Transacting New World With Contactless Payments

0
340

With the vigorous advent of short-range wireless technology, contactless payment has taken over the deck and is today viably accepted and opted. The prefect bond of contactless card enabling wireless transaction through a contactless checkout terminal is defined as Contactless payment technology. Authorization processes of contactless payments are just a tap or just brining close to the contactless point of sale(POS) terminal. The payments or let’s say the transaction processes in contactless payments are eminently swift, secure and (fun). Hence with the growth of contactless payments, traditional form of exchange of business is seemingly depreciating. This has also advanced business and helped retailers to do businesses seamlessly. They can now evade the time to count cash or go to a bank to deposit cheque. This new form of transactional operations has also enabled retailers, shopkeepers and businesses to engage with their customers more easily and frequently.

The biggest ‘wonder advantage’ of contactless payments has been the experience it enables to both the parties. For example, there is no PIN verification needed for small amount of transactions. It gives a swift and retentive experience in the modern market. Though as usual in today’s connected and a ‘strive to make easier life’ bring the emergence of security and yes, with its mass acceptance brings newer and severe Security challenges therefore various regulations are been developed, discussed and also implemented across the globe. In this piece, we shall be highlighting various aspects including the Indian scenario, challenges and market acceptance and technology advancements in contactless payments.

Indians On-The-Go With Contactless Payments

During the last three(3) years, Contactless payments in India saw a massive uptick. Acording to an industry report, contactless payments in India surged six(6) times in these three years. Contactless payments enabled these Indian businesses to do fast, secure and foremost touch less transactions during the straining times (pandemic). 
The growth figures between December 2018 to 2021 was considerably extolling from 2.5percent in December 2018 to logging a whopping 16 percent in December 2021. The report titled ‘India taps into a Contactless Future’, highlights that the contactless will fuel the digital payments ecosystem. It will offer more convenient and secure solutions to consumers and merchants across segments. Less-touch payments mode in stores ensured consumer safety. Additionally, the adoption of EMV chip cards has been pivotal for the growth of contactless payments, aided by supportive regulations that increased the contactless limit in India to Rs 5,000 in 2021. The cohesive experience of contactless payments, with their inherent convenience, speed, and enhanced security features are a major reason for rapid adoption by consumers, merchants, issuers, and payment processors, the report noted. Contactless payments refer to the cashless transactions that do not require cards to be swiped at Point-of-Sale (POS) terminals.

Image-1 General architecture of an NFC smartphone. Image source: Coskun, Ozdenizci & Ok (2015).

Modes of Contactless Payments

Two major architectures are used for mobile phones to store and communicate sensitive information such as card number, primary account number and other payment information. They are either by a hardware with Secure Element (SE) or a software with Host Card Emulation(HCE). When card emulation is performed using an NFC mobile phone with a secure element, the interface to the payment reader (e.g. a point-of-sale or POS) is the same as for a traditional payment Credit/Debit card. This is similar with NFC mobile gadgets using the HCE, a POS or reader sees an application hosted in the mobile phones operating system as a standard EMV card.

Secure Element (SE) Model:

Image 2Caption: A mobile phone with a Secure Element.

When mobile devices with NFC are used to emulate smart cards, credentials like secret cryptographic keys used by payment applications are stored in a tamper resistant hardware module known as the Secure Element (SE) in accordance with the security requirements set forth by a known and trusted authorities. The SE which is a tamper resistant hardware used to store sensitive credentials. It has a direct connection with the NFC controller/antenna.

To make simple the idea of SE, describes SE as a smart card in mobile devices. SE is known to have the highest level of security for applications residing on it. The level of security provided by SE is the same as the security level of classic smart cards. One of the key advantages of SE is that it is a standalone component. It creates a tough security against malicious sophisticated attacks. For SEs to offer a good level of interoperability and unparalleled rich portfolio of vital services, they are supported by mature ETSI, 3GPP, GlobalPlatform and Java Card standards.

Tokenization

Image 3 Caption: A token been generated in a banking transaction. Image Source; Wadii, Boutahar and Ghazi (2017)

Storing payment credentials and cryptographic keys in the mobile device OS instead of the SE is considered less secure as discussed in HCE model. This is why additional security measures like tokenization are needed for HCE (Pandy & Crowe, 2016).

One of the Key Challenge

41% of fence-sitters in our MoneyScreen study have, is that the mobile device payment option will not work when needed. Nothing is more embarrassing when you try to buy lunch and the technology fails you and you have no other way of paying.

For this reason, many feel compelled to carry multiple forms of payments (some cash and at least one physical credit card) just in case, and that defeats the purpose of having a mobile payment setup.

What can phone manufacturers, credit card companies, and payment terminals do to address this fear, or enable smooth contactless transactions every time? To eliminate the need to carry a second form of payment, is there a backup option on the smartphone or mobile wallet to give consumers more peace of mind, should the cardless payment fail?

Did You Know?

The first smart card technology was developed in the 1970s. And these smart cards were actually developed by commercial manufacturers.  Thereafter in 1979, Michel Hugon developed the first computerised smart card which flaunted a processor with local memory. This very technology was thereafter been replicated by phone companies and transport operators who then made SIM cards and travel passes.

Though, the first ever contactless card was first developed in 1995 which were called UPass cards and was used in South Korea for its transport systems.  Not stopping there, experiments and advancements continued until Barclaycard in 2007, issued the first contactless payment card for the UK called the OnePulse. In 2011 Google brought Google Wallet to the market which allowed consumers to use their smartphones to make purchases at point-of-sale (POS) terminals.

Additionally, Alipay also began experimenting with QR codes, using them to facilitate payments for retailers and customers in Asia. By 2015 Apple had developed wearable technology which allowed customers to make payments with their smartwatch. The pandemic accelerates the use of contactless card payments with worldwide transactions totalling $2.5 trillion for the year 2021.

Contactless covers everything from NFC to QR codes. Let’s look into the technologies that determine the present and future of contactless transactions and also its differences:

RFID

Radio frequency identification (RFID) is a contactless and wireless way to transfer data through radio waves. RFID was invented in the 1980s and comes in three different forms:

  • Ultra high frequency (UHF)
  • High frequency (HF)
  • Low frequency (LF)

RFID was first designed to improve upon barcodes which required a line of sight when being scanned. With RFID, the tag and the reader simply need to be within range for the transmission of data.

An RFID system consists of a tag, reader and antenna. When the tag is triggered by a pulse from an RFID reader device, data is transmitted to the reader.

RFID is typically used for tracking items, controlling access and managing materials. They can only store a small amount of information which prevents anything more complex. Naturally, RFID is only suitable for very simple tasks.

Uses for RFID include: 

  • Preventing theft
  • Tracking inventory
  • Controlling access
  • Tracking attendees

NFC

NFC or near field communication came into being around the early 2000s and is considered a subset of RFID. It uses a higher frequency which means it can transmit data much faster than RFID but it will only work at much smaller distances. Moreover, the other major difference is that NFC devices can act as both a reader and tag, which is why you can use an NFC-enabled smartphone for all different kinds of applications. Both RFID and NFC work by generating a magnetic field. When a tag is brought within range, there is an electronic handshake and any data on the tag is transmitted to the reader with a beep.

Uses for NFC include: 

  • Transferring data
  • Mobile payments
  • Accessing transport
  • Automating devices

EMV

EMV stands for Europay, MasterCard, Visa. It refers to the microchips that are now implanted in the newest types of payment cards. These chip cards use either chip and PIN or chip and signatures.

Previous to EMV, data would be transmitted by swiping the magnetic stripe of a credit or debit card. The problem however for card issuers was that fraudulent transactions were common. With an EMV card, the small EMV chip ensures a stolen card isn’t being used.

Sensitive information can be copied easily from a magnetic strip. With EMV, fraud is a lot harder because data is tokenized.

Whereas EMV strengthens card security, NFC is a complementary contactless payment technology that enables EMV cards to be used wirelessly.

QR codes

QR stands for quick response and refers to an advanced type of barcode. It can be used for a range of applications, one of which is contactless payments systems.

First invented in Japan in 1994, QR codes were designed to store more information than the initial 20 characters.

Moreover, QR codes started to be used for payments in 2010, and now make up over a third of all payments in China.

The information stored in a QR code means that it can be used to facilitate contactless transactions.

Uses for QR codes include: 

  • Storing marketing information
  • Directing users to websites
  • Sending users to checkouts to input payment information
  • Sharing information such as menus