to work, either way contactless payment is designed to help you in any number of situations.
For example, you arrive at the car park, but don't have any change for the ticket machine, contactless payment will be a quick and efficient
way to pay for your car parking without the need forlooking for coins.
The main issue for transit payment systems is speed. Transactions must be fast enough to maintain a very high
throughput of passengers (35 per gate per minute in the case of TfL.
This means that total transaction time needs to be below 500 milisecond. Consequently online processing is unlikely
to be feasible and transactions will normally be performed offline, with later online authorisation if necessary.
What is a Smart Card?
Fraud was on the increase. By the beginning of 21st century, plastic card fraud was increasing year-on-year and was
one of the fastest-growing crimes in the UK.
The Chip and PIN programme was one of the most complex ever to be undertaken in the UK.
It required a high dregree of trust and interdependence between organisations and sectors.
A radical, coordinated cross-industry approach was going to be needed to tackle the problem.
A number of countries, including the UK, were introducing smart chips on cards to meet new global specifications known as
EMV (Europay/MasterCard and Visa).
Smart chips store data more safely than magnetic strips and are difficult to counterfeit; in time they will allow cards to be accepted
all over the world using standardised security checks.
In addition, it was known that a PIN-based system would go a long way to reducing two of the largest categories of fraud:
- Counterfeit cards and;
- Lost and stolen cards.
A domestic PIN-based system in France had seen an 80% reduction in fraud since its introduction in 1992.
Whereas the French initiative had been driven through by government, the UK's introduction of Chip and PIN was led by the retail
and banking industires. Yet at that time, relations between the industries were at all time low.
Something had to change. Retailers were insisting on greater transparency and fairness in the interchange mechanism for charging them,
and these issues had recently caught the attention of the Office of Fair Trading and the European Commission,
both of which had launched investigations.
Smart card or ICC (Integrated Circuit Card) is the general term for a credit or debit plastic card
that contains an integrated circuit chip.
Chip carries instructions that provide security and application support. There are wide varieties of Chip memory sizes with
There multi-applications with payment and non-payment applications.
ICC has the following security features...
- Chip is hard to copy
- Intelligence to make authorization decisions
- Parameters can be updated after issue
- New applications can be downloaded after issue
Magnetic Stripe Card
Magnetic stripe card are cheap and reliable. It works globally through use of ISO standards.
Easy for fraudsters to copy and is a read only mechanism and limited data capacity.
What is EMV?
EMV is a set of chip card, terminal and application specifications developed and promoted by
Europay, MasterCard and Visa.
The EMV Specifications consists of...
It's a global interoperability which uses original Specs EMV "96 version 3.1.1 and is currently
EMV 2004 version 4.2.
- Book 1 Application ICC to Terminal Interface Specification.
- Book 2 Security and Key Management.
- Book 3 Application Specification.
- Book 4 Cardholder, Attendant and Acquirer Interface Requirements.
An EMV application is not an implementation specification. But a Card Scheme implementation specs of:
The Chip applications comply with implementation specs and have multiple applications possible on same card.
- VIS (VSDC)
- Domestic implementation specs, e.g. UKIS, ABI, DPAS, etc.
The following emv security is used:
- Delivery of encrypted data
- On-line Card and Issuer Authentication
- Secure CAM Card Authentication Method
- Secure CVM Cardholder Verification
- Secure script delivery
Purpose of EMV Security
- A specification that allows growth and development in the future, e.g. to support new business functions.
- Cards and systems that are inter-operable across the world
- Enhanced transaction processing security and fraud protection
- Greater functionality within the card
Difference between EMV and
Magnetic Stripe Cards
- Applications reside on the cards not terminal
- Change issued cards using scripts
- EMV cards carry a lot more data, including limits/usages for Risk Management
- EMV cards have a processor which adds another layer of security => prevents counterfeiting
- EMV also allows better CVMs because of the data held on the card => offline PIN
- EMV allows Issuers more control
- EMV allows more offline transactions because of the data held on the card
- EMV allows you to put more than one application on a card
The Impact of EMV
- Cards - Issuing and personalisation, post-issuance updates
- Accepting devices - Terminals, point of sale, ATM, etc.
- Message Formats - Authorization and data capture
- Networks and interchanges
- Customer Services / Back Office
Contactless Smart Cards RFID
The RFID (Radio Frequency Identification) reading technology enables the transfer, by radio, of information from
electronic circuit to a reader, have opened up some interesting possibilities in the area of e-payment.
Today, the near field communication technology (NFC) opens up even more horizons, because it can beused to set up
communications between different electronic devices.
Contactless cards, telephones with NFC capacities, RFID tag have been developed in industry and the services.
Contactless smart cards RFID is used in all areas of automatic data capture allowing contactless
identification of objects using RF.
There is a number of applications ranging from secure internet payment systems to industrial automation and access control.
RFID technology solutions, including electron data carrier architecture and common algorithms for anti collision which give rise to
the RFID applications, such as the smart label, e-commerce and the electronic purse, document tracking and e-ticketing.
RFID is a major growth area in auto ID, allowing emergency vehicles to safely trip traffic signals, and providing the technology
behind contactless smart cards, auto piloting cars, and production automation.
A smart card fare payment generates a transaction record every time a card is processed at a read-write device, with the exception
of designated terminals that only provide remaining value information to the patro.
These transaction records are an asset that has significant value and thus needs to be managed.
A data management policy provides the guidelines for the participants in an interoperable smart card system for managing this
data assert. It a minimum, a data-management policy should address the following:
- Scope of the data-management policy - should identifies to whom it applies, and the limitations of the data involved.
- Definition of the data types - smartcard systems capture detailed transaction and revenue data;
- Data location,
- Data protection measures, and
- Ownership and access rights
- Identification of the stakeholders and their roles and responsibilities, and
- Other requirements privacy - Consumer privacy is a growing concern in the smartcard industry.
To determine if a smart card fare payment system may be at risk of invading an individual's right to privacy, the system's
data needs to be analyzed to determine the personal identifiable information that is collected in the normal course of business.
Contactless Card Payment Limit
Daily Limit for Contactless Payment
POS Contactless Amount
POS contactless amount is the maximum amount of contactless POS transactions done with a
debit or credit card per day.
The Daily card limit to mitigate the risk that when the card is stolen or lost, someone else
(who knows the PIN) can do transactions with the card up to the available balance on the account.
This limit is also used to switch contactless "on" or "off" (by means of a limit override).
A proposed value of 500, 250 or 0 - depending on the limit profile and
should be reset at midnight (00:00h).
No-CVM Contactless Amount
The maximum amount of consecutive contactless "no CVM required" transactions done with a debit
or credit card.
The Cumulative card limit (so not a daily card limit!) is to mitigate the risk that when the card is stolen or lost,
someone else can do "low value" transactions without the need to enter a PIN "forever".
There is a proposed value of 50 or 0 (depending on the limit profile).
Future Contactless Payment
In early , customer should be able to use their contactless payment card on:
- Docklands Light Rail (DLR)
- London Overground
- Underground Tube