Evan Schuman's StorefrontBacktalk

Contactless payment cards still can’t catch a break. This week, New York City’s mass transit system began what may be the largest push for contactless payment yet in the U.S.

In a trial program that began on Tuesday (June 1), a million riders can use MasterCard contactless payment cards at turnstiles for fares on parts of New York’s subway and bus system, along with commuter trains across the Hudson River and some bus lines in New Jersey. It’s a six-month, highly visible demonstration of the benefits of contactless cards that might actually get consumers to use the cards that have been sitting in their wallets.

But the next day (June 2), a self-proclaimed hacker was on Canadian television demonstrating once again that both MasterCard and Visa contactless cards can be read with a $10 commercial RFID reader available on eBay. That’s despite assurances from both card companies that the cards are secure and encrypted. True, as the CBC News report made clear, newly issued cards will only report the card number and expiration date; older cards also kick out the cardholder’s name. And a reader usually has to be very close to the card to work. But in a crowded subway car, that’s not necessarily much of a challenge.

That remains the contactless dilemma. At least 100 million contactless cards are in the hands of U.S. consumers, but mostly they’re not being used. Many cardholders don’t even know they’re carrying a MasterCard PayPass or Visa PayWave card. Some major retailers have yet to go contactless, while others still encourage customers to swipe even at point-of-sale locations that support contactless. Nobody–neither retailers nor customers–seems to see a benefit. And consumer behavior is tough to change without that benefit at the checkout counter.

MasterCard is hoping the subway turnstile will be a different story. Riders on the MTA’s Lexington Avenue line, PATH trains running between Manhattan and New Jersey, and 11 bus routes on both sides of the Hudson can use MasterCard PayPass cards for a six-month trial. Starting in August, Visa PayWave cards will work as well. (MasterCard gets the first two months to itself because it’s sponsoring the trial.)

“The rider can select any of the many fare options: 30 day, 14 day, one day, one week, prepaid or pay-as-you-go,” said MTA spokesman Aaron Donovan. “There are a million potential customers on the Lexington Avenue trains, the PATH trains and the buses.”

Doing contactless payment in a subway station or bus should be perfect for showcasing the technology. Everyone standing in line can see the guy who walks up, gets a beep from the fare machine and moves through without fishing for change. Making a fast transaction is fine. But making a fast, highly visible transaction where everyone standing in line can see it—and can also see a benefit (because the line moves faster for them, too)—is what will sell contactless to consumers.

And if they use a contactless card on the subway, they’ll be more likely to get in the habit of using it for other low-value purchases. At least that’s what MasterCard is hoping.

Even as mass transit tries to get contactless moving to daily use, security problems still dog the cards. The CBC News demonstration didn’t show anything new. Hacker Paul “Pablos” Holman has been bumping reporters’ wallets for years with his cheap RFID reader, and successfully collecting data from their contactless cards. That’s what he did again this week for the CBC.

What’s worse is that contactless cards are even riskier when consumers don’t use them. Those consumers may not know they even have a contactless card. If a thief bumps them with an RFID reader, they may not realize there’s a risk of having their card’s information stolen. What they don’t know they have, they won’t protect.

That means New York’s contactless transit trial could have a double benefit. It might be the best shot contactless will have at getting consumers to use the cards. And it may be the best wakeup call consumers will have that they need to protect those cards. Steel-mesh wallets, anyone?