All over Europe, the use of contactless payments is growing. The technology, which works using either NFC (Near Field Communication) or RFID (Radio Frequency IDentification) chips and antennas, allows a shopper to simply ‘wave’ their contactless-enabled payment card or mobile device to pay for their goods.

mastercard-mandate-pos-contactless-2020.png

While there are payment thresholds, which limit the amount a shopper can spend (these vary from country to country), the ease of use and the fact that it allows shoppers to leave cash and coins at home for smaller purchases (e.g groceries) has made it popular.

So popular, in fact, that in the European Union in 2014 there were 233 million contactless cards in issue (up 65% from 2013). The data, which comes from research firm RBR, also states that 1.4 billion contactless payments were made in the European Union in 2014, which amounted to a whopping €15 billion, which is a 155% and 190% growth on 2013, respectively.

Moreover, RBR predicts that these figures are set to grow even more in the coming years. And potential factor in that could be MasterCard’s contactless mandate.

What Is MasterCard Mandate?

MasterCard mandate states that European retailers must ensure that by 2020, all of their point-of-sale (PoS) devices are contactless-enabled. Chris Kangas, MasterCard's head of contactless payments in  Europe, also says that:

"In 2013 alone the number of MasterCard and Maestro contactless transactions across Europe tripled and the volume spent on those transactions increased four times. Contactless users tell us on social media that they love tapping and want to tap more. Today’s announcement is a much needed stake in the ground, marking the next milestone for contactless.”

The mandate is also widely believed to help mobile contactless payments increase too, as although contactless payments are very much on the rise, many of those payments take place using contactless-enabled cards rather than mobile devices.

Contactless mobile payments are not expected to become ‘mainstream’ any time soon, even with Samsung Pay and Apple Pay (the two leading mobile payment platforms) being supported by many smartphones and devices, but perhaps with more contactless PoS terminals, more shoppers will be encouraged to purchase goods with their mobile devices too.

What are the risks associated with contactless payments and terminals?

However, while contactless payments are growing in popularity, that doesn’t mean that they carry any less risks than normal, chip and PIN payments.

On the consumer side of things, there have been reports of data being ‘lifted’ from the contactless payment card without the owner of the card knowing. While this is typically done by getting in close proximity to the card (PoS terminals themselves work within approximately 10cm of the card), malicious attackers have manufactured devices that allow them to gain encrypted card details (which they can then use software to decrypt) from several feet away.

On the retailer side of things, there’s also the risk of malicious attacks fitting a part (or tampering with an existing one), allowing criminals to intercept any data received by the terminal via a contactless card. Alternatively, the attacker may find a way to install malicious software that also aims to collect/intercept this data, allowing them to use the information to make fraudulent purchases.

Read more about this topic.

Organisations must keep track of PoS security!

That’s not to say that organisations need to suffer many sleepless nights over the security of their contactless point of sale terminals, though. ZeroRisk PINpoint is one solution that actually allows organisations to keep track of their terminals, meaning that whether you have five or 5000 terminals in use across your organisation, you will always be able to monitor their security.

PINpoint also provides the benefit of no paper-based inventories and processes and in being able to report on changes with each terminal (and share them easily with employees), you can also share the workload, meaning that you will no longer have to be all-seeing and omnipresent to keep your terminals protected! Find out more about ZeroRisk PINpoint here.

Igor Mancini

Written by Igor Mancini

Marketing Director at Advantio. The articles published in the Advantio Blog have the goal of supporting our mission: making IT Security simple for everyone.

My intention is to discuss IT Security related topics with the eyes of a non technical person, speaking a simple language and trying to show to the readers the benefit of IT Security best practices.