Contactless payments are now part of our everyday life: how many times do we bring our card or phone to the POS to buy a coffee at the bar or when we are out shopping. But have you ever wondered what the difference is between the two payment methods? Let’s start by saying that both use NFC technology, which stands for Near Field Communication. It is a type of radio wave communication that works thanks to an active reader (the POS) that sends a signal, and a passive device (our card or telephone) that is activated only in response to this signal. It is a mechanism similar to the one used for motorway electronic tolls or for office badges, but with a difference: NFC is designed to work only over a very short distance. In fact, the optimal distance is within 4 cm, while if we position the paper beyond 10 cm it becomes practically impossible. This limitation is not accidental, but is a security measure to ensure that the transaction only occurs when the user fully intends to do so.
Card security systems
When you make a payment by card, the information between the POS and your card travels through the air like radio signals protected by a highly advanced security system: encryption. Simply put, encryption is a system that masks the information traveling between devices, making it incomprehensible to anyone who intercepts it without possessing the correct “reading key”. It is estimated that, with current standards, if a supercomputer wanted to decipher a single message it would take more than the age of the universe without the right key. And as if that wasn’t enough, every single transaction has its own interpretation, which applies to that payment and to no other in the future. In addition to this, for small amount transactions (generally up to €50) or for a limited number of consecutive transactions, the card allows fast payments without a PIN. This is a practice to speed up operations and make the use of paper more convenient. However, once a certain spending threshold or a specific number of operations (usually 5) is exceeded, the personal code is always requested. This is an essential mechanism to limit the damage in case of physical theft of the card, giving the owner the necessary time to block it.
Security systems with the telephone
For this last aspect we take the example of BPER Banca and its digital services. When we make payments with the phone, for example via the wallet or the BPER Banca app, the security systems are the same as those of the card, plus others. In fact, cardless operations exploit biometric authentication systems, such as fingerprint or facial recognition, so that they can only be carried out by the owner of the phone. Added to this is tokenization: when you insert a card into a wallet, the real card number is stored in a “digital safe” by the payment circuit. The latter generates a “token”, a replacement code specific to that phone, which has no direct link to the bank account. Thus, during each contactless payment, it is never the real card number that travels, but only this disposable token, exponentially increasing the security of the transaction.
