Thursday, February 16, 2017

Is Visa payWave Really As Secure As They Say?

There's been quite a lot of speculation and skepticism over whether or not Visa payWave is really as secure as they say... So we're here to do some debunking!



Visa payWave is a payment method that allows users to make purchases without physically swiping through the payment terminal. However, rumours and scares have surfaced surrounding this, causing people to question its safety and security features. Well, we’re here today to settle them once and for all.
What we’ll do is address the many scaremongering concerns and see if we can debunk them all. Here we go!



1. I Found Videos Online That Show How a Device or Mobile App Claimed to Extract ALL Card Data Such As:


a. The Cardholder’s name (appeared on the card)

b. 16 digit credit card number

c. Card Expiry month and Year (MM/YY)

d. Your CVV Number (printed at the back of the Visa card)


My Question is, How Secure Are Visa payWave Cards, Really?




Whilst there are staged demonstrations showing how credit card details could be lifted through a contactless card, this scenario is complex to execute in reality. While it includes the card number and expiry date, the data itself offers very limited potential for fraud.
Also, the contactless application of Visa payWave cards issued anywhere in Asia-Pacific, including Malaysia, do not electronically store the cardholder name onto the chip, thus, the cardholder’s name could NOT be extracted electronically. This is an additional measure to protect your personal information.
Visa payWave-enabled cards contain an embedded chip that uses advanced cryptography where a unique code is generated for every single card-present transaction which is used to authenticate the transaction. As such, it is not possible to carry out a card present transaction, either contactless or even a contact transaction, with merely an intercepted card number and expiry date. As for card absent (card not present) transactions such as e-commerce, additional security data such as One-Time-Passcode and / or the CVV is usually required.
Your CVV number printed at the back of your Visa card is NOT electronically stored in the chip. Thus, it can’t be extracted electronically from any device. These are examples of the many layers of security that protect Visa payWave transactions. Visa payWave provides faster transactions and increased convenience while still maintaining Visa’s high-security standards. So far, there are no reports of fraud from card-issuers or law enforcement agencies globally stemming from such electronic pickpocketing fraud attacks.

2. Since There’s no PIN Required to Use a Visa payWave card For Purchases Below RM250, What Happens if Fraudulent Charges Already Happen After I Lose My Card But Before I Manage to Call the Bank?

To mitigate the risk of unauthorised contactless transaction arising from lost or stolen cards, there are additional security measures in place such as consumer transaction alerts, real time transaction screening to detect and prevent irregular or suspicious transactions, capability to block a card on real time basis to prevent any transactions after a cardholder report, etc.
Hence, we encourage our cardholders to sign up for such alerts. In addition, cardholders should immediately notify their banks once they realise their payment cards are missing.
For unauthorised transactions, the terms and conditions may vary from bank to bank. Consumers are advised to check with their respective banks if they are notified of an unauthorised transaction on their cards.




3. Could I Be Debited Twice if I Have More Than One Contactless Card in My Wallet?


No. Visa payWave readers are designed to only communicate with one card at a time. If the shop’s reader finds more than one contactless card in your wallet or purse, you will be asked to select one card to pay. Therefore, you won’t have to worry about being charged twice.

4. Could I Have Unknowingly Made a Purchase if I Accidentally Walked Past the Point of Sale (POS) Reader?

No. For a purchase transaction to go through, your card has to be waved within 4cm of the contactless terminal for more than half a second. On top of that, the retailer must have first entered the amount at their POS system for you to approve or wave your Visa payWave card at the reader. Visa terminals can only process one payment transaction at a time, therefore reducing transaction errors.



5. What Information is Transmitted From the Card During Payment?

During payment, the card transmits information such as the account number, expiration date and a unique dynamic code that changes for every in-person transaction. The unique code is different from the one encoded on the magnetic stripe of a Visa card. So, if a criminal attempts to use intercepted data to manufacture and use a counterfeit card, the bank that issued you your card would be able to identify the transaction as fraudulent and stop the transaction from going through.

6. Is it Possible to Create a Counterfeit Card From Intercepted Contactless Data?



Visa payWave-enabled cards contain an embedded chip that uses advanced cryptographic security to generate a unique code for each and every transaction. So if a criminal attempts to use intercepted data to manufacture a counterfeit card, the bank that issued your card would be able to identify and prevent the transaction.
As you can see, there are numerous security measures put into Visa payWave to ensure that your data, personal information, and funds remain safe. It’s typical for new technology like this to be faced with skepticism. People are just being extra careful, which is a good thing. But don’t let that stop you from joining the future of payment systems with Visa payWave!






No comments: