Contactless payments with credit & debit cards have taken off in the last few years. It's an quick & easy method for small purchases, and for many people is often preferred to cash.
Myths and worries about the security of these cards have grown almost as fast as their usage. Because you only need to touch a card reader to make a payment, can criminals really steal your money by simply walking past or bumping into you on the bus?
Whilst there's a theoretical risk, the reality is that contactless cards are very safe.
The card needs to be extremely close to a reader for payments to register (so there's no risk of accidentally paying for anyone else's shopping!), with other safeguards ensuring it only works under specific conditions. Plus, in order to collect money, any would-be thieves would need to register a card reader & a retail account, and could therefore be easily traced.
Another myth is that card readers can obtain your personal details even if no money is taken. Again this isn't true - when a card touches a reader only the card number & expiry date is sent, never the security code or anything personal such as your name or address.
So are there any risks with contactless cards?
The main risk with contactless cards is physical theft. Should a thief get hold of your card they could easily use it for small payments without needing to know a pin or forge your signature. This is no different to any cash that was in your wallet, although you stand more chance of getting your money back for unauthorised card transactions than you do for any lost cash.
If you lose your card then report it to your bank immediately, and check your card statements for any unexpected payments.
The other risk is that of card clash. This is where the reader detects more than one card, for example if you touch your whole purse to the reader. In these cases the reader may simply not work, or it may take the strongest signal - which might not be the card you'd wanted to pay with. Avoid card clash by taking the card you want to pay with out of your purse to pay.
Apple, Android, & Samsung Pay
Just a few years ago paying with a mobile phone may been the stuff of science fiction. Skip forward to today though, and it's now routine.
Whether it's Apple Pay, Android Pay, or Samsung Pay, the concept is the same. A user enters their payment details ahead of time, and when they want to pay, they simply hold their phone (or even their watch) against a reader at the till. Money is then taken from the registered credit card.
How safe are mobile payments?
In theory mobile devices are actually a very safe way to pay, for a couple of reasons.
One of these is that your card data is never sent to the retailer, nor is it even stored on your phone. Instead your card number is "tokenised" and converted to random digits which are used to identify your account for taking payment. This prevents thieves from being able to steal your actual card data.
The second reason is that, before any payment can be made, you often need to first prove your identity. This might just mean unlocking your phone, or it could involve an extra PIN or a quick fingerprint or facial recognition check. This helps to prevent stolen devices from being used for payments - unlike with contactless cards where no identity checks are done.
There are (as always!) some exceptions to this though. For some banks Android Pay only needs the screen to be active (not unlocked) in order to make a low value payment, whilst some watches will also work without needing any extra user input. Apple also allow contactless payments to be made with the iPhone on some metro systems, such as the London Underground, without any user action needed. Despite this there are security checks going on in the background to help maintain the security of the system.
So what do I need to know?
The main risk to consider is a thief getting hold of your phone - you need to stop strangers from being able to make any payments from it. Make sure you enable a strong identity check for unlocking your phone (don't use an obvious PIN like "1234"!), and set it to require a PIN or fingerprint / facial recognition check for payments wherever this might only be optional.
My phone has been stolen. Now what?
You should remotely disable payments as soon as you can and report the loss to your bank. This is straightforward to do - see our guide for what to do if you lose your phone. In addition that page contains other useful tips too, for example how you might be able to locate it or remotely wipe it's contents.
PayM is a UK specific system that allows money to be sent using just a phone number.
It's like transferring money from your banking app as normal, except that instead of having to remember the bank details of the payee, you just use their phone number instead (they'll need to have registered for PayM too).
What if I enter the wrong number?
PayM makes sending money to the wrong person unlikely. You're asked to confirm the name of who you're sending money to before sending it, plus you can often also select the recipient directly from your phone's contact list, thus reducing the risk of any typing errors.
If you do ever accidentally send money to the wrong number then your bank can advise what you can do. Remember too that if the person you accidentally sent the money to hasn't registered for the service then the payment won't go through anyway.
Digital Wallets (sometimes called e-wallets) are effectively a form of alternative bank accounts - they're virtual wallets that you can store money in for making online payments easier.
PayPal is probably the best known one but there's many others too, such as Skrill & EcoPayz. And whilst many digital wallets are accepted at a whole range of different retailers, some are 'closed wallets' tied to specific stores - Starbucks' loyalty card for example is a wallet that can only be spent instore.
Some wallets can even store cryptocurrencies (such as Bitcoin) in addition to regular cash.
How safe are these services?
With all digital wallets the security risks are similar to those of any website. You'll need to make sure you use strong passwords, and keep your computer secure with an antivirus program and regular patching. Be aware too of phishing attempts that try to fool you into handing your details over to criminals.
Another consideration with digital wallets is that you often have less legal protection than credit or debit cards. With those you're often covered by your bank in case of any fraud, but this is not always true of digital wallets.
It's also worth checking the withdrawal policy of any wallet before paying into it. Taking cash back out of some of them is either not possible (this is often true of those tied to specific stores) or can attract high fees to do so.
Cryptocurrencies, such as Bitcoin, have hit the headlines in recent years with their rapid gains in value - anyone purchasing just $10 Bitcoin in July 2010 would have been a double millionaire by December 2017. It's not just Bitcoin either; many other cryptocurrencies have also seen phenomenal gains (and losses) during their short lives.
But what are cryptocurrencies?
Whilst Bitcoin is undoubtedly the best known, there are over 1,000 other cryptocurrencies in existence. These are all essentially virtual currencies - money you can't physically touch but which exists in computers, all based on a technology called 'Blockchain'. At their core they're distributed money schemes (there is no central authority like a bank) based on complex mathematics that controls the supply and exchange of the currency.
How do I buy and sell them?
A Bitcoin ATM
Cryptocurrencies are often bought and sold at online "Exchanges", a bit like getting foreign currency for your holiday. You can also acquire "coins" by downloading special software to "mine" them - in other words, allowing your computer to do some work on behalf of the cryptocurrency community (such as helping authorise transactions) in exchange for some of the currency.
In recent times some entrepreneurs have even started to create high street ATMs for Bitcoins. These kiosks will exchange Bitcoins for cash, handing out Bitcoins either on a paper receipt or electronically adding it to your account ("wallet").
So what do I need to know?
Cryptocurrencies are still young & rapidly evolving. Whilst many people have made a fortune through speculating on the currencies, the exchange rates are extremely volatile and any trading is a big risk - many cryptocurrencies are being hyped by dealers to push up the price even though they have no realistic future. Some Exchanges and online wallets have also been famously hacked, losing some cryptocurrency owners their fortunes.
If you do decide to enter the cryptocurrency market then make sure you protect your coins - these are effectively just bits of text and need protecting like any other information.
- Do your research! With wild valuations cryptocurrencies are naturally attracting many criminals. Learn all about cryptocurrency before investing and, if you do, then research everything you do. Make sure that any 3rd party service or product you use (such as any exchanges or wallets) are legitimate and not a scam.
- Keep any large amounts offline: Physical wallets, such as the USB-based Trezor or the Ledger Nano S, are useful for keeping your coins off the internet and away from some of the main threats. You can then keep smaller amounts of currency on a normal wallet for spending with.
- Store private keys seperately: With your private key a hacker could do whatever they want with your coins. It might be inconvenient, but it's good practice to remove your private keys from your wallet and store them seperately. Always encrypt them wherever they're stored!
- Always backup: Have at least one offsite backup of your wallet - if your computer fails or your house burns down you want to be able to get at your money still! Remember to always encrypt the backups with strong encryption and protect your passwords too.
- Practice good computer hygiene: Reduce the risk of a virus stealing your currency by keeping your computers regularly patched and installing some good antivirus software.
- Use 2 Factor Authentication: If you use any online wallets then always choose strong passwords and use 2 Factor Authentication.