Earlier this year the UK Card Association revealed some impressive stats about contactless card usage. The organisation revealed that between July 2014 and July 2015, the number of contactless payments increased by a whopping 237% in the UK and that they now account for 8% of all UK card payments, meaning that UK consumers are taking advantage of the technology in a big way.

But, it’s not just the UK that’s embracing contactless cards. Consumers all over Europe are making use of the time-saving technology, with more of them paying for things using contactless than ever before.

Visa Europe reveals Contactless Card usage stats

The information about Europe’s contactless card usage comes to us from Visa Europe. The organisation explains that 3 billion contactless payments were made over the last 12 months, which is reportedly almost three times the amount of contactless transactions made the year before. Moreover, contactless payments, as a proportion of all Visa-processed face-to-face payments, are now 1 in 5 which is a significant increase from the 1 in 60 statistic from 2013.

Visa Europe has also offered some more specific details about contactless’ areas of growth. The organisation states that Poland, Spain and the UK use contactless the most, with UK usage growing by 300% (51 million transactions in April 2015, to 153 million in April 2016). Restaurants are the sector that has felt the contactless card usage growth the most, having grown by 153%, while contactless usage at general retail has grown by 146%, usage at supermarkets has grown by 119% and with food and drink including fast food there’s been an increase of 96%.

Visa expects contactless usage to continue to increase in future too, with the organisation noting that most of the new payment terminals deployed across Europe from January this year are contactless enabled. This will help merchants achieve the target of all terminals in Europe accepting contactless payments by 2020, says the organisation.

Consumers and Businesses, what are the risks?

With contactless card usage making it easier for consumers to pay for things, also saving time for both the consumer and the businesses that serve them, the technology clearly offers a lot of benefits. However, there are risks attached to contactless card technology too and businesses need to take action to address them.

For example, one of these security measures is about making sure that you and your employees are monitoring the physical security of your PoS (point of sale) terminal. In its FAQ regarding the security of contactless cards, Visa notes that terminals use “private or secret keys to generate one-time-only electronic signatures and cryptograms” and keep the data safe during transactions. However, malicious attackers are determined, especially given just how many consumers are now using their cards to pay for things (both contactless and with contact) and if the terminal is left unmonitored, they may introduce software or hardware to the terminal that allows them to steal information during a transaction.

And tampering may not just happen at an opportune time, such as when an employee’s back is turned, either. Some attackers run sophisticated operations in which they may trick you and your employees into believing that they are a legitimate maintenance professional, duping you into believing that they have authorisation to conduct work on the terminal, letting them tamper with it in plain view.

The PCI DSS includes language specifically designed to guide businesses in the right direction regarding the physical security of their terminals, Requirement 9.9 explains that businesses must protect terminals “from tampering and substitution,” detailing the best practices for doing so, including training employees to help them understand what they should look out for.

PCI compliance, and in particular PCI DSS requirement 9.9, also requires that each point of sale device's physical security is inspected regularly. Something which services such as ZeroRisk PINpoint can aid.

Igor Mancini

Written by Igor Mancini

Marketing Director at Advantio. The articles published in the Advantio Blog have the goal of supporting our mission: making IT Security simple for everyone.

My intention is to discuss IT Security related topics with the eyes of a non technical person, speaking a simple language and trying to show to the readers the benefit of IT Security best practices.