Technically you can do a transaction by holding a mobile EMV payment terminal to someone's card without them knowing (this only works for physical cards, mobile phones need to be unlocked first).
The protection is the fact you just can't get a mobile payment terminal without a whole "know your customer" due diligence process, so the fraud traces directly to the ultimate beneficial owner of the company to which the payment acceptance contract of the payment terminal was provided.
This is the reason this fraud is non-existent in Europe, where tap to pay is already used for years.
The protection is the fact you just can't get a mobile payment terminal without a whole "know your customer" due diligence process, so the fraud traces directly to the ultimate beneficial owner of the company to which the payment acceptance contract of the payment terminal was provided.
This is the reason this fraud is non-existent in Europe, where tap to pay is already used for years.