People buy products and services for various reasons and needs, and even if everyone has a different taste and seems so different, they have at least two things in common when they buy something: the payment methods they use to pay those goods and the fear they experience to get their payment cards and money stolen.

payment-cards-contactless-method-2025

This is not the right place to talk about the importance of money and its role in the society – even though it would be a very interesting discussion – but we should definitely talk about the security of the continuously growing amount of payments that every day we complete to purchase anything we want, wherever we want (the image above shows the number of payments pro capite in the UK, per month and per payment method).

I have recently read a summary recently written by Payments UK, an organisation that publishes every year a number of interesting reports about payment behavior of UK consumers. The reports are based on the current payment landscape and “definitive industry data”. The most common purchasing methods nowadays are cash, cards, cheques and electronic payments.

The ambition of this report is to show trends in the type of payments used by individuals and companies. In particular, the authors of this paper are trying to figure out how the UK payment landscape will look like in 2025.

How are we going to buy in 2025?

The first data element that is important to keep in mind is that “each minute in the UK in 2015, over 72,000 payments were made by consumers and businesses”. This makes a total of more than 38 billion payments over the year. By breaking down the available data, the study shows an average total of 55 payments per month per person during 2015. 27 of those payments were completed using cash – which has most probably been taken from an ATM – and 16 by card.

Of the 55 payments per month, only 2 payments were made using Contactless Cards. While this may look like a very small number, we should keep in mind that the contactless technology and the NFC (Near Field Communication) one - also used to make payments - are quite new and many consumer still didn’t get used to them.

2015 saw a significant fall in the use of cash. Less than half of the payments completed during the year were made using cash. This is a trend that will continue over the next ten years. It is expected that only 27% of all payments will be completed using cash in 2025.

Another basic but very important concept to keep in mind is that “nine out of 10 of all payments in the UK in 2015 were made by consumers”. We know that 9/10 of UK consumers have a debit card and 6/10 have a credit card. This is generating a continuous growth in payment by card. During 2015 this type of payment grew of 10% compared to the previous year.

“The growth in debit card usage in particular is due to the majority of people now holding these cards and being comfortable using them. Retailers, including smaller local shops, have become more likely to accept card payments, and the continued expansion of online shopping has driven growth in card payments.”

What are the risks related to face-to-face payments?

While it is possible to pay for products and services online (through websites or using mobile applications that often hold the payment data that we have previously inserted in them), many of the payments completed through a payment card still happen in a so called “card-present” fashion. The consumer hands a credit or debit card to a cashier, sometimes inserts it directly inside a PoS device (point-of-sale devices, PEDs, Standalone Dial-Out terminals etc..), some other times the payments are completed by simply getting a mobile phone next to the point-of-sale device.

This is clearly a delicate operation, but we carry it in total nonchalance. Think about your daily life, when you pay for your dinner at a restaurant for instance, and all the risks involved in this simple action.

By the end of 2015 in UK there were 300.000 contactless enabled PoS devices. These are the latest generation payment card-readers, and the implementation will continue every year considering that

“Over the next decade, the number of contactless cards will continue to increase, as will the number of card terminals that accept contactless payments. This includes contactless payments on public transport networks throughout the country. Mobile payment services using Near-Field Communication (NFC), such as Apple Pay, Samsung Pay and Android Pay, will also provide new opportunities for consumers to make contactless card payments, without actually needing to have their plastic card to hand.”

The question now is, how do we keep the devices that allow consumers to pay for services or purchase products, secure?

Keep your devices protected!

You would be surprised to see how easy is to steal personal information from a payment card nowadays. This is why the PCI Council created PCI DSS requirement 9.9 to provide a series of suggestions created by experts of the Payment Security sector to help anyone accepting payments through a debit or a credit card, to protect their customers' data.

So, it is key for organisations that accept payments through cards to protect their devices and inspect them regularly. This applies to Merchants, Franchisors, Retailers and Service Providers directly, but not only. In fact also Acquiring Banks might pay the consequences of breaches. Fines and loss of trust from the consumers, are the major consequences.

if you want to make sure that your PoS devices are protected, you need to recurrently inspect them and look for signs of tampering, manipulation or any other sign of tampering (like the presence of a skimmer). Find the right solution to protect your devices, make your team aware of the risks and involve them in the fight against criminality.

Igor Mancini

Written by Igor Mancini

Marketing Director at Advantio. The articles published in the Advantio Blog have the goal of supporting our mission: making IT Security simple for everyone.

My intention is to discuss IT Security related topics with the eyes of a non technical person, speaking a simple language and trying to show to the readers the benefit of IT Security best practices.