Contactless payments let a card, phone, or smartwatch pay by being held near a payment terminal. The computer science behind this simple tap includes wireless communication, cryptography, authentication, and fast network messaging. It matters because the system must move data in a fraction of a second while protecting the real card number from theft.
A contactless transaction is not just a radio signal, but a carefully controlled exchange of identifiers, tokens, and authorization messages.
Most contactless cards and phones use Near Field Communication, or NFC, which works only over a very short range. The terminal powers or talks to the payment device, requests payment data, and sends a tokenized request through the merchant, payment processor, card network, and issuing bank. The issuer checks the token, account status, fraud signals, and transaction rules before sending back an approval or decline.
Phones often add extra security with biometrics, device keys, and one-time cryptographic codes.
Key Facts
- NFC usually works at 13.56 MHz and is designed for short-range communication of about 4 cm or less.
- A contactless payment sends a token or dynamic payment data instead of exposing the full card number directly.
- Basic flow: device to terminal to merchant acquirer to card network to issuing bank to card network to acquirer to terminal.
- Tokenization replaces a sensitive account number with a substitute value, so stolen transaction data is less useful.
- Encryption and cryptographic authentication help prove that the payment data came from a valid card or device.
- Transaction time depends on local NFC exchange plus network authorization, often completing in about 1 to 3 seconds.
Vocabulary
- NFC
- Near Field Communication is a short-range wireless technology that lets a payment device and terminal exchange data when they are very close.
- Tokenization
- Tokenization is the process of replacing a real payment account number with a limited-use digital substitute.
- Payment terminal
- A payment terminal is the device at a store that reads payment data and sends the transaction request for authorization.
- Issuer
- The issuer is the bank or financial institution that provided the card or account and decides whether to approve the transaction.
- Cryptogram
- A cryptogram is a one-time cryptographic value used to help verify that a payment message is authentic and has not been reused.
Common Mistakes to Avoid
- Thinking the terminal reads money directly from the card, which is wrong because the terminal sends a request that must be authorized through payment networks.
- Assuming NFC works like long-range Wi-Fi, which is wrong because NFC is intentionally very short range to limit accidental reads and make tapping deliberate.
- Believing the real card number is always transmitted in plain text, which is wrong because modern systems use tokenization, encryption, and dynamic authentication data.
- Confusing authentication with authorization, which is wrong because authentication checks that the device or message is valid while authorization checks whether the transaction should be approved.
Practice Questions
- 1 An NFC payment exchange takes 120 ms, network routing takes 850 ms, issuer processing takes 300 ms, and the approval message returns in 230 ms. What is the total transaction time in seconds?
- 2 A store completes 480 contactless payments in 2 hours. What is the average number of contactless payments per minute?
- 3 A stolen contactless transaction log contains tokens and one-time cryptograms instead of real card numbers. Explain why this is safer than storing the actual card numbers.