Visa Inc. on Wednesday announced the rollout in 15 geographic markets of Visa Tap to Phone, which allows consumers to initiate a transaction simply by tapping a contactless card to a merchant’s NFC-enabled mobile device.
Tap to Phone is now live in numerous countries throughout Europe, Middle East, Africa, Asia Pacific, and Latin America. The technology is slated to be introduced in the United States in 2021, Visa says.
My phone will not support iOS 13 and I will not allow a big corporate bank to require me to purchase an expensive phone that I don't need to use their app. Corporate greed at its finest. I wonder what Bernie thinks of this? He's trying to stop this! I'm in a rural community with no Chase within 35 miles so I'll be looking at local banks soon. What an awesome feature Chase Bank has. Take a picture of a check to deposit it. I love the idea. When I ask customers if going to the bank is a problem, they say, “No. I do it all the time. It’s not a problem.” Then, when I ask them about Chase mobile check deposit and they have it, they say, “I love it.
The rollout comes at a time when merchants and consumers are embracing contactless payment technologies to avoid touching point-of-sale terminals or handing their card over to wait staff amid the coronavirus pandemic.
Visa says it has seen tap-to-pay payments grow by 40% year-over-year. In a recent Visa survey, 48% of respondents said they would not shop at a store that offers only payment methods requiring contact with a cashier or POS terminal.
Tap to Phone is expected to expand card acceptance among small and micro businesses. “This potentially makes any Android device a payment terminal,” Thad Peterson, a senior analyst for Aite Group says in an email. “It could be a real benefit for micro-merchants, as it enables face-to-face commerce virtually anywhere. It’s also a competitor with the dongles available on the market like Square’s.”
Chase Mobile Phone Banking
One potential speed bump for Tap to Phone is that it does not work with iPhones. Apple Inc. has a competing technology through its acquisition of Mobeewave, a tap-to-phone technology provider.
“The challenge (facing Visa) is that it isn’t available on iOS,” Peterson says. “But it would seem inevitable that the networks would adopt both Android and iOS solutions to the same problem.”
As part of the rollout, Visa announced the Visa Ready for Tap to Phone program, which enables technology companies to become Visa Ready-certified.
One of Visa’s approved partners is MagicCube Inc., a provider of contactless technology in which Visa made an undisclosed investment in in August.
MagicCube earlier this week rolled out its iAccept technology, which allows merchants to accept contactless transactions on a mobile device by having customers tap their card directly on the device.
In related news, Chase for Business, a division of JPMorgan Chase & Co., launched Business Complete Banking, a business checking account. Business Complete Banking includes QuickAccept, which enables a business owner to accept card payments in minutes and have the funds available the same day.
QuickAccept levies a flat, pay-as-you-go rate of 2.6% plus 10 cents for a tapped, dipped, or swiped transaction using the QuickAccept contactless card reader. The reader is available from POS Portal for $49.95. The rate is 3.5% plus 10 cents for keyed transaction made through the Chase Mobile app. Businesses can use QuickAccept in the Chase Mobile app or via a contactless mobile card reader.
“Checking accounts are the transaction hub of a business, so we brought the essential elements of paying in and paying out together in one place,” says Jen Roberts, chief executive of Chase Business Banking, in a prepared statement.
The new program appears to be a link into the Chase merchant-processing platform by eliminating the need for complicated on-boarding processes for businesses to accept payments, says Aite’s Peterson.
“It’s similar to a payfac model like Stripe or Braintree, with much easier access,” Peterson says. “The only challenge is that the card data needs to be manually entered each time, which is a lot of friction. Interestingly, it’s limited to the Chase mobile banking app, not available on desktop. That’s probably to make sure that a merchant doesn’t use this for higher volumes and traditional payment processing.”
The program could also be a way for Chase to set another hook in to businesses that don’t regularly accept payments, making it more difficult to change banks, Peterson adds.
Chase small business credit and debit sales in North America were up 6% in February 2020 compared to 2019, but fell almost 50% for the month of April, when many businesses had to temporarily close or pivot to online-only operations.
A large scale phishing scam is underway that pretends to be a security notice from Chase stating that fraudulent activity has been detected and caused the recipient's account to be blocked.
Today, numerous people have told BleepingComputer that they received the same fake Chase 'Security Notice' scam attempting to steal their banking credentials. One recipient said they fell for the scam after their card was denied in a purchase online and thought the email was a legitimate Chase fraud alert.
These phishing emails state that the recipient's Chase account was blocked after suspicious activity was detected.
'Recently, there's been activities in your account that seems unusual compared to your normal account activities, so we've taken security steps by blocking access to your account until you validate your information adequately.'
To 'unlock' the account, the recipients are prompted to click on the 'Restore Now' button in the email, as shown below.
When the 'Restore Now' button is clicked, the recipient will be brought to a page asking them to log in to their Chase account. If they enter their login information, it will be sent to the attackers, who will then have access to the account.
The phishing page will further prompt the user to enter additional information about themselves to verify that they are the account owner. This additional information includes their first and last name, date of birth, Social Security Number, address, and phone number.
If a threat actor gets access to this information, they could use it to perform identity theft, gain access to other accounts, or send further targeted phishing emails.
It is important to remember that Chase fraud alerts never prompt you to enter any information or your login credentials. Instead, the legitimate emails only require you to confirm if a transaction was legitimate by clicking a button in the email.
Chase Phone Payment
If you are a Chase customer and receive an email asking you to login or enter sensitive information, immediately delete the email and call customer service to confirm if they contacted you.