What is contactless payment cards?
Contactless payment is a Low-Value Payments.
Contactless payments cards are plastic smartcards that allow you to make a quick and easy low-value payment by tapping your
contactless enabled bank card, key fob, pre-paid card, smartphone, smart cards, charge cards, debit cards, credits cards,
wearable devices such as watches and wristbands or other
wearable device on a payment terminal without entering your PIN.
Also, contactless card uses radio-frequency identification (RFID) or
near field communication (NFC) for making secure payments; You can use
contactless payment card instead of
cash money
or paper tickets to pay for travel.
- Use of contactless cards to enable low value payments (cash substitution).
- Contactless Payments are NOT just a technology fad.
- Contactless payments are not like Mondex / Visa Cash the previous attempts to wage a war on
cash.
- Consumers like it
- Something new
- No need for change
- Inevitability about contactless - a natural extension of chip and PIN
Delivers REAL benefits for merchants
- Speed of transaction
- Increase in transaction size
- Easy to use
This is not another chip & PIN
- Incremental to EMV, not a paradigm shift
- Merchants opt in
For high value payments ( > $30/ €25/ £30 )
- No change to current Chip & PIN experience.
For low value payments ( < $30/ €25/ £30 )
- MasterCard / Visa / American Express contactless interface - simply 'Tap & Go'
- Transaction risk managed by functionality on the EMV chip
- Cardholder forced online to enter PIN, once offline limit is used up
- Parameters set and updated by card issuer.
Contactless Payments History
Traditionally, to conduct a payment transaction at a POS (Point Of Sale) terminal,
actual physical contact was required between the card and the terminal.
The consumer was required to swipe their card... typically for a magnetic stripe card
or insert their card into a reader for contact chip cards.
The advent of RFID (Radio Frequency Identifier transponders) technology enables terminals and
cards to exchange data without physical contact.
The card (whether chip-enabled or not) can be tapped or waved by the consumer within radio frequency distance of the terminal.
This is referred to as "contactless" card support.
Contactless Payment Cards CPCs are debit, credit and
charge cards including...
- Mobile phone,
- contactless card,
- No CVM (Cardholder Verification Method),
- Easy payment,
- Tap and pay
- Pay tags (Paytag smart sticker) and
- Near field communication (NFC) technology... NFC contactless stickers.
With contactless payments using a mobile phone or a contactless card it's possible to do point-of-sale POS transactions
without the need to verify the cardholder...
The so called "no-CVM" transactions, if the transaction is a "low value" transaction.
In case of a "high value" transaction cardholder verification is always required.
The amount which determines whether a transaction is a "low value" or a "high value" transaction:
- Is determined by the card scheme - MasterCard in case of Maestro PayPass, VISA or Card Issuer.
- Can vary per country or region. For example, in the country such as Holland/Netherlands it is set to €25
- Is configured in and checked by the POS terminal. Therefore, the terminal will ask for a PIN if the transaction amount equal to €25 or higher.
Advantages and Disadvantages
of Contactless Cards
Advantages of contactless cards
- A brilliant idea if it is widespread.
- Easy, quick to use.
- Much easier and quicker than chip and PIN.
- Less hassle than cash.
- Welcomed the addition to their payment repertoire.
- Perfect for things like parking machines and newspaper.
- Easier than withdrawing cash from the ATM.
- Easier to carry around, no coins.
- Less need to go to bank.
- User-friendly.
- Some have changed their pattern of cash card usage.
- Greater accuracy at till.
- Lower bank charges.
- More customers/customers spend more.
- Carry less cash.
- easier to handle than cash.
- Makes it easier to do retailing.
- Reduced cash float need and shortened end of day processes.
- Speed of transaction / moving customers through.
Disadvantages of contactless smart cards
- Potential fraud.
- Cost.
How do contactless payment cards work?
A good question to ask...how do contactless payment cards work?
UK banks and International banks such as NatWest/ Lloyds/ HSBC/
Australia/ Barclays/ Halifax/ Santander/ JCB/ Vodafone/
Oyster card/ Japan/ Ireland/
Citi/ RBS/ TFLdo advertise about its products - contactless payment cards.
With contactless payments "no-CVM" transactions can be done in any merchant environment...
Where
Maestro PayPass/ Visa PayWave/ blink/ American Express ExpressPay
is accepted, whereas with contact payments no-CVM transactions are only allowed in specific merchant environments
(For example, parking garages, tollways, transit vending machines).
For example, in some countries, for example,
MasterCard or
Visa conatctless may
grant a waiver that support for no-CVM transactions at transit vending machines is not required.
CVM stands for Cardholder Verification Method,
therefore, method to verify (authenticate) the cardholder
(For example, "Online PIN", "Offline PIN", "Signature", no CVM required).
The contactless application (PayPass) on the debit or credit card only supports Online PIN and no CVM required
as allowed CVM. So no CVM in this context means "no PIN".
The CVMs that EMV supports are:
- Online PIN (personal identification number) for credit or debit transactions, in which the PIN is electronically sent
to and validated by the card issuer.
The potential PIN requirement for credit transactions where a PIN pad is present is new with EMV, and will inevitably require some degree of explanation to the consumer at the POS.
- Offline PIN, whereby instead of sending the PIN to the issuer, the PIN entered by the consumer is matched to that
on an application housed on the EMV chip card.
This functionality is exclusive to EMV card transactions. The authorization request may still be sent to the issuer.
- Signature, just as it is used today for magnetic-stripe card transactions.
- No CVM in low-dollar$/ euro€/ pound£ transactions, at merchants in low-risk
categories, such as fast food, convenience and grocery stores.
In this situation, an issuer-set transaction threshold allows the consummation of a sale without cardholder verification.
As both card-based contact and contactless payment usage grows for low-dollar$/ euro€/ pound£ transactions, the frequency of no-CVM (i.e., no receipt-based signature required), transactions will increase as well.
Contactless Payments are about targeting cash payments and these are focussed in a number of key sectors.
Sectors such as...
- Quick Serve Food,
- Snacks & Sandwiches,
- Coffee/Cafe,
- Leisure & Entertainment/Hobby/ Sports payment,
- Arts/Gifts,
- Florist,
- Pharmacy/Cosmetic/Health,
- Transport,
- Vending,
- Bar/Restaurant/Club,
- Newsagents/Off Licence/Post Office,
- Electrical/IT,
- CTNs,
- DIY/Gardening/Pets,
- Music/DVD/Books,
- Butchers,
- Hair/Beauty,
- Department/Clothing,
- Take Away/Fast Food/Deli,
- Dry Cleaners/Shoe Repair/Keys,
- Bakery,
- Retail,
- Convenience/Grocery/Supermarket etc...
Using contactless payment cards
on buses or trains
Yes! You can use contactless payment cards on buses or trains. As you know, contactless payment cards (CPCs) are debit,
credit and charge cards that use radio frequency technology for quick and easy payments.
They are increasingly being issued by banks and credit and charge card companies.
Customers who have CPCs can now use them to pay for single journeys on buses in London, United Kingdom (UK) or using OV-Chipkaart
on metro trains (metro travel) in Amsterdam, Holland/Netherlands.
If you have a debit, credit or charge card that has been issued in the UK and displays the contactless payment symbol
(pictured on the left), you should be able to use it on
buses or underground tube
(metro trains travel) to pay for single journeys.
When you touch your CPC on the yellow card reader, you are giving authorisation for
the cost of a single bus journey to be deducted from your card account.
You can visit London to see how they run Time zones and Transport and the Train Line, but don't drive as there is
congestion charging by
the Greater London Authority in association with
London for Transport TfL.
Check the Street map or rail tube map or Multimap or even the
National Rail Enquiries for convenience alternative routes,
or perhaps you may take the National Express coach.
Opportunities and Benefits
to both
Consumers and Retailers
For anyone who has recently travelled on the
London Underground or bus network the idea of a
contactless payment system won't come as a complete surprise.
The Osyter card, run by the Transport for London (TfL), has been hailed as a success from both the transport
industry and, more importanly, from the Users themselves.
The payment card allows users to store transport ticket value on the
contactless card, with each journey cost subtracted from the card,
simply by placing the card near a reader.
But given that this is a closed system only currently working on the Underground and London bus network, how would the concept of
contactless payments transfet into a retail environment?
In London UK, as a financial capital of the world, payment system uses contactless technology as a way of paying for
goods in retail outlets.
The basic concept of how contactless payments work is that the system has been devised to take the place of low-value cash card transactions.
It is not another another payment method looking to replace existing credit or debit card payments.
Imagine and consider your average working day and it's not too difficult to understand what the contactless payment system is designed for.
May be you drive or take bus or catch the train to work, either way contactless payment is designed to help you in any number of situations.
For example, you arrive at the car park, but don't have any change for the ticket machine, contactless payment will be a quick and efficient
way to pay for your car parking without the need forlooking for coins.
The main issue for transit payment systems is speed. Transactions must be fast enough to maintain a very high
throughput of passengers (35 per gate per minute in the case of TfL.
This means that total transaction time needs to be below 500 milisecond. Consequently online processing is unlikely
to be feasible and transactions will normally be performed offline, with later online authorisation if necessary.
What is a Smart Card?
Fraud was on the increase. By the beginning of 21st century, plastic card fraud was increasing year-on-year and was
one of the fastest-growing crimes in the UK.
The Chip and PIN programme was one of the most complex ever to be undertaken in the UK.
It required a high dregree of trust and interdependence between organisations and sectors.
A radical, coordinated cross-industry approach was going to be needed to tackle the problem.
A number of countries, including the UK, were introducing smart chips on cards to meet new global specifications known as
EMV (Europay/MasterCard and Visa).
Smart chips store data more safely than magnetic strips and are difficult to counterfeit; in time they will allow cards to be accepted
all over the world using standardised security checks.
In addition, it was known that a PIN-based system would go a long way to reducing two of the largest categories of fraud:
- Counterfeit cards and;
- Lost and stolen cards.
A domestic PIN-based system in France had seen an 80% reduction in fraud since its introduction in 1992.
Whereas the French initiative had been driven through by government, the UK's introduction of Chip and PIN was led by the retail
and banking industires. Yet at that time, relations between the industries were at all time low.
Something had to change. Retailers were insisting on greater transparency and fairness in the interchange mechanism for charging them,
and these issues had recently caught the attention of the Office of Fair Trading and the European Commission,
both of which had launched investigations.
Smart card or ICC (Integrated Circuit Card) is the general term for a credit or debit plastic card
that contains an integrated circuit chip.
Chip carries instructions that provide security and application support. There are wide varieties of Chip memory sizes with
different capabilities.
There multi-applications with payment and non-payment applications.
ICC has the following security features...
- Chip is hard to copy
- Intelligence to make authorization decisions
- Parameters can be updated after issue
- New applications can be downloaded after issue
Magnetic Stripe Card
Magnetic stripe card are cheap and reliable. It works globally through use of ISO standards.
Easy for fraudsters to copy and is a read only mechanism and limited data capacity.
A magnetic stripe card is a type of card capable of storing data by modifying the magnetism of tiny
iron-based magnetic particles on a band of magnetic material on the card.
The magnetic stripe is read by physical contact and swiping past a reading head. The advantages include:
- Data can be modified or rewritten
- High data capacity in relation to bar codes
- Add security since it is not in human readable form
- Immune to contamination with dirt, water, oil, moisture, etc
- No moving components, physically robust
- Well established standards
- No consumables required for writing or rewriting
Some disadvantages of using magnetic stripe cards:
- It doesn't work at distance, thus requiring close contact to the reader
- Data can be damaged by stray magnetic fields
- Since it's not in a human readable form it can be a disadvantage in some applications
Compared to magnetic stripe, the smart card (EMV) is more secure. By having chip on the card,
smart card protects the information stored from damage or theft. Current magnetic stripe cards
have limited capacities to copy information.
By using smart cards that have greater capacity, customer profiles can be broader and information
can be easily added or deleted from the memory.
In addition, smart card can perform decision
making due to the powerful processing capabilities, such as data encryption.
What is EMV?
EMV is a set of chip card, terminal and application specifications developed and promoted by
Europay, MasterCard and Visa.
It's a global interoperability which uses original Specs - EMV "96 version 3.1.1 and is currently
EMV 2004 version 4.2.
The EMV Specifications consists of...
- Book 1 - Application ICC to Terminal Interface Specification.
- Book 2 - Security and Key Management.
- Book 3 - Application Specification.
- Book 4 - Cardholder, Attendant and Acquirer Interface Requirements.
EMV Applications
An EMV application is not an implementation specification. But a Card Scheme implementation specs of:
- VIS (VSDC)
- M/CHIP
- Domestic implementation specs, e.g. UKIS, ABI, DPAS, etc.
The Chip applications comply with implementation specs and have multiple applications possible on same card.
EMV Security
The following emv security is used:
- Delivery of encrypted data
- On-line Card and Issuer Authentication
- Secure CAM - Card Authentication Method
- Secure CVM - Cardholder Verification
- Secure script delivery
Purpose of EMV Security
- A specification that allows growth and development in the future, e.g. to support new business functions.
- Cards and systems that are inter-operable across the world
- Enhanced transaction processing security and fraud protection
- Greater functionality within the card
Difference between EMV and
Magnetic Stripe Cards
- Applications reside on the cards not terminal
- Change issued cards using scripts
- EMV cards carry a lot more data, including limits/usages for Risk Management
- EMV cards have a processor which adds another layer of security => prevents counterfeiting
- EMV also allows better CVMs because of the data held on the card => offline PIN
- EMV allows Issuers more control
- EMV allows more offline transactions because of the data held on the card
- EMV allows you to put more than one application on a card
The Impact of EMV
- Cards - Issuing and personalisation, post-issuance updates
- Accepting devices - Terminals, point of sale, ATM, etc.
- Message Formats - Authorization and data capture
- Networks and interchanges
- Customer Services / Back Office
- Security
You will notice that the rise in international skimming losses is not being seen in European countries where regional
card blocking, often known as geo-blocking, has been widely implemented.
Keeping an active magnetic stripe on a European EMV card continues to make that card vulnerable to card skimming and
geo-blocking significantly reduces the risk of successful compromise.
Contactless Smart Cards RFID
The RFID (Radio Frequency Identification) reading technology enables the transfer, by radio, of information from
electronic circuit to a reader, have opened up some interesting possibilities in the area of e-payment.
Today, the near field communication technology (NFC) opens up even more horizons, because it can beused to set up
communications between different electronic devices.
Contactless cards, telephones with NFC capacities, RFID tag have been developed in industry and the services.
Contactless smart cards RFID is used in all areas of automatic data capture allowing contactless
identification of objects using RF.
There is a number of applications ranging from secure internet payment systems to industrial automation and access control.
RFID technology solutions, including electron data carrier architecture and common algorithms for anti collision which give rise to
the RFID applications, such as the smart label, e-commerce and the electronic purse, document tracking and e-ticketing.
RFID is a major growth area in auto ID, allowing emergency vehicles to safely trip traffic signals, and providing the technology
behind contactless smart cards, auto piloting cars, and production automation.
A smart card
fare payment generates a transaction record every time a card is processed at a read-write device, with the exception
of designated terminals that only provide remaining value information to the patro.
These transaction records are an asset that has significant value and thus needs to be managed.
A data management policy provides the guidelines for the participants in an interoperable smart card system for managing this
data assert. It a minimum, a data-management policy should address the following:
- Scope of the data-management policy - should identifies to whom it applies, and the limitations of the data involved.
- Definition of the data types - smartcard systems capture detailed transaction and revenue data;
- Data location,
- Data protection measures, and
- Ownership and access rights
- Identification of the stakeholders and their roles and responsibilities, and
- Other requirements privacy - Consumer privacy is a growing concern in the smartcard industry.
To determine if a smart card fare payment system may be at risk of invading an individual's right to privacy, the system's
data needs to be analyzed to determine the personal identifiable information that is collected in the normal course of business.
Contactless Card Payment Limit
Daily Limit for Contactless Payment
POS Contactless Amount
POS contactless amount is the maximum amount of contactless POS transactions done with a
debit or credit card per day.
The Daily card limit or floor limit to mitigate the risk that when the card is stolen or lost, someone else
(who knows the PIN) can do transactions with the card up to the available balance on the account.
This limit is also used to switch contactless "on" or "off" (by means of a limit override).
A proposed value of 500, 250 or 0 - depending on the limit profile and
should be reset at midnight (00:00h).
No-CVM Contactless Amount
The maximum amount of consecutive contactless "no CVM required" transactions done with a debit
or credit card.
The Cumulative card limit (so not a daily card limit!) is to mitigate the risk that when the card is stolen or lost,
someone else can do "low value" transactions without the need to enter a PIN "forever".
There is a proposed value of 50 or 0 (depending on the limit profile).
Future Contactless Payment
In early , customer should be able to use their contactless payment card on:
- Docklands Light Rail (DLR)
- London Overground
- Trams
- Underground Tube
Card Types
There many different card type characteristics:
- Card Usage (e.g. Debit, Credit, Prepay etc...)
- Physical (e.g. Magstripe, EMV, Contactless etc...)
- Card Networks (e.g. AMEX, MasterCard, VISA etc...)
- Card Classes (e.g. Platinum, Gold, Classic etc...)
Card Usage
Credit cards allow you to make purchases up to a specified limit.
They offer an interest-free period for purchases (where the balance is paid in full) before the bill has to be settled.
You can repay a minimum amount each month, but you will be charged interest on any balance.
If the bill is paid in full by the date specified on the monthly statement, you will incur no interest.
Debit cards are issued in conjunction with a current account and are a cheap substitute for cheques.
Payments are deducted almost immediately from your account.
As a result, spending is limited by your available funds, which offers a greater degree of control - you can only spend what's in your account.
Pre-paid cards are increasingly being used by businesses.
Employers can provide pre-loaded cards to their employees to pay for their expenses, fuel etc. enabling the business to manage and monitor spending.
Because they are not usually related to an existing account, pre-paid cards may come with their own fees and charges - such as the cost of issuing the card, management fees, and ATM withdrawal fees.
Corporate Travel cards can offer businesses a convenient way of paying business expenses when travelling.
These corporate cards do not operate differently in principle from other credit cards, but they may offer additional benefits, such as travel insurance or currency facilities and are paid by the business directly.
The Major Card Networks
- VISA (VISANET, PLUS ATM Network, Interlink EFTPOS) - Uses a Star based
system where all endpoints terminate at one of several main data centres, where
all transactions are processed centrally. (1.9% fee)
- MasterCard (EPS-Net, Banknet) - MasterCard's network is an edge based peer-to-
peer network, where transactions travel a meshed network directly to other
endpoints, without the need to travel to a single point.
This allows MasterCard's network to be much more resilient, in that a single failure cannot isolate a large number of endpoints. (1.9% fee)
- American Express (AMEX) (2.56% fee)
- Discover (Discover Bank USA) (1.5-2% fee)
- JCB (Japan Credit Bureau) (1.5-2% fee)
- American Express (AMEX) (2.56% fee)
Watch and read the feedback from contactless payment users.