Mobile Contactless Cards & Payment Technology – How It Works, Pros & Cons

According to a 2014 Gallup survey, 71% of Americans have at least one credit card – there are 2.6 active credit cards in circulation for every American man, woman, and child, including those who don’t use them. Americans who do use credit cards have an average of 3.7 active cards each. And that figure doesn’t account for bank-issued debit cards and prepaid debit cards, which leverage the same payment networks (such as Visa and MasterCard) as many credit cards.

Though the Gallup survey actually indicates that overall credit card usage is on the decline and that committed card users are becoming more judicious, credit and debit cards aren’t going anywhere in the near future. In fact, payment card technology is changing in a big way thanks to mobile payment systems – also known as contactless or mobile tap-to-pay systems.

Mobile payment systems securely store credit and debit card information, allowing smartphone-wielding consumers to securely pay for in-store purchases with those cards simply by waving (or tapping) their phones in front of special radio frequency readers. Older contactless payment systems, which remain in limited use, store payment information on key fobs or special cards that can communicate with these readers – though adoption of phone-based systems is rapidly rendering these arrangements obsolete.

Contactless tap-to-pay systems also facilitate online payments from mobile and desktop devices. The experience is similar to Amazon’s one-click, stored credit card checkout system. Merchants that accept contactless payments online and in-store usually display a generic contactless payment logo (which looks like a WiFi signal symbol) in store windows, at physical payment terminals, or on online checkout pages.

Mobile contactless payment systems offer notable benefits, such as multi-layered security protections and the convenience of carrying fewer plastic cards. Drawbacks include incompatibility with older phones and uneven adoption by merchants and card issuers. Popular mobile payment systems available in the United States include Apple Pay, Android Pay (formerly Softcard), and Samsung Pay. If you own a smartphone, why not try one out and trade in that routine swipe for a gentle tap or wave?

How Mobile Tap-to-Pay Systems Work

Near-Field Communication Technology & Readers

Mobile tap-to-pay systems rely on near-field communication (NFC) technology, which utilize very short-range radio signals – they’re effective up to about 20 centimeters, but only work optimally within a four-centimeter range – to rapidly transmit data during in-store payments. NFC technology has a wide range of uses, from contactless transit passes and security keycards (proximity cards), to “bootstrapping” devices that boost WiFi network bandwidth and power.

NFC technology isn’t revolutionary – it draws on decades of radio spectrum work. However, it’s more useful than many other types of radio signal solutions because its standards are strictly controlled by the NFC Forum, a consortium of more than 150 manufacturers and service providers that rely on NFC technology. NFC signals also have some general technical advantages over other forms of short-range radio communication, such as WiFi and Bluetooth.

Although closed proprietary NFC systems aren’t uncommon in high-security applications, consumer systems are generally open, meaning they adhere to NFC Forum standards. Open systems permit communication between any NFC-enabled devices (including many smartphones produced since the early 2010s) using NFC Forum standards. Contactless payment technology wouldn’t be possible without special pieces of equipment called “NFC readers” – compact, inexpensive terminal devices that merchants use to accept secure NFC payments from customers’ phones.

Stored Payment and Loyalty Cards

Mobile tap-to-pay systems aren’t bank accounts. They don’t hold cash balances of their own, though they’re sometimes paired with digital wallets with similar features – as is the case with Android Pay, a mobile payment system, and Google Wallet, a digital wallet that holds actual cash.

Instead, tap-to-pay systems securely store debit and credit cards for on-demand use. Once you download the payment system app (if it doesn’t come preloaded on your phone, as is sometimes the case), you can add as many cards as you like. Most systems require you to take photos of the front and back of each card, plus answer questions to verify your identity. The first added card usually serves as the default, though it’s easy to change this.

Most mobile tap-to-pay systems store and sync with store loyalty cards and electronic coupons as well. The procedure for adding loyalty cards and coupons may vary from that of payment cards, but the end result is the same: Once the card is stored in the system, you can use it at will.

Compatibility and Necessary Hardware

To add a payment card to your mobile payment system and use it at a particular merchant, two things need to happen: The card’s issuer (Visa, MasterCard, etc.) must agree to work with the payment system (Apple Pay, Samsung Pay, etc.), and the merchant must have a working NFC reader (also called NFC terminal) – or, if online, accept your chosen mobile payment system.

Platform-Issuer Compatibility
Compatibility varies somewhat by platform. Although most major card issuers and payment processors partner with most mobile payment platforms, there are exceptions. For instance, Apple Pay wasn’t compatible with Discover cards until late 2015. Additionally, arrangements between card issuers and payment platforms are subject to interruption or discontinuation at any time due to corporate disagreements, meaning tap-to-pay users need to keep one eye on the news.

Store loyalty cards present separate challenges that don’t fatally impact payments, but still inconvenience users. Some mobile payment systems, such as Apple Pay, aren’t compatible (or have limited compatibility) with store loyalty cards. Others sync seamlessly with loyalty cards, automatically conferring discounts and accruing loyalty points with relevant merchants.

NFC Reader Availability and Online Acceptance
The NFC reader issue is more straightforward. NFC terminals are relatively inexpensive – they generally cost less than $50, and some payment platforms actually give them away for free. Because mobile payment systems want merchants to adopt, accepting contactless payments doesn’t cost the merchant anything beyond the credit card’s standard interchange fee (usually 2% to 3% of total transaction value).

Syncing NFC readers with store point-of-sale systems isn’t difficult either. And accepting mobile payments for online purchases is as easy as taking a few minutes to download the mobile payment system’s free software and creating a free merchant account.

On the other hand, many merchants with physical stores are understandably hesitant to deploy a new, unfamiliar payment technology – particularly when many customers continue to use traditional credit cards. However, the adoption of EMV (chip-and-PIN) “smart” cards, which use similar contactless technology bundled into many existing NFC terminal models, is likely to speed adoption and broaden mobile payment compatibility in the years ahead.

woman making a contactless payment with her smartphone

Payment Procedure

In-store contactless payment is very convenient. Though functionality varies somewhat by system, you usually just need to unlock your phone, open the payment app (which you can keep open if you’re running multiple errands), pass it within an inch or two of the NFC terminal, and possibly confirm your identity by entering a PIN or scanning your fingerprint. If you want to change your payment method from the default card, just go into the app and select from your stored card menu before completing payment. For online purchases, select the appropriate contactless payment system from the payment options menu and complete checkout as normal.

In both cases, your stored card is charged as it would be had you swiped it through a magnetic reader or entered the number online. You still receive statements from your issuer and make payments according to the normal schedule. You also automatically receive points or perks specific to the card – for instance, cash back rewards on qualifying purchases.

Security Features & Vulnerabilities

Although no electronic payment method is totally secure, mobile tap-to-pay systems have multiple layers of security that reduce the risk of theft and fraud.

Data Encryption & Masking
Virtually all mobile payment systems use complex methods to obscure actual credit card numbers and other sensitive information. In other words, when you add your credit card to your Apple Pay or Android Pay account, you’re not simply uploading it to the public Internet for hackers to steal at will.

Contactless payment systems mask real credit card numbers with a special token known as a device account number (DAN). The DAN contains information that identifies both the mobile device used for payment and the payment card itself to the NFC reader in a way that makes no sense to an electronic thief. Thus, mobile payment systems never actually transmit credit card numbers over the Internet.

The weakest point in this arrangement is the initial setup phase – the split-second after you upload images of your card to your mobile payment system account and before the system creates a DAN for it. Ars Technica notes that Apple Pay users’ unencrypted card numbers are visible during this period, and can therefore theoretically be stolen by sophisticated hackers. This is a vulnerability, but not a grave threat – in terms of likelihood, it’s akin to the person behind you in the checkout line stealing your credit card number by snapping a photo of the card as you swipe.

Dynamic Security Codes
For added fraud protection, each mobile payment transaction also includes a randomly generated, transaction-specific security code that functions like the CVV number on the back of your credit card. The transaction doesn’t complete unless the DAN and security code can be authenticated.

The system works in such a way that the DAN-code combination is always unique and must originate with the specific device involved in the transaction. This means that it’s virtually impossible for someone to make a fraudulent transaction by stealing a contactless payment system user’s DAN – the actual device denoted by the DAN, along with the randomly generated transaction code, is required to verify and complete the transaction.

Device Lock/Lost Mode
Many mobile tap-to-pay systems have device lock or “lost mode” features that prevent unauthorized access to lost or compromised devices. These systems are typically accessible from any Internet-connected device, often through a separate account or folio administered by the mobile payment system’s parent company.

For instance, Android Pay users can lock their devices, freeze their accounts, and remotely wipe any stored information (such as passwords and credit cards) through the Android Device Manager. Apple Pay’s Lost Mode, accessible through Apple’s iCloud, has similar capabilities.

Credit Card Fraud Protection
Mobile payment platforms don’t typically have their own fraud protection policies, though they generally have staffers who assist with fraud claims. However, using a credit or debit card on a mobile payment platform doesn’t negate the card issuer’s own fraud protection policy. So if a criminal makes fraudulent charges on your Chase Sapphire card through your Samsung Pay account, the team at Chase will investigate and issue a refund if appropriate.

Additional Protections
Security protections vary somewhat by payment system, and some have downright futuristic features. For instance, Samsung Pay has a biometric security feature – a fingerprint reader – that effectively prohibits anyone other than the platform owner from using the stored cards.

Other mobile payment systems utilize retina scanners and heart rate monitors for identity verification or fraud detection. As biometric technology and data encryption techniques improve, new protections are likely to make their way into existing and future contactless payment systems.

Contactless Payment History & Technology

NFC Technology’s Origins & Early Contactless Payment Systems

Near-field communication technology arose out of early work on radio frequency identification (RFID) technology, which used patterned radio signals for communication and product identification. According to Google Patents, the first RFID patent was filed in 1983 by American scientist Charles Walton. RFID didn’t gain traction in consumer applications until the late 1990s, when a variation on the technology was incorporated into a line of “Star Wars” dolls manufactured by Hasbro.

Around the same time, Mobil introduced Speedpass, an RFID-enabled keychain fob that allowed members to pay at the pump without swiping a credit card. Speedpass, which still exists in modified form, is a proprietary, closed-loop (merchant-specific) system that essentially functions as a store credit card.

In the following years, similar merchant-specific systems proliferated in the United States and elsewhere. However, due to the fragmented nature of store-specific payment options, they never really emerged as an alternative to magnetic-stripe credit cards.

man making a contactless payment with his mobile phone

NFC Forum’s Origins

Although the systems used by Hasbro and Speedpass were technically similar to future NFC systems, strict standards for NFC technology weren’t released until 2002. That year, Sony and Philips – two of the world’s largest electronics companies at the time – entered into a strategic partnership to develop a short-range communication system in the 13.56 MHz spectrum band.

According to a Sony release, the new system was designed to facilitate “the transfer of any kind of data between NFC-enabled devices such as mobile phones, digital cameras, and PDA’s, as well as to PCs, laptops, game consoles, or PC peripherals, across a distance of up to 20 centimeters… at speeds fast enough to transfer high-quality images.” The partnership integrated two predecessor technologies – Sony’s FeliCa and Philips’ MiFare – that were sporadically utilized at the time. This partnership attracted other major partners, such as Nokia, and led to the founding of the NFC Forum in 2004.

Early Multi-Merchant Contactless Payment Systems

The adoption of NFC standards made multi-merchant contactless payment systems practical. In the United States, one of the earliest multi-merchant systems was MasterCard’s PayPass, which trialed in Orlando, Florida, in 2003. PayPass allowed users to complete contactless payments by touching special key fobs or credit cards with embedded transmitters to NFC terminals.

During the 2000s, MasterCard’s competitors deployed similar systems, such as American Express’s ExpressPay and Visa’s payWave. Due to security and functionality issues, as well as limited merchant adoption of NFC readers, these systems remained niche-bound for the 2000s and early 2010s.

NFC Phones & Global Contactless Payment Adoption

Mobile payment systems hit their stride as NFC-enabled phones became more common. Nokia released the first NFC phone, a clamshell device without many features common to modern smartphones, in early 2006. More sophisticated devices followed, and proved particularly popular in Europe and Asia. The first Android phone with NFC capabilities came out in mid-2010. The first NFC-enabled Apple smartphone, the iPhone 6, didn’t appear until September 2014.

According to Deloitte, there were between 600 million and 650 million NFC-enabled smartphones in global circulation at the end of 2015. Not surprisingly, mobile payment system adoption is accelerating in many parts of the world.

In 2014, MasterCard reported that the Asia-Pacific region saw a 49% boost in contactless payment volumes from the prior year. In Hong Kong, volumes quadrupled from 2013. And in Australia, two-thirds of all in-store MasterCard transactions were contactless in 2014.

However, in the United States, mobile payment systems have been relatively slow to catch on. Visa Europe estimates that the United Kingdom had 2.6 million contactless terminals in active use in July 2015. By contrast, the United States – with nearly six times the population – had about 700,000 mobile payment terminals.

Complementary Payment Systems & Technologies

Mobile tap-to-pay systems have a number of kindred spirits in the payment world. With these similar or complementary technologies, merchants and consumers can exchange money without using paper cash or magnetic stripe cards. Along with mobile tap-to-pay systems, they form the basis of the emerging post-cash, post-magnetic stripe payment economy.

  • EMV (Chip-and-PIN) Payment Cards. Also known simply as “smart” cards, EMV (“Europay, Mastercard, and Visa”) chip-and-pin cards store sensitive data on integrated circuits embedded within the cards themselves, not magnetic stripes on card exteriors. EMV cards come in two forms: contact and contactless. Contact card users “dip” – insert and hold – their cards into a reader, then enter their PIN to complete the transaction. Contactless card users tap their cards to an NFC reader and enter their PIN. Both EMV card types are compatible with mobile tap-to-pay systems – you can add them to Apple Pay, Samsung Pay, Android Pay, and other systems, just like magnetic stripe cards. In 2014, EMV cards – popular for years overseas – began phasing out magnetic stripe cards in the U.S., though most newly issued credit cards continue to have stripes for compatibility with older readers.
  • Digital Wallets. Digital wallets function as simple, virtual bank accounts whose users can send, receive, and spend money online. Google Wallet and PayPal are popular examples of digital wallets. Some digital wallet systems, such as Google Wallet, sync with mobile tap-to-pay systems to facilitate in-store purchases – for instance, you can add your Google Wallet account to your Android Pay account and pay in-store with your phone. Others, such as PayPal, aren’t compatible with mobile tap-to-pay systems and thus require magnetic stripe or EMV cards (PayPal has multiple credit cards) for in-store purchases.
  • Cryptocurrency. Cryptocurrencies, such as Bitcoin, are digital alternatives to fiat currencies issued by national governments. They’re governed by complex algorithms and codes that control their supply and ensure that they can’t be duplicated, thereby supporting their value. There’s no such thing as a physical cryptocurrency coin – all storage and exchange takes place in a dispersed cloud network. However, digital currency exchanges allow holders to exchange them for dollars, euros, and other fiat currencies. Growing numbers of popular merchants, including Newegg, Overstock, and Target, accept Bitcoin, while competitors such as Ripple and Litecoin are gaining traction.

bitcoin payment made on a smartphone, photo by Roman Pyshchyk

Advantages of Mobile Tap-to-Pay Systems

1. Reduced Need of Plastic Cards and Bulky Wallets

Mobile tap-to-pay systems are lean and convenient, requiring only an NFC-enabled smartphone (or, for older, store-specific systems, a special fob) to work. If you know that every merchant on your daily errand run accepts contactless payments, you can leave your wallet at home and bring only your phone – or use a slim phone wallet that has room for your phone, driver’s license, a small amount of cash, and a handful of other cards. Either way, your physical burden is substantially reduced.

2. Generally Better Security Protections

Tap-to-pay systems have multiple layers of security. While they’re not infallible, and are particularly vulnerable during the setup phase, they’re less susceptible to theft and fraud than traditional magnetic stripe credit cards. When paired with an RFID blocker belt to deter wireless theft (a common type of theft abroad), tap-to-pay systems are difficult for even the most sophisticated criminals to crack.

3. Some Systems Sync With Store Loyalty Programs

Most mobile tap-to-pay systems sync with store loyalty programs, automatically conferring discounts and loyalty points at the point of sale. This further reduces the need to carry special loyalty cards or tags in your wallet or keychain, and removes one more logistical worry (forgetting to use your loyalty card) from your shopping routine.

4. No Added Fees for Merchants

Merchants who accept contactless payments aren’t burdened with additional fees. They pay the same credit card interchange fees required of a normal credit card transaction – usually 2% to 3%. In other words, there’s no financial disincentive for merchants to accept tap-to-pay payments.

By contrast, Square, PayPal, and some other digital payment processors charge fees of their own – up to 3% – in addition to credit card interchange fees, for a total merchant cost of up to 6% of transaction value.

5. Measurably Faster in Some Situations

Contactless payment systems undeniably save time in certain situations. It’s no accident that a gas station operator – Mobil – deployed the United States’ first contactless payment platform. Walking into the station to physically pay the clerk is time-consuming, and pay-at-the-pump magnetic card readers are clunky – often requiring multiple swipes due to the peculiar insert-and-remove motion, and usually requiring you to enter your ZIP Code as well.

By contrast, a system that allows you to tap your phone to a reader one time and then get on your way is much more convenient. Other payment locations in which tap-to-pay is noticeably faster include automatic vending machines (for food and disposable items, for instance) and transportation ticket kiosks, whose card readers usually resemble pay-at-the-pump readers.

Disadvantages of Mobile Tap-to-Pay Systems

1. Uneven Merchant Adoption

U.S. merchants have been slow to adopt mobile payment systems. According to Visa Europe, the U.S. had fewer than one million NFC terminals in mid-2015 – less than one for every 300 inhabitants. While the rise of contactless EMV cards likely marks a permanent turning point in NFC reader coverage, early tap-to-pay adopters continue to be frustrated by spotty coverage, particularly among independent merchants.

2. Technological Limitations

Mobile tap-to-pay systems don’t require a lot of hardware to work properly – but they do require NFC-enabled phones. People who don’t have smartphones, or those whose smartphones can’t recognize NFC signals, can’t participate in the mobile payment revolution. Users of wearable technologies, such as the Apple Watch, also face challenges – for example, Apple Watch works with Apple Pay, but not with any other tap-to-pay system.

3. Increased Reliance on Phones

The convenience aspect of tap-to-pay systems has a downside. For people who rely solely on their phones to make in-store purchases, and therefore leave their plastic at home when running errands, the loss (temporary or permanent) of a phone is akin to the loss of a wallet. Even if you’re confident that every merchant on your daily errand list accepts tap-to-pay, carry a backup card or two and keep it separate from your phone.

4. Uneven Employee Familiarity and Knowledge

Every mobile tap-to-pay system functions a bit differently. Novice employees and merchants who’ve just begun accepting tap-to-pay transactions often struggle with basic system functionality. If something goes wrong, such as a faulty Internet connection or malfunctioning piece of hardware, even basic troubleshooting is likely beyond them. According to Ars Technica, 42% of Apple Pay users said store employees were unable to assist with platform issues.

5. Potential for Limited International Availability

Although contactless payment systems are more popular in Asia and Europe than in the United States, U.S.-based systems (including Android Pay and Apple Pay) aren’t necessarily accepted overseas – despite the fact that NFC standards are the same pretty much everywhere. If you plan to use your credit cards abroad, even in Mexico or Canada, bring the cards themselves – and remember that you’re likely to face foreign transaction fees.

nfc watch contactless payment

Final Word

Technological change is accelerating before our eyes. Millennials have never known a world without increasingly powerful, increasingly plentiful personal computers. Gen Z-ers – people born after 2000 – have never known a world without on-demand broadband Internet access.

Automation has revolutionized the manufacturing and automotive industries. Advances in genetic screening and therapies have done the same for healthcare. Advances in sustainable power generation and battery storage mean that a future in which fossil fuels no longer dominate electricity production and transportation is within humanity’s grasp. And nanotechnology could soon unlock solutions that we can barely conceive at present.

For many, the pace and implications of this change are unsettling. Many economists believe that automation and artificial intelligence bode ill for millions (perhaps billions) of human workers. Philosophers warn of the dangers of on-demand access to physical goods and information, as well as the lack of privacy inherent in the Internet’s ever-increasing social plumbing.

It’s no surprise, then, that many Americans are wary of technology. According to Pew, 36% of Americans shunned smartphones in mid-2015 – either by choice, or because they couldn’t afford the technology. These folks can’t participate in the mobile payments revolution. If you’re one of them, the good news is that traditional card payment terminals will persist for the foreseeable future. However, it’s worth asking what else those who tread cautiously around new technologies – often for very legitimate reasons – stand to miss out on in the coming years.

Do you use mobile payment systems like Apple Pay, Android Pay, or Samsung Pay? How does the experience compare to using a plastic credit or debit card?