Contactless payments have become the default transaction method for most Australians. The shift from plastic to phone and watch payments is largely complete in metropolitan areas, and the question of which method is more secure is worth understanding clearly — not because the risks are alarming, but because the answer is less obvious than the marketing suggests.

The legal baseline is the same for both

Physical credit cards and digital wallets — Apple Pay, Google Pay, Samsung Pay — operate under the same consumer protection framework in Australia. The ePayments Code, regulated by ASIC, governs both. The Visa, Mastercard, and American Express networks extend their own protections across both methods. In practical terms, this means that liability for unauthorised transactions does not rest with the cardholder provided the cardholder has not acted negligently — sharing a PIN or passcode, or failing to report a lost device or card promptly.

Fraud monitoring operates continuously across both payment types at the major Australian banks. The ability to temporarily freeze a card or device through an app or online banking is available regardless of payment method, as is the chargeback process for disputed transactions.

Where digital wallets differ

The material distinction between the two methods lies in how transaction data is handled at the point of sale.

When a physical card is tapped, the card number is transmitted to the merchant's payment system. If that system is subsequently compromised, the card number is exposed.

Digital wallets do not transmit the card number. They use tokenisation — the card details are replaced with a single-use code generated for that transaction. The merchant receives only the token. Even in the event of a breach of the merchant's system, there is nothing of value to retrieve.

This is a genuine security advantage, not a marginal one. It is compounded by the biometric or passcode authentication required to initiate a payment from a phone or watch — a layer of verification that a physical card does not require.

Practical limitations

The security advantages of digital wallets are not universally accessible. Contactless payment infrastructure in regional and remote areas of Australia remains uneven, and older EFTPOS terminals may not support phone or watch payments. Internationally, the gap is wider. A physical card remains a necessary backup for travel, and for any context where battery life or connectivity cannot be guaranteed.

In practice

For most transactions in most contexts, a digital wallet is the more secure payment method. The tokenisation architecture addresses the primary vector through which card fraud occurs at the merchant level. For clients who have not yet made the transition, the security case for doing so is clear.

Carrying a physical card as a backup remains sensible. Relying on one exclusively, where the alternative is available, is not.

If you have questions about managing your personal financial security, we are available to discuss them.

Ben Widdup
Wealth Manager

1300 102 542 | 0402 633 205
ben.widdup@egu.au

Sources:

• ASIC ePayments Code: https://download.asic.gov.au/media/lloeicwb/epayments-code-published-02-june-2022.pdf Retrieved 23rd October 2025

This is general advice. It does not take account of your objectives, financial situation, or needs, and is not a substitute for advice that does. Before acting on anything in it, consider whether it suits your circumstances, and consider the relevant Product Disclosure Statement.