Contactless payment Contactless cards

contactless card being swiped on reader

Contactless payments are quick and convenient, and there are more than 58m contactless credit and debit cards in circulation in the UK.   

However, many people have concerns about them, and in the summer of 2015, Which? tested their security. Although there are some safeguards, we were able to easily obtain reader technology that allowed us to 'steal' enough details from volunteers' cards to allow us to buy items online. 

Our news story on the contactless card test explains more - and we cover safety further down this page.

Contactless symbol

If your card shows this symbol it contains contactless technology.

How do contactless cards work?

Contactless debit or credit cards allow you to pay for items worth up to £20 (rising to £30 in September 2015) without entering your Pin. 

Every contactless card has a small chip in it that emits radio waves. To pay for something, you hold the card near a payment terminal, which picks up a signal and processes the transaction.

You can tell whether your card is contactless by looking for a small logo on it which consists of four small curved lines, similar to the wi-fi symbol. The logo is also displayed on payment terminals that accept contactless payments.

Contactless with hand

Retailers accepting contactless payments display this symbol.

Where can I make contactless payments?

Many shops are now accepting contactless cards, including Marks & Spencer, Boots and Waitrose. Simply hold your card up against the Chip and Pin machine at the checkout. 

Large chains are more likely to accept contactless cards them than small shops. 

You can see a full list of shops that accept contactless payments at www.contactless.info.

The technology behind contactless cards

contactless card diagram

  • 1. A contactless card contains a chip that holds your account information and an antenna (a loop of cooper wire around the edge of the card) which picks up power from the signal sent out by the card reader.
  • 2. A card-reading terminal emits an electromagnetic field - when a card enters this field it is powered 'on'.
  • 3. The chip and the reader communicate with each other using an encrypted language. The reader can then 'introduce itself' to the card.
  • 4. Only when the card recognises the reader will it 'reply' with a coded data transfer.
  • 5. The card terminal should then confirm that payment has been accepted - this  usually happens instantly.

Are contactless cards safe?

Although contactless transactions do not require a Pin to be entered, card issuers will restrict the number of contactless transactions that can be made before the Pin is requested, to prevent fraud. Our research suggests a thief would be able to spend between £45 and £100 before being asked to provide a Pin.

Fraudulent transactions on contactless cards are protected by the same rules that apply to other card payments. This means that if you're a victim of fraud, your bank will refund you the money, provided it’s not a result of your own negligence. However, you will have to pay the first £50 of the total amount of fraudulent transactions made on your card. If you don't recognise a transaction on your statement, see our guide to fraudulent activity

According to the UK Cards Association, losses attributable to contactless fraud are less than 1p per £100, but our tests show that it's possible to 'lift' enough details to transact online in certain stores; it would be impossible to attribute this fraud to contactless cards - the victim would not know how the details had been obtained. 

Accidental contactless payments

It is possible to pay for something without meaning to, but only when you’re close to the reader. This means you shouldn’t accidentally be charged for someone else’s purchase while waiting in a queue, for example.

A contactless card should only be charged if it’s within 10cm of a contactless reader. But in practice, most terminals will not take payment until the card is a few centimetres away - in our tests, the maximum was 5cm.

Contactless terminals are programmed so that they only take one payment from one card for any one transaction. Readers have also been designed to reject payment if two contactless cards are presented at the same time.

Contactless cards: FAQs

Do protective wallets and foil stop contactless cards from being read?

There are metal cases on the market that claim to protect your cards. 

Although many members report using these successfully, we haven’t yet tested their effectiveness. Our researchers tested wrapping a card in tin foil - and this prevented it from being read, even when we rubbed it against the reader. 

While we don’t think this is essential, we believe that lining your wallet with foil should protect your card details.

What protection is in place against accidental payments being made?

The cashier needs to activate the terminal (or you need to select this option yourself at a self-service till) to accept contactless payments, reducing the risk of mistakes. 

To keep your details safe, always touch your intended payment card to the reader – don’t simply wave your wallet or bag over it.

Is it possible for a thief to copy my card details?

Although the risks are low, this is possible. 

Someone would probably have to be very close to you to ‘lift’ your card details without you knowing. In our tests, the card had to be touched against the mobile card reading device, although other readers might be more powerful.

If a thief steals my card, or copies my card details, will my bank reimburse me?

The regulations apply to all forms of payment equally, including contactless and Chip & Pin. 

Card providers should reimburse victims of contactless fraud, as long as they have taken ‘all reasonable steps’ to keep their card safe. 

If you believe a transaction was fraudulent, it’s the responsibility of the card provider to prove that you authorised the payment or were negligent – and if it can’t, then it must reimburse you. For more, see our guide to fraudulent activity

More on this...

 

 

Which? Limited (registered in England and Wales number 00677665) is an Introducer Appointed Representative of Which? Financial Services Limited (registered in England and Wales number 07239342). Which? Financial Services Limited is authorised and regulated by the Financial Conduct Authority (FRN 527029). Which? Mortgage Advisers and Which? Money Compare are trading names of Which? Financial Services Limited. Registered office: 2 Marylebone Road, London NW1 4DF.