Have you ever wondered what happens when we bring the card closer to the POS? Almost certainly yes, and you may also have wondered if it is really safe and why sometimes we are asked for the PIN and other times not. In this video we explain how contactless payments workor those which – as the word itself tells us – take place without touching the devices: just bring the card (physical or digital) close to the POS to immediately authorize a payment. But how is this possible?
At its core is NFC technology, which stands for Near Field Communication. It’s a type of radio wave communication which consists of an active reader (the POS) which sends a signal, and a passive device (our card or our telephone) which is activated only when it receives the signal.
It is a mechanism very similar to when we pass the toll booth on the motorway or when we clock in with the badge in the office: there too there is an active device and a “sleeping” one that responds only if stimulated. The difference between NFC and these other systems is that NFC is designed to work only over a very short distance: in fact you have to bring the card within a few centimeters of the POS to authorize the payment. Think that the optimal distance is within 4 centimeters, above 10 it becomes impossible. And this precise distance is not accidental: it helps guarantee greater security, since – in theory – we only bring the card so close to the reader when we are 100% sure that we want to make that transition.
But then why can’t we swipe the card like we used to? Data was once written on the magnetic stripe of the card, and could be copied and used to clone the card. Today, as we have said, information is transmitted via radio signal, and so the data is protected by a sophisticated system encryptionwhich makes it virtually impossible to intercept them or use them to clone the card.
But does this system also work with the infamous “pirate POS”, i.e. when someone creates a “do-it-yourself POS” and tries to get it close to strangers’ wallets to steal valuable information on their cards? As explained in the video, it works, because the security system provides additional protections, such as the request for PIN – the personal code that only we know – when certain thresholds are exceeded (usually €50), when numerous small payments are made in a short time, or when certain cumulative amounts are reached.
It’s a security system designed precisely to prevent a stranger from going around spending the money in our account. The PIN is also requested if we carry out many operations at a short distance (usually 5), or when these operations quickly exceed a certain cumulative amount (such as €150). All measures designed to give us the time necessary to block the card and report the theft.
The video also explains the difference between physical card and use via smartphone. To summarize, “cardless” operations inherit all the security systems of the card, but add new ones, such as biometric authentication (fingerprint and facial recognition) and tokenizationthanks to which the real card number is never transmitted. What travels is only a disposable token, i.e. an identification code linked exclusively to your device, making data theft even more complicated. Special thanks go to BPER Bankwhich supported this in-depth video and which has been investing in digital security and the innovation of payment services for years.
