As cashless payments have become more common, the rise in fraudulent activity has become a serious concern. A common sentiment among customers is that cashless payments are convenient and they’d like to use them more often, but that they’re hesitant to do so because of security risks. At the same time, many business owners who operate physical stores or ecommerce sites are likely grappling with a difficult question: What countermeasures should they take to combat the increasingly complex and sophisticated methods employed by perpetrators of fraud?

This article focuses on the security of cashless payments, explaining the security measures businesses should take to provide customers with safe and secure payment services, as well as the steps users can take to avoid potential issues.

Key takeaways

• Cashless payments, which do not require physical currency, include electronic payments and online payments.
  
• Cashless payments carry various risks of fraud that differ from those associated with cash payments.
  
• To enhance the security of cashless payment methods, including credit card payments, both the business and the user must implement the strongest possible security measures.
  
• By implementing a fraud detection system, businesses can expect more effective fraud prevention.
  
• Stripe Radar allows businesses to implement advanced security measures using machine learning that adapts to ever-changing fraud patterns.
  

What are cashless payments?

Cashless payments, as the name suggests, are payment methods that do not involve the use of physical cash. The definition is broad and includes both electronic payments (which rely on digital financial data), such as credit cards and electronic money (e-money), as well as online payments made through ecommerce sites and mobile apps.

There are three main types of cashless payments: prepaid, instant, and deferred.

Cashless payment is rapidly gaining popularity in Japan due to its convenience—specifically, the ability to make a payment without physical cash on hand. For example, if you forget your wallet when you go out, you can still use e-money payments if you have an IC (integrated circuit) card with you. And as long as you have a smartphone, you can use QR codes or other forms of e-money to pay for meals at restaurants or purchases at convenience stores.

According to the Ministry of Economy, Trade and Industry (METI), the proportion of cashless payments has been rising year over year, reaching 42.8% in 2024 and thus achieving the government’s target of 40%. The Japanese government has set a goal of reaching 80% in the future and plans to continue making the necessary infrastructure improvements to achieve this.

Security of cashless payments

Unlike cash payments, cashless payments carry the risk of personal information leaks and fraudulent use. This is because cashless payments involve the transfer of money online using electronic data.

For example, in the case of credit card payments, there is a risk that information such as your card number could be stolen through credit master attacks or skimming. Therefore, businesses that accept credit card payments—whether at physical stores or on ecommerce sites—must implement all possible security measures to strengthen credit card payment security and create an environment where customers can make payments with confidence.

It’s the responsibility not only of businesses but also of cardholders to consistently and proactively manage risks. The same applies to e-money payments using IC cards or smartphones, as well as QR code payments.

Security risks associated with cashless payments

The security risks of cashless payments vary depending on the type of payment. Let’s examine each payment type individually, including credit and debit card payments, smartphone payments, and QR code payments.

Credit and debit card payments

The following are potential risks associated with credit and debit card payments:

• Phishing: A scheme that uses genuine-looking emails to cleverly lure recipients to fake websites and steal their personal information.
  
• Skimming: A criminal act involving the use of a device called a “skimmer” to steal information recorded on a card’s magnetic stripe.
  
• Credit master attacks: A technique used to fraudulently acquire other people’s credit card numbers by exploiting the numerical patterns inherent in card numbers to launch large-scale random attacks.
  
• Information leaks: A data breach resulting from a merchant’s inadequate security measures, which failed to prevent unauthorized external access.
  
• Credit card loss or theft: A cardholder misplaces their physical card or has it stolen from them.
  

According to the Japan Consumer Credit Association, the total financial loss resulting from fraudulent credit card use from January to December 2025 exceeded ¥‎51.05 billion—more than double the 2020 figure of ¥25.3 billion. In light of this situation, it’s important for businesses to comply with the latest version of the Credit Card Security Guidelines—not only to protect consumers and be legally compliant, but also to safeguard the credibility of their own businesses.

Smartphone payments (NFC payments)

Smartphone payments, also known as mobile payments, allow you to make payments using your smartphone. This payment type is popular among customers due to its exceptional convenience. In this section, we’ll explain the risks of fraud associated with contactless IC payment—i.e., “tap-to-pay”—which uses near-field communication (NFC) technology. To make an NFC payment, the user simply holds their smartphone or credit card equipped with a contactless IC chip next to the payment terminal to initiate a data connection.

• Relay attack (man-in-the-middle attack): An act in which an attacker illegally intercepts and relays communications between a payment terminal and a user’s mobile device. The attack is carried out by installing an unauthorized relay device or tricking the user into installing a malicious app.
  
• Replay attack: A method in which an attacker intercepts communication data from an NFC payment transaction and sends it to a different store to fraudulently process a payment.
  
• Sniffing: A criminal act involving the theft of transaction data, account information, and similar details while they’re in transit across a communication network. It targets not only payment transactions but also various other situations where data is transmitted.
  
• Malware infection of NFC payment terminals: A condition in which a payment processing terminal becomes infected with malware; this can lead to transaction tampering and data breaches.
  
• Damage caused by malicious apps: When smartphone users install and use apps that are actually malware created for criminal purposes, their communication data and other information can be stolen without their knowledge.
  
• Loss or theft of smartphone: The loss or theft of a smartphone poses a risk not only of contactless payment features being exploited by a third party, but also of other personal information being stolen.
  

QR code payments

The number of users of QR code payment services, which allow payments to be made simply by scanning a QR code with a smartphone or other mobile device, has been on the rise in recent years. The following are some of the risks associated with making payments using QR codes:

• Sticker scam: A criminal act in which a legitimate QR code displayed in a store for payment purposes is replaced with a fake QR code, causing sales proceeds to be fraudulently transferred to the criminal’s bank account.
  
• QR code theft: A scheme in which a third party photographs the QR code displayed on a customer’s smartphone screen during payment at a store and then scans the code to steal their personal information.
  
• Fake payment confirmation screen: A criminal act in which the QR code payment confirmation screen is forged to make it appear as though the payment has been completed, even though it has not. This crime can happen if store staff relies solely on a visual inspection of a customer’s smartphone screen to confirm that payment is complete. Therefore, it’s important to establish internal processes that allow for payment verification directly within a company’s own system.
  

How to enhance the security of cashless payments

To create an ecommerce site where cashless payments can be used with confidence, businesses must implement strong security measures. It’s also important for cardholders to be proactive in managing risks on a daily basis. The measures that can be taken by both businesses and cardholders are shown in the tables below.

First, let’s take a look at the security measures on the business side.

Security measures for businesses

Among the measures listed above, the one that should be given particular consideration is the implementation of a fraud detection system. A fraud detection system automatically detects and blocks suspicious activity by monitoring transaction patterns in real time. These services, primarily offered by payment service providers (PSPs) such as Stripe, monitor transactions 24 hours a day.

For example, even when using a credit card at an online store, fraud detection systems are thought to be able to more accurately identify fraud schemes that 3D Secure cannot fully detect. For this reason, it’s advisable for ecommerce businesses to implement not only 3D Secure but also a fraud detection system.

For example, fraud prevention tools such as Stripe Radar (which will be discussed later in this article) can adapt to changing fraud patterns through machine learning, allowing them to employ the most up-to-date and advanced security measures. By using these external tools, businesses can avoid the need to develop their own security systems, thereby providing customers with a secure payment environment without incurring significant workload or cost.

Next, here are some measures that cardholders can use to avoid problems.

Security measures for cardholders

In principle, cashless payment providers will reimburse users for unauthorized charges, regardless of the payment method used. However, the amount they will cover can vary depending on the circumstances, and there are also cases where reimbursement can’t be provided; therefore, it’s important to confirm details directly with the provider. Regardless of the payment method used, you must file a police report to receive compensation. If you discover unauthorized use or other fraudulent activity, the first step is to suspend the account, and then file a police report as soon as possible.

How Stripe Radar can help

Stripe Radar uses AI models to detect and prevent fraud, trained on data from Stripe’s global network. It continuously updates these models based on the latest fraud trends, protecting your business as fraud evolves.

Stripe also offers Radar for Fraud Teams, which allows users to add custom rules addressing fraud scenarios specific to their businesses and access advanced fraud insights.
Radar can help your business:

• Prevent fraud losses: Stripe processes over $1 trillion in payments annually. This scale uniquely enables Radar to accurately detect and prevent fraud, saving you money.
  
• Increase revenue: Radar’s AI models are trained on actual dispute data, customer information, browsing data, and more. This enables Radar to identify risky transactions and reduce false positives, boosting your revenue.
  
• Save time: Radar is built into Stripe and requires zero lines of code to set up. You can also monitor your fraud performance, write rules, and more in a single platform, increasing efficiency.
  

Learn more about Stripe Radar, or get started today.