BERLIN: A tap of your phone, a quick beep, and you’re done. What was still new a few years ago has become mainstream during the pandemic.

Anyone who has switched to making contactless payments - often called “tap to pay” in restaurants and shops - with their phone won’t miss the times when they were rummaging around in their pockets for cash.

For those who are still concerned: Holding a bank card or smartphone or smartwatch up to a payment terminal might seem faster, but is it secure? And what actually happens to the data transmitted during the payment process? Here are the most important questions and answers.

What options are there for contactless payment?

Debit and credit cards often come ready to tap on a card reader at any checkout without additional setup needed, but most smartphones and smartwatches can also easily be set up for mobile payments.

You can either download the app of a payment service provider, or use the often more universal offerings from Apple, Samsung or Google. The cards of cooperating banks can then be stored in their apps.

And many supermarket chains are also getting involved. With their customer apps, you can redeem vouchers and pay for your shopping, for example. Loyalty programmes in many countries are also often involved in contactless payment via their apps, as are payment services from Bluecode to PayPal.

Fitbit and Garmin, for example, offer their own payment systems for their sports watches. But even some analogue watches can become wallet substitutes: This is possible, for example, with certain “unsmart” models from the manufacturer Swatch, where an integrated chip enables the transaction.

What do I need?

The basis for most contactless transactions is near-field communication (NFC), a set of communication protocols. To make a transaction, the card, smartphone or watch must have an NFC chip. Newer smartphone models as well as smartwatches now do this across the board.

For those with older mobile phones, supermarket apps or other payment services are an alternative, where you can store bank details or a credit/debit card. Here you pay with a barcode or QR code that you present or scan at the checkout.

With the exception of the Swatch models mentioned above, it’s generally necessary for the respective device to have enough battery power and still be on. The same applies to having an Internet connection: Some providers require this, but some don’t.

How secure is it?

Pretty secure. “It’s very unlikely that data will be extracted,” says Stefan Fischer from Stiftung Warentest consumer organisation.

Compared to a credit card, paying by app can even be considered very secure. This is due to the fact that the card data stored is not read directly during the transaction, but rather an individual sequence of numbers, a kind of code.

The Consumer Advice Centre in the German state of North Rhine-Westphalia is also not aware of any cases in which “criminals specifically attack contactless payment”, says lawyer David Riechmann.

For security fanatics, there are special protective sleeves for bank cards that prevent near-field communication. In addition, after a certain number of payments or for higher amounts, usually €25 or more, you’ll need to enter the PIN. With smartphones, there is an additional level of security: the device must first be unlocked for each transaction.

What about companies spying on my spending habits?

Here things don’t look quite as good. Germany’s Stiftung Warentest consumer organisation found flaws in the terms and conditions and data transmission behaviour of several payment apps.

Consumers must be aware that their data is not only sent to the app provider, but also to payment service providers and other possible partners.

Supermarket apps in particular are keen to collect data, they know in which branches the customer shops and whether or not they’ve changed their preferences. “Cash is really the only anonymous payment method. Paying by card, be it with an actual card or with your smartphone, also leaves traces,” explains consumer advocate Riechmann.

What if you lose something?

If you lose your smartwatch, mobile phone or debit/credit card, it’s important to lock or block it immediately. The risk of payments for higher amounts being made is unlikely, as the criminals would have to know either the PIN (in the case of a contactless card) or the code to unlock the respective device.

Those who use biometric data to access their device and make payments have even less to worry about. And even if unauthorised purchases have already been made: As long as the smartphone or card is appropriately protected and you cannot be shown to have been careless, then the bank has to cover the losses in most countries.

 - dpa