Consumer Scams

Tap and Pay Credit Cards

Tap and pay is arriving in the U.S.  A few retailers like Costco have already instituted “tap and pay” service. To make a purchase, you simply tap your credit card on the card reader, and, voila!  Your purchase is complete.  There is no wait for the card to go through and nothing to sign.  Canada, the United Kingdom, and parts of Europe have been using tap and pay systems for several years, but the U.S. has been slower to embrace the technology.  Yet, analysts expect contactless credit and debit cards to become commonplace in the U.S. over the next 3 years.

How do Tap and Pay Cards Work?

There are three basic types of credit and debit cards.  The oldest technology is the magnetic strip card that you swipe through a card reader.  The card terminal reads the magnetic strip and transmits your card data to the processing company.  You then sign for your purchase.  This type of card takes longer than the others to transmit data and complete a purchase.

The second type of card has an EMV chip in it.  (EMV stands for Europay, Mastercard, Visa, the companies who sponsored the technology).  These are the cards that have taken over the market in the U.S. in the past few years.  The card has a small, silver or gold rectangle on the front, left side of the card.  With EMV cards, you insert the card into a slot in the terminal and wait until the reader signals you to remove the card.

The new “tap and pay” or contactless cards use a combination of an EMV chip combined with a contactless chip and a RFID antenna.[1]  When you tap your card, the antenna transmits a cryptographic code that is unique to your card and the transaction. While a transaction using an EMV chip card takes about 30 seconds to go through, a contactless payment is complete in less than half the time.  The card must be either tapped on the terminal or placed within close proximity to the reader – normally 2-3 inches from the scanner. The technology is very similar to that used in cell phone apps for contactless payments.  With digital wallets (cell phone tap and pay applications), a pair of chips is used.  One chip locates and encrypts the credit card information on your phone.  The second chip is a “near field communication chip” that sends the card data to the reader to enable the transaction.

Contactless cards are designed primarily for small purchases.  Because of the speed, the intent is that these cards be tapped to quickly pay for coffee, mass transit, entrance to movies or sporting events, or a quick sandwich.  The anticipation is that many merchants will still require a chip and signature transaction for large purchases.

Why Has the U.S. Been So Slow to Adopt Tap and Pay Cards?

Canada, Great Britain and most of Europe have been using tap and pay credit and debit cards for several years.  Tap and pay has overtaken all other payment options for Britain’s subway system.  Yet, the technology is only beginning to be used in the U.S.  Unless they have a Costco credit card, most Americans don’t even own a tap and pay credit card.  Why is the U.S. so far behind the curve on this technology?

The answer lies with the complexity of our banking system.  For instance, Canada has 10 major banks.  In contrast, the U.S. has 14,000 financial institutions that issue cards.  Canadian banks use only 3 credit card processing companies: Mastercard, American Express, and Interact.  The U.S. banks work with 16 different processing companies.  Manufacturing costs also play a role.  Canada has fewer card users, and Canada opted to skip the first generation of EMV cards and move right to tap and pay technology.  That strategy saved manufacturing costs and allowed for speedy implementation of contactless cards. 

In the U.S., banks, retailers and credit unions spent several years rolling out the EMV cards.  Many retailers who just installed chip card readers in the last 24 months are reluctant to adopt yet another new payment system.  It will require time and money to move financial institutions and retailers to tap and pay.  Analysts predict that by 2021, tap and pay will be commonplace in the U.S.

How Will I Know if My Card is Contactless?

If you have a contactless credit or debit card, the contactless symbol will appear on the back side of the card.

Are Tap and Pay Cards Secure?

Of course, all credit cards are vulnerable to hacking.  Thieves can purchase an application for Android phones that allows them to steal your credit card information from your wallet, purse, or pocket.  The thief can pirate your credit card number and expiration date with this electronic pickpocket application.  The only thing he cannot get is the 3-digit security number on the back of the card.  This Android app is why many experts recommend a protective sleeve for your cards or using one of the protective card wallets on the market.

Of the 3 types of credit and debit cards, the most vulnerable is the magnetic strip card.  It has static information encoded in 3 tracks located within the magnetic stripe. The first two tracks contain your name, credit card number, expiration date and country where issued.  That data is transferred via the terminal to the processing company.  It is easy to see how having all that information embedded in the stripe would make it vulnerable to hacking.  The magnetic stripe on a credit card is basically the same technology as that used in a cassette tape.  It is decades old and easily copied.

The most secure card is the EMV chip card, especially those requiring a pin number to complete a purchase. The EMV chip creates a unique transaction code for each purchase that cannot be copied by hackers and used for later purchases.  The data in the chip is constantly changing and updating.  The chip prevents thieves from coping card data and creating duplicate cards. 

Tap and pay cards, while not as secure as the EMV chip and pin combination, are secure.    Contactless transactions transmit different data than magnetic stripe cards.  The card holder’s name, address and security code are not transmitted.  The account number and a one-time-only code are sent during the transaction.  Also, cardholders normally have zero liability if their card is compromised. 

While the transactions are secure, it is still vitally important to protect both your cards and information from theft.  Keep close track of your credit cards and carefully monitor your credit card statements.  If you find a suspicious purchase, contact the company immediately.  Use credit rather than debit cards for tap and pay purchases.  If your credit card is compromised during a purchase, the bank takes the hit.  If your debit card is compromised, thieves can empty your checking account.       



[1]  RFID stands for Radio-Frequency Identifier.

This website has been prepared for general information purposes only. The information on this website is not legal advice. Legal advice is dependent upon the specific circumstances of each situation. Also, the law may vary from state-to-state or county-to-county, so that some information in this website may not be correct for your situation. Finally, the information contained on this website is not guaranteed to be up to date. Therefore, the information contained in this website cannot replace the advice of competent legal counsel licensed in your jurisdiction.