How Secure Is Your Contactless Payment Card?

18 December 2015

Over the past year, contactless payment cards have transitioned from a novelty to a necessity for many Canadians. The cards, which allow consumers to forgo inserting their card or even typing their PIN for small purchases, have been available for nearly a decade, but this year their use has heated up dramatically.

According to Moneris Solutions Corp., the largest card payment processor in the country, the dollar volume of contactless payments made across its terminals jumped 162 percent in the three months between July and the end of September, compared to the same three-month period last year. Visa has also seen growth from a consumer perspective, reporting that while its cardholders only used contactless functionality to make 12.1 percent of their store purchases in June 2014, that number was up to nearly a quarter by this past June, according to

One reason for this rapid adoption could be that the number of store owners who have the terminals to accept contactless payments has finally caught up with card distribution, driven in part by the popularity of contactless mobile payment options.

As with any new payment method, especially one growing this quickly, it is important to understand the security methods card companies are using to protect consumer data in the new payment format. According to the Canadian Banker’s Association (CBA), contactless cards are in fact more secure than previous cards, as they include several layers of built-in security to keep identity thieves from gathering or using stolen credit card data.

Here are some of the ways in which contactless cards can help keep your information safe, according to the CBA:

  • Limited range: Contactless cards are meant to be waved in front of a payment terminal from just a few centimeters away, so the signal they emit is only detectable over a very short range. This limitation makes it difficult for criminals to gain access to card information from a distance.
  • Encryption: Even if a criminal was somehow able to steal data from your card, the card’s encryption technology would prevent them from being able to use it to commit credit fraud. Rather than using RFID technology that simply transmits information, contactless payment cards use international EMV chip standards and advanced cryptography that are far more secure. During a transaction, the card and the terminal conduct security checks with one another, using a unique encryption code that expires after the transaction is finished. If someone could get close enough to steal data from your card, they would not be able to use the encryption code because it would have expired when you completed the transaction.
  • Anonymized information: During a contactless transaction, the terminal and card only exchange a very limited amount of data. They may share language preference, card number and other coding data, but more sensitive information, such as the customer’s name, bank account information and security code are not transmitted.
  • Low transaction limits: Contactless cards typically have low transaction limits of between $50 and $100 any larger purchases require you to enter your PIN. If your card is lost, this will prevent large purchases from being made.
  • Zero liability: Visa, MasterCard and Interac all have zero liability policies for credit and debit card holders. If an identity thief is able to commit fraud using your card, you won’t be held responsible and will likely be fully reimbursed.

While contactless cards contain features designed to improve their security, no payment method is completely immune to the threat of identity theft. For additional protection, be sure to invest in a credit monitoring service, which can notify you of certain activity on your credit files that may indicate fraud. Credit monitoring coupled with other preventative measures can give you peace of mind as you shop.