Dáil Éireann Debate, Wednesday - 12 July 2017
139. Deputy Michael McGrath asked the Minister for Finance if he will investigate a matter raised in correspondence (details supplied) in relation to the use of contactless electronic payments; and if he will make a statement on the matter. [33364/17]
Amharc ar fhreagraThe question appears to concern the possible security implications of information displayed on the merchant receipt following a contactless payment transaction. Contactless payments carried out using credit or debit cards use the same secure payment technology as payments made with cards that are not contactless enabled.
It is normal for a merchant to receive the card number and expiry date, as the merchant ordinarily requires those details to execute the payment transaction. I understand that the Payment Card Industry’s Data Security Standard (PCI DSS) requires merchants to protect cardholder data and payment card information, whether it is printed, processed, transmitted or stored. Best practice is to not display the card number in full on a receipt, and card numbers are generally truncated or masked to show only the final four digits. In addition, the CVV and PIN number, which are required to execute non-contactless payments, are not included on a receipt.
Any cardholder who has concerns on how a merchant displays his or her payment card information should raise the issue either directly with the merchant or with the bank that issued the card. If dissatisfied with the response of the bank, the cardholder can refer a complaint to the Financial Services Ombudsman, which is an independent office established to deal with consumer complaints about their dealings with financial institutions.
