payWave? What’s that?
For those who aren’t familiar with the term, payWave is essentially Visa’s response to MasterCard’s PayPass system. The most prominent difference here is that both systems enable customers to make any purchase seamlessly. All you have to do is tap your card in front of the terminal that accepts the contactless feature, and your transaction will be processed. Your signature or PIN number is no longer needed. Simple, isn’t it?
FYI, you can also make a payment using your smartphone. Just make sure that the device is NFC-enabled. You also need to download a mobile payments app from your mobile phone provider or financial institution and load your existing Visa Credit or Debit accounts. Now that you're all set, just look for the Contactless Symbol on the terminal during checkout and hold your phone or device over the symbol to pay.
But, is payWave secure enough to be used?
The answer is DEFINITELY. Before that, let us give you a little bit of the backstory.
Last year, there was an article published by a local daily claiming that contactless card is easily hacked by electronic pick-pocketers. It is said that there is an app for this which can be downloaded from Playstore/Appstore or an open source.
The said app is able to steal information like credit/debit card number, the card's expiry date as well as CCV by using an NFC-enabled device. It can scan your card from a 1-metre distance. Then, they can use that information to make transactions 'without authorisation', as well as to 'clone cards'.
Image via Amanz
Based on Amanz's review on the app, the data retrieved aren't enough to make any online purchase. What they got were the card number, the card’s expiry date, and the card’s transaction history. What was missing is the CCV number, which is needed when you're making an online transaction.
On top of that, the writer also mentioned that the card can only be scanned when he puts the card really close to the device. This means that there is no way things like this can happen without your knowledge unless you're intentionally inattentive.
Furthermore, to debunk this news, Bank Negara Malaysia (BNM) shared that contactless cards cannot be cloned or used for unauthorised transactions by fraudsters. This is because the cards are equipped with an embedded EMV chip that generates a dynamic code for every transaction.
According to the central bank, although the card numbers and expiry dates could be obtained by a person using a scanner, the data would be insufficient to clone a card. Plus, with NFC technology, it reduces the threat via its data encryption for sending sensitive information.
On top of that, if a fraudster attempts to use intercepted data to manufacture and use a counterfeit card, the bank would be able to identify the transaction as fraudulent and stop the transaction from going through.
As for online transactions, cardholders are required to enter a transaction authorisation codes (TAC) that are sent to their mobile phones for authentication. For smartphone users, your Visa payWave card is secured with a fingerprint or a PIN number to keep unauthorised users at bay. On top of that, the transaction will also be protected by the Visa Token Service.
REMINDER: First, don’t flaunt your PIN number to anyone. Second, if you lose your card, just contact your issuing bank immediately to block your card from unauthorised transactions and ask for a replacement card. Lastly, if there are any unusual transactions on your bank statement, do report to your bank as soon as possible.
The Pros and Cons of payWave
So, should you use payWave?
In conclusion, by looking at the pros and cons of payWave, it may seem that the good outweighs the bad. With regards to whether payWave is better and safer, it may come down to individual choice - YOU be the judge.
Moving forward, it will be interesting to see what new developments we're headed towards in the contactless payment technology arena, especially with developments like wristband payments and the Coles PayTags.