Contactless technology (Tap and Go) was introduced for the convenience of cardholders and while relatively new in South Africa, has been available in many jurisdictions for some time. The convenience lies in the fact that these cards can merely be tapped on a near-field communication (NFC) Point of Sale (POS) device to make certain payments, which is quick and easy for the card holder. Videos online suggest that criminals could exploit contactless technology and steal money or card data by simply tapping an NFC enabled POS device near enough to a victim’s bank card.
Stealing money by tapping a near-field communication (NFC) enabled Point of Sale (POS) device near enough to a bank clients card is not likely. Acquiring an NFC POS device involves a rigorous vetting process by the issuing Bank which includes the mandatory submission of Know Your Customer (KYC) documentation. In addition, Banks also monitor merchant transaction activity and conduct merchant site visits. Should any irregularities be identified, an investigation will be launched immediately. Collusion with a merchant could be a possible way to defraud people, however this is also unlikely as the proceeds of crime resulting from this specific modus operandi would go into a merchant’s bank account which, again, is closely monitored. Furthermore, this payment option is only available for a predetermined number of low value transactions on any specific day, after which a PIN would be required to complete the transaction, so the financial reward associated with these transactions is low, whilst the reputational and prosecution risk to the merchant remains high.
Stealing card data by criminals is also not a viable option, as merely holding an NFC enabled POS device close to a bank card will not provide enough information to enable fraudulent card-not-present transactions. South African issued contactless cards are embedded with an RFID (Radio Frequency ID) tag, identifiable by the WiFi-type symbol, which is then read together with the cards EMV chip which is encrypted. Even if a criminal tapped a victim’s contactless card using an NFC POS device near in their wallet or bag, all they would get is the card number and expiry date. Neither the CVV nor the PIN number would be exposed, both of which the criminal would need to make fraudulent online purchases.
- Ensure that you always tap the POS device yourself, and that your contactless bank card never leaves your hand.
- Report lost and stolen cards immediately.
- Register for SMS notifications to ensure that you are alerted to any transactions on your account.
- Always inform your bank immediately if any suspicious or unauthorised transactions are conducted on your account.