Is tap to pay safe?

Jul 07 2021 | Julie Warshaw, PayPal Editorial Staff

It wasn't that long ago when the only way to pay with a credit card was to hand it to the cashier. And most of us did so without a second thought. But since the pandemic, avoiding contact with shared surfaces has become a priority for many shoppers.
That's the great thing about touch-free payments–your customers can pay with a scan or a tap, no contact required.

Is a contactless payment safe?

But are contactless payments safe from a security perspective? Many shoppers feel confident paying that way. In fact, approximately one-third of consumers who prefer to pay with contactless methods such as QR codes, contactless credit/debit cards, or digital wallets say they wouldn't complete a purchase if their preferred options weren't available.1 These shoppers see contactless payments as a convenient and trustworthy way to pay, while protecting their financial information.
Let’s take a closer look at how private information is protected during a contactless payment. That way, you can feel confident accepting touch-free payment methods like QR codes, digital wallets, and contactless cards.

Do QR codes contain personal information?

No, a QR code does not contain personal information. One reason a QR code is safe is because it contains a link to your account, rather than the account information itself. When a customer scans your QR code, the code directs them to your account so they can send their payment to the right place. The actual payment information is protected by the same encryption used by the payment app.
In other words, QR code payments sent through the PayPal mobile app are just as secure as other types of PayPal payments. PayPal uses encryption to keep sensitive payment information heavily guarded from start to finish, giving everyone peace of mind.

Is tap to pay safe?

In some cases, tap to pay transactions can be more secure than traditional credit card payments. Let’s take a look at the technology behind them. Contactless payments like tap to pay or digital wallets utilize a wireless, secure connection between a shopper's touch-free payment method and your payment terminal. The customer’s card or device emits a short-range signal that sends a one-time code, also known as a token, to share encrypted payment information with your terminal.
This information doesn't include a customer's account details, like their name, account number, card expiration date, CVV, or PIN. What's more, the token changes each time the customer makes a purchase. That makes tap to pay safer than the old magnetic stripe method, which transmits the same credit card information each time its swiped. Meaning a hacker who steals the information transmitted during a swiped transaction can use it again and again, while the single-use contactless payment token won’t work for another transaction.
While some people worry about their card or phone transmitting their payment data wirelessly, a tap to pay transmission travels mere inches. This makes it unlikely that someone will get close enough to intercept a payment in transmission without you or the customer noticing. The customer must also initiate the payment, making it difficult to send a contactless payment accidentally.

Is a QR code safe for payments?

Using QR codes for payments works slightly differently than other contactless payment methods. Instead of using a chip, customers scan a QR code that you provide at checkout. This QR code is unique to your business and provides a direct link to your payment processor. The customer uses an app like PayPal to scan your code, enters the amount to pay, and sends it directly to your account.
QR code payments also provide an extra level of security that a contactless card lacks. When shoppers use their smartphones to pay you, they can use their phone’s security features to further protect their account information. Depending on the customer’s settings, a would-be hacker may have to unlock the phone using biometric data or by entering a code. The hacker may also need the customer’s login data to even open the payment app.
Users who want an additional layer of security can enable two-factor authentication on their payment apps to create an extra verification step. This helps protects them in the event someone tries to log into their payment app from a different unknown device.

Keeping your QR code safe.

Here are a couple of things you and your customers can do to help make sure their QR code payment is safe.
Check the QR code. While it's almost impossible for a hacker to modify a QR code to send payments to a different account, hackers may try to exploit QR code payments by changing out the QR code completely. This could be by putting a sticker over your QR code or placing fake signage in your store displaying the fraudulent QR code. Keep an eye out for tampering by making sure your QR code signage looks consistent with the rest of your signage design.
Verify the payment. Depending on how accessible your QR codes are, you may want to occasionally scan them with your own smartphone, to make sure they’re correct. When a customer pays using a QR code, you and the customer should double-check the transaction by verifying it has arrived in your account.
Ready to give your customers a secure, touch-free way to pay? With just a printer, you could start accepting QR code payments in minutes. Learn more about how to sell with QR codes.

How We Shop: Measuring the Rapid Digital Shift, survey done in collaboration with and supported by PayPal, August 2020. Methodology: Online survey conducted across 2,163 U.S. consumers.
The contents of this site are provided for informational purposes only. You should always obtain independent, professional accounting, financial, and legal advice before making any business decision.

Was this content helpful?

We’ll use cookies to improve and customize your experience if you continue to browse. Is it OK if we also use cookies to show you personalized ads? Learn more and manage your cookies