Are contactless payments using your smartphone secure?

Are contactless payments using your smartphone secure?

Are contactless payments using your smartphone secure?

Which is easier and safer – pay the old fashioned way with cash or card, or make purchases using systems such as Apple Pay or Android Pay?

Apple Pay, Android Pay and other contactless payment methods that do not even require a bank card have become part of everyday life. People pay using gadgets and, at least in Moscow (and in other large cities of Russia), you will rarely find a terminal that does not support these payment systems. Nevertheless, many are still wondering – how safe is it? How does it work?

Are contactless payments using your smartphone secure?


“What if my phone is taken away?” – this is the question many people ask when they hear about contactless payment. However, firstly, your wallet, where the money is, can be taken away from you. And secondly, it is the loss or theft of the phone that is a much safer incident from the point of view of the safety of funds. Although, the phone, of course, is also a pity.

First of all, it’s worth understanding that enabling Apple Pay on your phone requires setting a PIN to unlock your phone. The phone in sleep mode will be locked anyway, and those who do not know the pin code will not even be able to unlock it. Moreover, each payment procedure will have to be confirmed. The easiest way to do this is to use the Touch ID (fingerprint scanner) or Face ID (the iPhone X’s facial anatomical scanner) sensors. That is, every time you make a payment, you need to put your finger on Touch ID or look expressively into the lens of Face ID.

The bank also provides additional security. Of course, not all banks are willing to resolve controversial issues, however, the chances of getting your money back are much higher than if your wallet is simply stolen. In case of illegal debiting of funds, you can write a statement both to the bank’s security service and to the police.

Again, Apple Pay is more secure than card payments. If you lose your card, then small operations that do not require entering a PIN code can be carried out by intruders without you. And in some cases, knowledge of the card data and the secret code will be enough. At the same time, in order to block the card, you need to call the bank, and the phone is blocked with a default pin code.

As for Apple Pay, even having a phone physically doesn’t make it any easier to steal your money. Moreover, you yourself can permanently lock a stolen phone remotely – then it will not be possible to unlock it even with a pin code, and it will become a useless brick for thieves (by the way, we have already written how not to lose valuable data with your phone).

After all, using Apple Pay on your Apple Watch is even easier. As long as the watch is on your wrist, you can pay. You need to enter the PIN code only if you have removed them. At the same time, somewhere in the store you will not need to take out the phone, which further reduces the likelihood of theft. There are frequent cases, especially in tourist countries, when wallets or phones are stolen from tourists while they are standing in queues. It is very difficult to steal a watch from your hand imperceptibly (especially if you choose the strap correctly), and it is completely impossible to pay with it without entering a pin code.

As for Android Pay, when you enable this function on Android smartphones, security systems are also forcibly turned on. You will have to install a pin code, and besides, Android Pay cannot be enabled on “rooted” smartphones (many “advanced” users will unlock root access to the system in order to install third-party firmware, backup utilities, etc.).

Principle of operation

The beauty of Apple Pay and Android Pay is that you don’t need to carry your wallet or card with you. All you need is a gadget with which you will pay. At the same time, I was able to pay, for example, for gas at gas stations using the Apple Watch, when the phone was accidentally forgotten in the car. Internet access is also not required (this is the difference between Apple / Android Pay and payments using banking applications and NFC chips on Android smartphones).

Also, I have not carried cash with me for a long time. In Moscow, it is already possible to pay for trips on public transport (including the metro) and commuter trains using bank cards and Apple / Android Pay.

It works like this. The seller (or a ticket / beverage / fast food vending machine) initiates payment and asks you to insert a card or attach it to the terminal. If you have an iPhone (not X) – you press the Home button twice and put it to the terminal. In most cases, your fingerprint is automatically read and payment goes through almost instantly. If the fingerprint cannot be read, the system will ask you to put your finger again (sometimes you need to wipe the sensor).

Face ID on iPhone X is easier. You must first bring it to your face – not necessarily close, the main thing is that the closed lock icon at the top of the screen changes to an open lock. Now you need to press the power button twice and attach the phone to the terminal.

Apple Watch is the fastest way to pay. Double press on the wide side button – and no unlocking procedure is needed, since, let me remind you, the watch is locked only when you take it off.

Paying online (where available) with Apple Pay is also convenient because you don’t have to share your credit card information with every site. However, in this case, you can also use Yandex.Money or PayPal accounts with a bank card linked to them.


Contactless payments are fast and secure. Do not listen to horror stories about severed fingers – firstly, a severed finger cannot be unlocked, at least an iPhone. Secondly, there has not been a single such incident yet. But wallets are really constantly stealing, and it is not so difficult to copy bank card data. So if you are worried about your money, it is better to use contactless payments, and not using bank cards (PayPass, PayWave), but using gadgets.

Leave a Reply

Your email address will not be published.