Contactless cards and the urban legend
Are you ready to bust three myths about contactless cards?
So let's jump right in.
#1 Can someone read my card from a distance?
The myth says:
Fraudsters would be able to use
long-range RFID readers to extract data from contactless
cards from a distance, and use that card data to
access cardholders’ accounts and steal money.
No, it is not possible to use long-range RFID readers to
extract data from contactless cards.
The near field communication (NFC) technology in
contactless cards uses a 13.56Mhz radio frequency
technology that only transmits digital data within a very
Typically the optimum distance is 4 centimeters or less - beyond the signal is rapidly decreasing and can never exceed 10 centimeters.
That's why you do not need a contactless card protection sleeve for security reasons.
But stay with us, there's more.
#2 What about short-range skimming then?
The myth says:
A fraudster equipped with an
NFC reader would be able to access contactless cards in
someone’s pocket or bag in crowed public spaces like in
the subway. By doing so, they would extract
enough sensitive data to make a counterfeit card or make
No, it is not possible to clone a contactless card thanks
to data collected by a hidden reader like a smartphone or
any other NFC reader.
It is also impossible to collect enough data from the card
to complete an online purchase.
Only a genuine POS, provided by an acquiring bank, is
capable of communicating with the card – and a fraudster
using a genuine POS would get caught by the acquiring
bank and processing network.
#3 Repeated purchases if my card is stolen?
The myth says:
Because low-value contactless transactions can be made
without requiring a PIN code, a thief
could spend large amounts of money through many
repeated small purchases.
No, even with a lost or stolen card the total possible fraud
amount would be small.
In many countries where small amounts
contactless transactions are authorized, the number of contactless
transactions that can be made in a row with a contactless
EMV card is limited.
After a certain number of transactions,
a reset with chip and PIN in contact mode is required or the
card will automatically stop functioning in contactless mode.
When a contactless card is reported lost or stolen, the
issuing bank will cover for the small amounts.
Did you know that all our contactless chip cards are EMV cards?
Contactless security revealed
Unlike older generations of banking cards with magnetic stripes, EMV cards use a smart microprocessor chip technology which:
- secures the cardholder's credentials
- performs cryptographic computation to protect its communication with the Point-of-Sale (POS) terminal and the processing network.
Since the chips are virtually impossible to tamper with or clone, EMV cards are infinitely less vulnerable to counterfeit fraud than magnetic stripe cards.
The EMV standard continuously evolves to include new security defense mechanisms, such as Dynamic Data Authentication (DDA).
It is based on public-key cryptography, typically RSA cryptography. Each EMV smart card contains a unique public and private key pair that is used during authentication.
When prompted by the terminal, the card uses one key to generate a valid cryptographic code that is sent back to the terminal.
This code is unique to that transaction and proves that the card is genuine. The terminal uses the second key to validate the code returned by the card.
The card's microprocessor chip is powered wirelessly by proximity to the POS (up to 4 cm).
Only a genuine POS with a genuine acquirer bank account can proceed with an EMV transaction.
Why contactless pickpocketing is impossible
New technology is almost always followed by scaremongering stories, and contactless is no exception.
Reassure yourself and your customers by getting the facts on common contactless myths – and how the technology works.