Even before the Covid-19 pandemic, contactless payments were on the rise. First introduced in around 2007, 51% of Americans are using some form of contactless payment method, including cards and mobile wallets.
Despite the global and national boom, 40% of retailers in the US have yet to adopt contactless payments, potentially due to costs of swapping POS hardware and software, fears over transaction security or a widespread lack of contactless-enabled cards.
Andrew Jamieson, Technology and Security Directo of UL (Underwriters Laboratories) has been advising US retailers, payment companies and tech innovators on this transition, leveraging UL’s global experience in the most advanced payment markets. With 25 years of experience of payments systems, here Andrew shares his view on the situation and the best practices for implementing contactless payments.
Contactless payment has proven very popular in all markets where it’s been widely deployed and correctly supported. From the UK to Australia, contactless payments can account for the vast majority of in-store payments in many countries and is preferred by many customers due to its speed, ease of use, and security. And that’s before Covid-19 added the ability to perform transactions without physical contact to the list of benefits. However, there can be pitfalls for new deployments of contactless payment…
The way in which the user interacts with the terminal during a contactless payment is quite different to traditional contact and magnetic stripe transactions, and this can be an important barrier remove when first deploying contactless solutions. The marketing used for contactless often does not help here – the process for making a contactless payment is less ‘tap and go’ than ‘hold and wait for the lights’.
The customer must bring their card into the contactless field of the terminal and hold it in that spot for about a second. It’s common in new contactless environments to find customers literally ‘tapping’ the card on the terminal, which can result in increased errors as the card and terminal interaction is cut short. Payment terminals should have a set of four green lights across the top of the area where the card must be held, and the customer should be educated to wait for all of these to go green before removing their card.
Location, Location, Location
Knowing how to correctly use a contactless card is only half the battle though, as before you can do that a customer must know where to place the card on the terminal. Different terminals put their contactless antennas in different locations – some are under the screen, some are off to the side or top of the terminal, and some are on a separate part altogether. If a customer finds that they have no problem with contactless payments in one shop, only to find that they just can’t get it to work somewhere else; this is often due to differences in antenna placement.
The EMV standard does address this – terminals are supposed to have a contactless symbol visible at the centre location of the antenna. However, when the antenna is located behind the screen this can often mean the display can be changed during transactions, and even if not most customers are not aware they should look for this symbol (or even what it looks like!).
Can Someone Call Security?
A final hurdle that can be faced when first deploying contactless payments is that of perception. Customers new to this type of payment can often be concerned about the security of their payment, of the ability for others to intercept, or fraudulently perform, payments. This should not be a concern, given the historically low level of fraud in countries where contactless is widely deployed, but it is often played up in some channels as this new payment method is first deployed.
Here, the ease of contactless payment works against it – the ability to quickly, without physical contact or even the use of a PIN or other cardholder verification method, perform a transaction can be quite ‘scary’ even when portrayed as performed by a malicious party.
Removing Contactless Barriers
All of these problems can be addressed with the right planning. Setting up contactless terminals in locations where customers can feel safe ‘practising’ using their new cards is important, as is having clearly visible documentation on how to correctly perform these transactions on your terminals. Graphics on where the card should be held, for how long, and what to do if something goes wrong are vital. It’s common for customers to have problems with their first attempts at contactless payment, but once they are used to it these problems go away. Helping them through these first steps is essential if your contactless deployment is to work.
You should also help customers in understanding the security provided with a contactless payment, that there are security features that authenticate the transaction at the card level as well as backend fraud detection mechanisms. If there is a set limit below which no cardholder verification is required, help the customers understand why this is OK, and what to do if they exceed this limit.
Ultimately, the goal is education and providing a way for customers to ‘try’ out their cards. Contactless has been so successful in many geographies because it is easy, quick, and secure. A major challenge in the US market is the traditional magnetic stripe transactions are already very fast, and this has often lead to a view that EMV is too slow. Additionally, many merchants have recently invested considerable amounts in contact EMV infrastructure, and the costs for additional terminal updates and staff training can be hard to swallow.
However, in a world where many customers want to be as hands-off as possible with their purchases, and where there are increasing options for payment through mobile apps, providing customers with their preferred payment options in a secure and reliable way is just good business.