With the Covid-19 pandemic accelerating consumers’ use of contactless cards and mobile wallets, merchants can expect hackers to target contactless transaction data at the point-of-sale, says Ruston Miles, founder and advisor at Atlanta-based Bluefin Payment Systems LLC.
The main point of vulnerability in a contactless environment at the physical point-of-sale is the firmware in the POS terminal that encrypts card data, says Miles. Many merchants do not use point-to-point encryption (P2PE) solutions to safeguard card data at the POS, ensuring it remains secure until it reaches its final destination. Instead, many merchants accepting contactless payments rely on transmission-level encryption, which encrypts card data only as it moves from the POS terminal to the processor, Miles says.