Paying with your cell phone or contactless bank card has become an automatic gesture for millions of consumers. The speed, convenience and no need for physical cash or frequent PIN entry have made contactless one of the most used payment methods on a daily basis. However, recent investigations raise doubts about the robustness of this system, warning of vulnerabilities that could put money at risk.
The topic gained new prominence after the release of a study conducted by teams from the University of Surrey and the University of Birmingham, in the United Kingdom. According to Executive Digest, a website specializing in economics, researchers identified technical flaws that could allow unauthorized payments to be made, including high-value transactions, without the user immediately realizing it.
Although gross programming errors are not at stake, the study points to weaknesses resulting from the increasing complexity of electronic payment systems and the way in which new functionalities are integrated.
The contactless system is based on NFC technology, which stands for Near Field Communication. This technology allows bank cards, smartphones and other smart devices to communicate with payment terminals through simple proximity, without the need for direct physical contact.
In practice, it is no longer necessary to insert the card or enter the PIN code in all transactions. In many cases, simply bringing your card or cell phone to the terminal is enough to complete the payment. So-called digital wallets, integrated into smartphones, further reinforce this facility.
As the publication explains, this evolution brought clear gains in terms of convenience, but also increased the surface area of exposure to security risks.
What the investigation revealed
The study by British universities concluded that some features introduced to improve the user experience may weaken certain protection mechanisms. Among the aspects identified are the possibility of making payments even without connecting to the network, transactions carried out without unlocking the cell phone and differences in the rules that determine when the PIN must be requested for higher value purchases.
According to the researchers, these options, designed to make the system more fluid, can be exploited to circumvent existing security controls.
Fraudulent payments above usual limits
During the tests carried out, the team was able to demonstrate several misuse scenarios. According to the same source, it was possible to induce terminals to accept credit cards in situations where they should only allow payments via mobile phone.
More worryingly, researchers were able to process payments above defined contactless limits, without any biometric verification or PIN entry. In one of the examples cited, a terminal accepted a fraudulent transaction worth 25 thousand pounds.
“Convenience cannot compromise security”
Ioana Boureanu, director of the Cybersecurity Center at the University of Surrey, emphasizes that speed and simplicity should not be achieved at the expense of protecting users. Cited by , the researcher states that the pressure to launch new features can lead to dangerous compromises.
Despite recognizing that the sector has been implementing improvements, he argues that there is still a lack of technical coordination between the different players in the payments ecosystem to avoid the creation of new fraud opportunities.
Systemic failures, not negligence
The study authors are keen to clarify that the vulnerabilities identified are not the result of direct negligence on the part of companies. Tom Chothia, another of the researchers involved, explains that complex systems like EMV, which involves networks like Visa, Mastercard and others, can develop unexpected failures when new functions are added independently.
According to the publication, the conclusions were communicated to the relevant entities in 2024 and some solutions have already begun to be discussed and implemented.
The study does not suggest that all contactless payments are compromised, but it does show that the security of these systems depends on a delicate balance between ease of use and control mechanisms. In a context in which physical money is losing ground and digital payments are gaining ground, experts advocate greater technical vigilance and constant updating of safeguards.
For consumers, the message is cautious: contactless remains practical and largely safe, but it is not foolproof. Paying attention to account movements and conscious use of security options remain essential.
Also read:
