Contactless Payment Cards
What is contactless payment cards?
Contactless payment is a Low Value Payments
- Use of contactless cards to enable low value payments (cash substitution).
- Contactless Payments are NOT just a technology fad.
- Contactless payments are not like Mondex / Visa Cash the previous attempts to wage a war on cash.
- Consumers like it
- Something new
- No need for change
- Inevitability about contactless - a natural extension of chip and PIN
elivers REAL benefits for merchants
- Speed of transaction
- Increase in transaction size
- Easy to use
his is not another chip & PIN
- Incremental to EMV, not a paradigm shift
- Merchants opt in
or high value payments ( > $30
- No change to current Chip & PIN experience.
or low value payments ( < $30
- MasterCard / Visa / American Express contactless interface - simply 'Tap & Go'
- Transaction risk managed by functionality on the EMV chip
- Cardholder forced online to enter PIN, once offline limit is used up
- Parameters set and updated by card issuer.
Contactless Payments History
raditionally, to conduct a payment transaction at a POS
(Point Of Sale
actual physical contact was required between the card
and the terminal
he consumer was required to swipe their card... typically for a magnetic stripe card
or insert their card into a reader for contact chip cards
he advent of RFID
(Radio Frequency Identifier transponders
) technology enables terminals and
cards to exchange data without physical contact.
he card (whether chip-enabled or not) can be tapped or waved by the consumer within radio frequency distance of the terminal.
This is referred to as "contactless
" card support.
ontactless Payment Cards CPCs
charge cards including...
- Mobile phone,
- contactless card,
- No CVM (Cardholder Verification Method),
- Easy payment,
- Tap and pay
- Pay tags (Paytag smart sticker) and
- Near field communication (NFC) technology... NFC contactless stickers.
ith contactless payments using a mobile phone
or a contactless card
its possible to do point-of-sale POS transactions
without the need to verify the cardholder...
he so called "no-CVM" transactions, if the transaction is a "low value
n case of a "high value
" transaction cardholder verification is always required.
he amount which determines whether a transaction is a "low value" or a "high value" transaction:
- Is determined by the card scheme - MasterCard in case of Maestro PayPass, VISA or Card Issuer.
- Can vary per country or region. For example, in the country such as Holland/Netherlands it is set to €25
- Is configured in and checked by the POS terminal. Therefore, the terminal will ask for a PIN if the transaction amount equal to
€25 or higher.
Advantages and Disadvantages
of Contactless Cards
Advantages of contactless cards
- A brilliant idea if it is widespread.
- Easy, quick to use.
- Much easier and quicker than chip and PIN.
- Less hassle than cash.
- Welcomed the addition to their payment repertoire.
- Perfect for things like parking machines and newspaper.
- Easier than withdrawing cash from the ATM.
- Easier to carry around, no coins.
- Less need to go to bank.
- Some have changed their pattern of cash usage.
- Greater accuracy at till.
- Lower bank charges.
- More customers/customers spend more.
- Carry less cash.
- easier to handle than cash.
- Makes it easier to do retailing.
- Reduced cash float need and shortened end of day processes.
- Speed of transaction / moving customers through.
contactless smart cards
How do contactless payment cards work?
good question to ask...how do contactless payment cards work
banks and International banks such as NatWest/ Lloyds/ HSBC/
Australia/ Barclays/ Halifax/ Santander/ JCB/ Vodafone/ Oyster/ Japan/ Ireland/
Citi/ RBS/ TFL
do advertise about its products - contactless payment cards.
ith contactless payments "no-CVM" transactions can be done in any merchant environment...
Maestro PayPass/ Visa PayWave/ blink/ American Express ExpressPay
is accepted, whereas with contact payments
"no-CVM" transactions are only allowed in specific merchant environments
(For example, parking garages
, transit vending machines
or example, in some countries, for example, MasterCard or Visa may grant a waiver that support for "no-CVM" transactions at
transit vending machines is not required.
stands for Cardholder Verification Method, therefore, method to verify (authenticate
) the cardholder
(For example, "Online PIN
", "Offline PIN
", no CVM required
he contactless application
) on the debit or credit card only supports Online PIN and no CVM required
as allowed CVM. So no CVM in this context means "no PIN".
he CVMs that EMV supports are:
- Online PIN (personal identification number) for credit or debit transactions, in which the PIN is electronically sent
to and validated by the card issuer.
The potential PIN requirement for credit transactions where a PIN pad is present is new with EMV, and will inevitably
require some degree of explanation to the consumer at the POS.
- Offline PIN, whereby instead of sending the PIN to the issuer, the PIN entered by the consumer is matched to that
on an application housed on the EMV chip card.
This functionality is exclusive to EMV card transactions. The authorization request may still be sent to the issuer.
- Signature, just as it is used today for magnetic-stripe card transactions.
- No CVM in low-dollar$/ euro€/ pound£ transactions, at merchants in low-risk
categories, such as fast food, convenience and grocery stores.
In this situation, an issuer-set transaction threshold allows the consummation of a sale without cardholder verification.
As both card-based contact and contactless payment usage grows for low-dollar$/ euro€/ pound£ transactions,
the frequency of no-CVM (i.e., no receipt-based signature required), transactions will increase as well.
ontactless Payments are about targeting cash payments and these are focussed in a number of key sectors.
ectors such as...
- Quick Serve Food,
- Snacks & Sandwiches,
- Leisure & Entertainment/Hobby/Sport,
- Newsagents/Off Licence/Post Office,
- Take Away/Fast Food/Deli,
- Dry Cleaners/Shoe Repair/Keys,
- Convenience/Grocery/Supermarket etc...
Using contactless payment cards
on buses or trains
es! You can use contactless payment cards on buses or trains. As you know, contactless payment cards (CPCs) are debit,
credit and charge cards that use radio frequency technology for quick and easy payments.
hey are increasingly being issued by banks and credit and charge card companies.
ustomers who have CPCs can now use them to pay for single journeys on buses in London, United Kingdom (UK) or using OV-Chipkaart
on metro trains
) in Amsterdam, Holland/Netherlands.
f you have a debit, credit or charge card that has been issued in the UK and displays the contactless payment symbol
(pictured on the left), you should be able to use it on buses or underground tube (metro trains travel) to pay for single journeys.
hen you touch your CPC on the yellow card reader
, you are giving authorisation for
the cost of a single bus journey to be deducted from your card account
ou can visit London
to see how they run Time zones and Transport
and the Train Line
, but don't drive as there is
by the Greater London Authority in association with London Transport
heck the Street map
or even the National Rail Enquiries
for convenience alternative routes,
or perhaps you may take the National Express
Opportunities and Benefits
to both Consumers and Retailers
or anyone who has recently travelled on the London Underground or bus network the idea of a contactless payment system
won't come as a complete surprise.
he Osyter card, run by the Transport for London
), has been hailed as a success from both the transport
industry and, more importanly, from the Users themselves.
he payment card allows users to store transport ticket value on the contactless card, with each journey cost subtracted from the card,
simply by placing the card near a reader.
ut given that this is a closed system only currently working on the Underground and London bus network, how would the concept of
contactless payments transfet into a retail environment?
n London UK, as a financial capital of the world, payment system uses contactless technology as a way of paying for
goods in retail outlets.
he basic concept of how contactless payments work is that the system has been devised to take the place of low-value cash transactions.
t is not another another payment method looking to replace existing credit or debit card payments.
magine and consider your average working day and it's not too difficult to understand what the contactless payment system is designed for.
ay be you drive or take bus or catch the train to work, either way contactless payment is designed to help you in any number of situations.
or example, you arrive at the car park, but don't have any change for the ticket machine, contactless payment will be a quick and efficient
way to pay for your car parking without the need forlooking for coins.
he main issue for transit payment systems
. Transactions must be fast enough to maintain a very high
throughput of passengers (35
per gate per minute in the case of TfL.
his means that total transaction time needs to be below 500
milisecond. Consequently online processing is unlikely
to be feasible and transactions will normally be performed offline, with later online authorisation if necessary.
What is a Smart Card?
raud was on the increase. By the beginning of 21
st century, plastic card fraud was increasing year-on-year and was
one of the fastest-growing crimes in the UK.
he Chip and PIN programme was one of the most complex ever to be undertaken in the UK.
It required a high dregree of trust and interdependence between organisations and sectors.
radical, coordinated cross-industry approach was going to be needed to tackle the problem.
number of countries, including the UK, were introducing smart chips
on cards to meet new global specifications known as
(Europay/MasterCard and Visa
mart chips store data more safely than magnetic strips and are difficult to counterfeit; in time they will allow cards to be accepted
all over the world using standardised security checks.
n addition, it was known that a PIN-based system would go a long way to reducing two of the largest categories of fraud:
- Counterfeit cards and;
- Lost and stolen cards.
domestic PIN-based system in France had seen an 80%
reduction in fraud since its introduction in 1992
hereas the French initiative had been driven through by government, the UK's introduction of Chip and PIN was led by the retail
and banking industires. Yet at that time, relations between the industries were at all time low.
omething had to change. Retailers were insisting on greater transparency and fairness in the interchange mechanism for charging them,
and these issues had recently caught the attention of the Office of Fair Trading
and the European Commission
both of which had launched investigations.
(Integrated Circuit Card
) is the general term for a credit or debit plastic card
that contains an integrated circuit chip.
hip carries instructions that provide security and application support. There are wide varieties of Chip memory sizes with
here multi-applications with payment and non-payment applications.
CC has the following security features...
- Chip is hard to copy
- Intelligence to make authorization decisions
- Parameters can be updated after issue
- New applications can be downloaded after issue
Magnetic Stripe Card
card are cheap and reliable. It works globally through use of ISO standards.
asy for fraudsters to copy and is a read only mechanism and limited data capacity.
magnetic stripe card is a type of card capable of storing data by modifying the magnetism of tiny
iron-based magnetic particles on a band of magnetic material on the card.
he magnetic stripe is read by physical contact and swiping past a reading head. The advantages include:
- Data can be modified or rewritten
- High data capacity in relation to bar codes
- Add security since it is not in human readable form
- Immune to contamination with dirt, water, oil, moisture, etc
- No moving components, physically robust
- Well established standards
- No consumables required for writing or rewriting
ome disadvantages of using magnetic stripe cards:
- It doesn't work at distance, thus requiring close contact to the reader
- Data can be damaged by stray magnetic fields
- Since it's not in a human readable form it can be a disadvantage in some applications
ompared to magnetic stripe, the smart card (EMV) is more secure. By having chip on the card,
smart card protects the information stored from damage or theft. Current magnetic stripe cards
have limited capacities to copy information.
y using smart cards that have greater capacity, customer profiles can be broader and information
can be easily added or deleted from the memory.
n addition, smart card can perform decision
making due to the powerful processing capabilities, such as data encryption.
What is EMV?
is a set of chip card, terminal and application specifications developed and promoted by
t's a global interoperability which uses original Specs EMV "96
and is currently
he EMV Specifications consists of...
- Book 1 Application ICC to Terminal Interface Specification.
- Book 2 Security and Key Management.
- Book 3 Application Specification.
- Book 4 Cardholder, Attendant and Acquirer Interface Requirements.
n EMV application
is not an implementation specification. But a Card Scheme implementation specs of:
- VIS (VSDC)
- Domestic implementation specs, e.g. UKIS, ABI, DPAS, etc.
he Chip applications comply with implementation specs and have multiple applications possible on same card.
he following emv security
- Delivery of encrypted data
- On-line Card and Issuer Authentication
- Secure CAM Card Authentication Method
- Secure CVM Cardholder Verification
- Secure script delivery
Purpose of EMV Security
- A specification that allows growth and development in the future, e.g. to support new business functions.
- Cards and systems that are inter-operable across the world
- Enhanced transaction processing security and fraud protection
- Greater functionality within the card
Difference between EMV and
Magnetic Stripe Cards
- Applications reside on the cards not terminal
- Change issued cards using scripts
- EMV cards carry a lot more data, including limits/usages for Risk Management
- EMV cards have a processor which adds another layer of security => prevents counterfeiting
- EMV also allows better CVMs because of the data held on the card => offline PIN
- EMV allows Issuers more control
- EMV allows more offline transactions because of the data held on the card
- EMV allows you to put more than one application on a card
The Impact of EMV
- Cards - Issuing and personalisation, post-issuance updates
- Accepting devices - Terminals, point of sale, ATM, etc.
- Message Formats - Authorization and data capture
- Networks and interchanges
- Customer Services / Back Office
ou will notice that the rise in international skimming losses is not being seen in European countries where regional
, often known as geo-blocking
, has been widely implemented.
eeping an active magnetic stripe on a European EMV card continues to make that card vulnerable to card skimming and
geo-blocking significantly reduces the risk of successful compromise.
Contactless Smart Cards RFID
he RFID (Radio Frequency Identification) reading technology enables the transfer, by radio, of information from
electronic circuit to a reader, have opened up some interesting possibilities in the area of e-payment
oday, the near field communication technology (NFC) opens up even more horizons, because it can beused to set up
communications between different electronic devices.
ontactless cards, telephones with NFC capacities, RFID tag have been developed in industry and the services.
ontactless smart cards RFID is used in all areas of automatic data capture allowing contactless
identification of objects using RF.
here is a number of applications ranging from secure internet payment systems to industrial automation and access control.
technology solutions, including electron data carrier architecture and common algorithms for anti collision which give rise to
the RFID applications, such as the smart label, e-commerce and the electronic purse, document tracking and e-ticketing.
is a major growth area in auto ID, allowing emergency vehicles to safely trip traffic signals, and providing the technology
behind contactless smart cards, auto piloting cars, and production automation.
smart card fare payment generates a transaction record every time a card is processed at a read-write device, with the exception
of designated terminals that only provide remaining value information to the patro.
hese transaction records are an asset that has significant value and thus needs to be managed.
data management policy provides the guidelines for the participants in an interoperable smart card system for managing this
data assert. It a minimum, a data-management policy should address the following:
- Scope of the data-management policy - should identifies to whom it applies, and the limitations of the data involved.
- Definition of the data types - smartcard systems capture detailed transaction and revenue data;
- Data location,
- Data protection measures, and
- Ownership and access rights
- Identification of the stakeholders and their roles and responsibilities, and
- Other requirements privacy - Consumer privacy is a growing concern in the smartcard industry.
o determine if a smart card fare payment system may be at risk of invading an individual's right to privacy, the system's
data needs to be analyzed to determine the personal identifiable information that is collected in the normal course of business.
Contactless Card Payment Limit
Daily Limit for Contactless Payment
POS Contactless Amount
POS contactless amount
is the maximum amount of contactless POS transactions done with a
debit or credit card per day.
he Daily card limit to mitigate the risk that when the card is stolen or lost, someone else
(who knows the PIN) can do transactions with the card up to the available balance on the account.
his limit is also used to switch contactless "on" or "off" (by means of a limit override).
proposed value of 500
- depending on the limit profile and
should be reset at midnight (00:00h
No-CVM Contactless Amount
he maximum amount of consecutive contactless "no CVM required" transactions done with a debit
or credit card.
he Cumulative card limit (so not a daily card limit!) is to mitigate the risk that when the card is stolen or lost,
someone else can do "low value" transactions without the need to enter a PIN "forever".
here is a proposed value of 50
(depending on the limit profile).
Future Contactless Payment
In early , customer should be able to use their contactless payment card on:
- Docklands Light Rail (DLR)
- London Overground
- Underground Tube
here many different card type characteristics:
- Card Usage (e.g. Debit, Credit, Prepay etc...)
- Physical (e.g. Magstripe, EMV, Contactless etc...)
- Card Networks (e.g. AMEX, MasterCard, VISA etc...)
- Card Classes (e.g. Platinum, Gold, Classic etc...)
allow you to make purchases up to a
hey offer an interest-free period for
purchases (where the balance is paid in full) before the
bill has to be settled.
ou can repay a minimum amount
each month, but you will be charged interest on any
f the bill is paid in full by the date specified on
the monthly statement, you will incur no interest.
are issued in conjunction with a current
account and are a cheap substitute for cheques.
ayments are deducted almost immediately from your
s a result, spending is limited by your
available funds, which offers a greater degree of control -
you can only spend what's in your account.
are increasingly being used by
mployers can provide pre-loaded cards to
their employees to pay for their expenses, fuel etc.
enabling the business to manage and monitor spending.
ecause they are not usually related to an existing
account, pre-paid cards may come with their own fees
and charges - such as the cost of issuing the card,
management fees, and ATM withdrawal fees.
Corporate Travel cards
can offer businesses a
convenient way of paying business expenses when
hese corporate cards do not operate
differently in principle from other credit cards, but they
may offer additional benefits, such as travel insurance or
currency facilities and are paid by the business directly.
The Major Card Networks
- VISA (VISANET, PLUS ATM Network, Interlink EFTPOS) - Uses a Star based
system where all endpoints terminate at one of several main data centres, where
all transactions are processed centrally. (1.9% fee)
- MasterCard (EPS-Net, Banknet) - MasterCard's network is an edge based peer-to-
peer network, where transactions travel a meshed network directly to other
endpoints, without the need to travel to a single point.
This allows MasterCard's
network to be much more resilient, in that a single failure cannot isolate a large
number of endpoints. (1.9% fee)
- American Express (AMEX) (2.56% fee)
- Discover (Discover Bank USA) (1.5-2% fee)
- JCB (Japan Credit Bureau) (1.5-2% fee)