MasterCard Mandate: POS to be Contactless Enabled by 2020

All over Europe, the use of contactless payments is growing. The technology, which works using either NFC (Near Field Communication) or RFID (Radio Frequency Identification) chips and antennas, allows a shopper to simply ‘wave’ their contactless-enabled payment card or mobile device to pay for their goods.  While there are payment thresholds, which limit the amount a shopper can spend (these vary from country to country), the ease of use and the fact that it allows shoppers to leave cash and coins at home for smaller purchases (e.g groceries) has made it increasingly popular.

What Is the MasterCard Mandate?

The MasterCard mandate states that European retailers must ensure that by 2020, all of their point-of-sale (POS) devices are Contactless-enabled. Chris Kangas, MasterCard's head of Contactless payments in  Europe, also says, 

"In 2013 alone the number of MasterCard and Maestro contactless transactions across Europe tripled and the volume spent on those transactions increased four times. Contactless users tell us on social media that they love tapping and want to tap more. Today’s announcement is a much needed stake in the ground, marking the next milestone for contactless.”

The mandate is also widely believed to help the use mobile contactless payments increase as well. Although contactless payments are very much on the rise, many of those payments take place using contactless-enabled cards rather than mobile devices.

What are the risks associated with contactless payments and terminals?

However, while Contactless payments are growing in popularity, that doesn’t mean that they carry any less risks than normal, chip and PIN payments. On the consumer side of things, there have been reports of data being ‘lifted’ from the Contactless payment card without the owner of the card knowing. While this is typically done by getting in close proximity to the card (POS terminals themselves work within approximately 10cm of the card), malicious attackers have manufactured devices that allow them to gain encrypted card details (which they can then use software to decrypt) from several feet away.

On the retailer side of things, there’s also the risk of malicious attackers fitting a part to a terminal (or tampering with an existing one), allowing criminals to intercept any data received via a contactless card. Alternatively, the attacker may find a way to install malicious software that also aims to collect/intercept this data, allowing them to use the information to make fraudulent purchases.

Organizations must keep track of POS security!

That’s not to say that organizations need to suffer many sleepless nights over the security of their contactless point of sale terminals. Zero Risk Pinpoint is one solution that allows organizations to keep track of their terminals, meaning that whether you have 5 or 5000 terminals in use across your organization, you will always be able to monitor their security.

Source: https://www.advantio.com/blog/mastercard-mandate-pos-contactless-2020