Contactless cards don’t require any authentication from user’s side for making payment upto threshold limits. With no PIN or signature to validate the transaction, contactless could be an attractive fraud target. Such fraud are generally managed by requiring the card holder to enter a PIN or signature on a random basis and, more importantly, by setting a maximum value for the transaction.
In India, for example, the limit is currently Rs 2000/-. This transaction limit is kept minimum to control the fraudulent transaction as the fraudsters’ goal, as always, is to secure the maximum value from the smallest number of transactions. Contactless is a permanent feature of Debit card in existing practice and can’t be disabled.
Generation of receipt through contactless card is not mandatory and shopkeepers should be informed initially for generation of receipt. Facilities varies as per different merchant outlets.
Hacking could be possible using Card Reader and placing it closer to cardholder.
- At the card level, each contactless card can have its own unique built-in secret “key” that is used to generate a unique card verification value or a cryptogram that exclusively identifies each transaction. No two cards share the same key, and the key is never transmitted.
- At the system level, payment networks have the ability to automatically detect and reject any attempt to use the same transaction information more than once. Thus, even if a fraudster should “read” the information from a contactless transaction, or even numerous transactions from the same card, this information would be useless.
- Many contactless payment cards and devices do not transmit the name of the cardholder, limiting the amount of information that is communicated during the transaction.
Why Low Transaction limit?
Protecting contactless payments by limiting the possible transaction value has been an important barrier to more widespread adoption of contactless capabilities.
There is a daily limit of 5 contactless transactions on this card, which means that only 5 transactions below Rs.2000 will be permitted without two factor authentication, post which any transaction below Rs.2000 on that same day will require the card to be dipped and PIN to be typed.