Your credit institution has warned you about raising the threshold for making a contactless payment without entering the PIN code: since you believe that the amount is too high, you are afraid that an attacker may "intercept" your information and make unauthorized payments using your funds, or steal your ATM card to buy anything.
I want to reassure you right away: this is a rather remote eventuality, almost impossible, since the data exchanged between the POS and your card are encrypted and, consequently, illegible to external eyes; furthermore, credit institutions provide for limitations for mini-transactions close in time, precisely to protect users who lose their card.
How do you say? Despite this, to feel even more comfortable, you would like to understand how to disable contactless ATMs, so that your card is no longer usable - even to pay small amounts - without physically inserting it into the reader? Then this is the guide that is right for you: below I am going to explain to you what are the dynamics behind contactless payments, and then show you how to disable this possibility. Enjoy the reading!
- Characteristics of contactless payments
- How to disable contactless ATMs
- Contactless: is it really risky?
Characteristics of contactless payments
Before getting to the heart of the matter and explaining, in practice, how to disable contactless ATMs, let me give you some more information about the dynamics of this payment method.
To begin with, a contactless transaction occurs by bringing the elements involved together - usually one payment card it's a contactless enabled POS terminal - at a distance of 2-3 centimeters: often, to avoid interference and problems due to possible obstacles, the “devices” tend to overlap, until the sound feedback is received. Data exchange takes place via NFC technology and the information in transit is completely encrypted, therefore safe and protected from potential electronic interceptions.
Generally, when the transaction amount is relatively low (less than €20, €30 or €50, depending on the credit institution issuing the card), PIN code entry is not required to complete the payment; however, as you will soon discover, security measures are often applied (such as the automatic blocking of the contactless system, in the case of small and short-term transactions), in order to avoid unauthorized expenses in the event of theft or loss of the card.
As I explained to you in my guide dedicated to payments with NFC, there are some online services (such as Google Pay and Apple Pay, for example) that allow you to associate your credit card with a specific app or service on your smartphone / smartwatch, and use the NFC chip of the latter, to complete the transaction in the authorized shops. In this case, however, the unlocking of the app by the user is always required, via Biometry (fingerprint or face recognition) or entering a personal code.
The subject of this guide will be to explain how to disable contactless payments from debit / credit cards issued by banks and other credit institutions, often also referred to as ATM card as the latter have almost all of the circuit support ATM, i.e. the main payment and withdrawal circuit 2022no (managed by BANCOMAT SpA).
The deactivation of contactless payments on cards, however, does not affect the possibility of paying in contactless mode via smartphone or smartwatch with NFC support, which remains active: to prevent this from happening, simply delete the credit card from your account or from the app used to make NFC payments. In this regard, you may find my guides on how to disable Google Pay, how to disable Samsung Pay and how Apple Pay works.
How to disable contactless ATMs
Having made the necessary clarifications, the time has come to get to the heart of this guide and to understand, in practice, how to disable contactless ATMs. I want to tell you right away that there is no standard procedure that you can follow, since each bank has its own procedure: in general, you must access the website or athome banking app of your credit institution and, after being authenticated, enter the section dedicated to card functions e disable contactless payments from there. However, not all credit institutions provide for the possibility of making the contactless functions of payment cards unusable.
That said, I'll use a card associated with the as an example BancoPosta account of Poste 2022ne. If you have one too, know that in order to proceed you must first register on the Poste 2022ne site, you must have validated your phone number and, if you want to act via smartphone / tablet, you must have downloaded, installed and activated the app BancoPosta, available for Android and iOS / iPadOS.
Clearly, these steps also apply to other institutions: to manage the cards linked to an account, you must have access to the home banking system and the dedicated app, if you wish to act on a mobile basis.
Is everything clear so far? OK, so let's continue with the example linked to the Poste 2022ne cards. If you intend to act via computer, connected to the Poste website, click on the button Personal Area, enter yours credenziali d'accesso in the appropriate fields and click on the button Log in, to login.
Now, locate the box for yours Billclick on your button Log in and completes the two-factor authentication procedure by entering the disposable code received via SMS or by confirming access via theBancoPosta app.
Once logged in, click on the box Change card functionality, by pressing the button Immagine corresponding to card number on which you want to intervene and then press the button Customize settings, located at the bottom of the page that appears.
Finally, locate the drop-down menu Contactless payments, click on it and choose the item Disabled from the same. Finally, click on the button Continue (bottom), then on the button Authorize and confirm your identity again by entering the one-time password received via SMS, or by authenticating via the app BancoPosta, to make the change effective.
If, on the other hand, you want to make the aforementioned change through the app BancoPosta, start it, tap the button Log in and authenticated using fingerprint / face recognition, PosteID code o credentials of the Poste 2022ne site.
When login is complete, tap the button (>) corresponding to the item Bill, then on the symbol of horizontal lines with gear wheel which resides on the next screen (next to the account number) and scroll down the panel that appears on the screen, until you find the item Enable contactless payments.
When you've found it, move from ON a OFF the corresponding switch and confirm the change by authenticating again with theFingerprint, or through the PosteID code.
I repeat that not all credit institutions provide for the deactivation of contactless payments from cards issued; for more information, I suggest you get in touch with your bank, to get more precise information on the subject.
Contactless: is it really risky?
How do you say? Your bank does not allow you to deactivate contactless payments and you are afraid that, by using them, you could put at risk the funds available on the linked account, or your personal data? Well, I want to reassure you right away: contactless payments are safe by definition, as the data exchanged via NFC are encrypted and difficult to detect, if not by extremely sophisticated devices placed in the immediate vicinity (a few tens of centimeters or a little more).
For this reason, it is extremely difficult - if not impossible - for an attacker to succeed steal bank details or clone credit card during a transaction, as it would have no way of stealing the information necessary for a potential illegal reuse of the card.
Furthermore, it is often thought that a criminal can carry out continuous mini-thefts by bringing any POS terminal close to the card, while keeping it in a pocket, wallet or purse: beyond the material difficulty of the thing (the device should be extremely close and be able to overcome obstacles of other nearby objects), in order to receive contactless payments it is essential be registered with a service provider. Therefore, his name would immediately appear in the list of transactions carried out, as well as in the account statement, and the thief would have a very short life!
The only one danger associated with cards with contactless payments enabled resides in theft or in the loss of the same: should you lose your card and do not promptly realize it, an attacker could make purchases for amounts lower than the contactless limit, without entering the PIN.
However, in order to avoid this unpleasant inconvenience, most of the lenders blocks contactless transactions, if these are carried out too soon, and notify the rightful owner of the card.
Let me tell you: if you lose your card, contactless would be the least of your problems! On the cards, with rare exceptions, the name and surname of the cardholder, the card number, the expiry date and, on the back, the CVV2 / CVC2 code are printed: these data are more than sufficient to make online purchases, on numerous ecommerce sites, almost undisturbed!
For this reason, make sure that your card is always in a safe place and, should you lose sight of it and do not find it where you expected, do not hesitate and contact your credit institution to request that it be blocked: banks and post offices generally provide a free phone number, active 24 hours on 24, specially dedicated to the urgent blocking of the card. If you don't know what it is, Google for phrases like toll-free number card block [name of credit institution].
In addition, many Smart bank accounts with associated cards allow you to temporarily or permanently block cards directly from the app, with a simple tap.
That said, after blocking the card, file a complaint with the competent authorities as soon as possible: in this way, not only will you be protected, but you can also get a partial or full refund from your bank, in case of unauthorized purchases.
For further information, take a look at this guide of mine, in which I explained how to behave in the event that your credit card is cloned or lost (in practice, the countermeasures to be taken are the same).