Stay secure: Treat wearables on par with cards to make contactless payments

A wearable device is linked to the customer’s bank account and functions like a debit card. It can be used at any point of sale (PoS) that accepts contactless transactions
In a first, Axis Bank has launched a range of wearable devices through which users can make contactless payments. These devices are available in the form of accessories like bands, key chains, and watch straps. They obviate the need to pull your card out of a wallet or using your phone.

The offering

A wearable device is linked to the customer’s bank account and functions like a debit card. It can be used at any point of sale (PoS) that accepts contactless transactions. The wearer just needs to wave it before a PoS machine. Transactions up to Rs 5,000 don’t require a PIN.

Says Sanjeev Moghe, executive vice president and head – cards and payments, Axis Bank: “Wear ‘N’ Pay will bring convenience and increase the adoption of cashless transactions in everyday payments.”

After an initial joining fee of Rs 750, customers will have to pay an annual fee of Rs 500 from the second year.

Built-in safeguards

Wearables use Near Field Communication (NFC) technology. “NFC only transmits digital data within a short range — typically 4 cm or less. The customer will have to tap the device at the place where the contactless symbol is loca­ted to get the best ran­ge for transaction authorisation,” says Moghe. Long-range RFID readers, he says, cannot extract data from the device.

Some experts add that a fraudster equipped with an NFC reader will not be able to collect enough data from the card to complete an online purchase. “Only a genuine PoS, provided by an acquiring bank, can communicate with the card to authorise a transaction. A fraudster using such a PoS will get caught by the acquiring bank and processing network,” says Vikas Varma, chief operating officer, South Asia, Mastercard. The number of contactless transactions that can be made in a row is limited.

Each device comes with a fraud liability cover of up to Rs 1 lakh. In case of an unsecure fraud – a transaction undertaken without entering PIN – the customer will have zero liability if he reports it within 72 hours. Liability for secure fraud will have to be borne by the customer.

Beware of risks

Security experts say the risk in these devices is that they can be swiped for up to Rs 5,000 without a PIN. “Suppose you are in a public place. Somebody picks up the key chain when you are not paying attention and uses it,” says Ritesh Bhatia, cybercrime investigator and cybersecurity and data privacy consultant. Adds Bharat Panchal, chief risk officer-India, Middle East & Africa, FIS, a global provider of financial technology software, services, and solutions: “Be very alert about the physical security of these devices.”

Electronic pick pocketing is another potential risk. “Someone brings a PoS device close to your body, where the device is, hoping a transaction happens,” says Bhatia. While hard to pull off, such frauds have happened abroad. Though the transaction can be traced to the merchant, the latter could claim that the device owner had shopped at his establishment.

“Reserve Bank of India (RBI) regulations require that customers be able to switch on/off usage at will and set a low transaction limit. Use these safeguards,” says Udbhav Tiwari, public policy advisor, Mozilla. Panchal advises to check bank statement regularly to ensure there are no unauthorised transactions.  

Cautious customers should wait for some time to see how the bank resolves cases of misuse. “If it makes good the customer’s loss without hassles and refunds the stolen amount quickly, these devices will be worth opting for,” says Bhatia.

Business Standard is now on Telegram.
For insightful reports and views on business, markets, politics and other issues, subscribe to our official Telegram channel