Contactless is generally safer than chip-and-PIN — but only if you respect three habits.
Contactless is actually safer than insert-and-PIN for most transactions — no card slot means no skimmer, no PIN typed means no camera capture, no device on the counter means no overlay. But contactless has its own attack surface. Three habits cover the realistic risks.
Apple Pay and Google Pay are mathematically safer than physical contactless cards. Each transaction generates a one-time token, and the card number is never sent to the merchant. If your phone is stolen, the wallet is locked behind your biometric — useless to a thief. The card has none of this; if stolen, the contactless works until you cancel.
EFTPOS terminals show the amount. Glance at it. Tapping a terminal that's been quietly set to a higher amount than the bill is a known scam at busy bars and markets. If the terminal display doesn't match the price, query it before tapping.
Lost cards are the real contactless threat — not invisible RFID readers. If you've lost a card, ring the bank's fraud line in the first ten minutes. Banks block the contactless function instantly; most fraud claims under $500 are auto-reimbursed if reported same day.
There has never been a verified case in Australia of someone losing money to walk-by RFID theft of a contactless card. The attack is theoretically possible but practically too slow and unreliable for any serious criminal. RFID-blocking wallets are fine if you like them but they're solving a problem that barely exists.
Same logic as above — no card slot to tamper with, no PIN keypad to overlay. If you run EFTPOS for a business, enable contactless on every terminal and encourage customers to use it. Faster checkout, lower fraud risk.
Australian contactless is capped at $200 per tap (some banks $250). Above that, the terminal asks for the PIN — and that's the moment the same skimmer-and-camera attack from the ATM tip applies. Cover the keypad with your other hand when typing the PIN, every single time. Even at the supermarket. Especially at the supermarket — high-traffic, low-attention environments are where the cameras go.
Physical card safety + online card safety + bank safety together cover the picture.
whedo.it can review your EFTPOS setup — terminal physical security, contactless limits, refund permissions, end-of-day reconciliation. The kind of audit big retailers do for themselves, scaled to SMB.
A Support Representative will get in touch.
A Support Representative will be in touch the same business day.
No deck, no pitch — walk your environment with a senior Australian practitioner. Confidential by default.
I built this business because I wanted to do Managed services properly — for a small number of clients, at a senior level, with the same person on the end of the phone every time. The work is too important and the stakes are too high for anything less.
Behind the formal qualifications: a Cyber Security degree from the University of the Sunshine Coast, currently working on my Master’s, plus a continuous stack of Microsoft, Acronis and Nerdio certifications — the ones that have to be renewed because the threats don’t stay still.
Behind the certifications: thirty years of doing the work. I cut my teeth in consulting, then went to Cisco on the team building the original iPhone — Cisco’s VoIP handset, the trademark Apple later acquired in the 2007 settlement. At TPG in 1999 I sold frame-relay networks when frame-relay was the cutting edge of business connectivity. I built and sold a Sydney-based MSP called Online IT before relocating to Perth.
Three decades of watching what’s actually changed and what hasn’t. The technology has changed almost beyond recognition. The principles haven’t. Identity first. Backup that has actually been tested. A senior practitioner who knows your environment. Calm in an incident. Honest answers when the answer is “no.”
That’s whedo.it. That’s the brief. That’s why long-tenure clients don’t leave.
— Warren Ephron, Director