Contactless cards ‘open to fraud’

contactless cards open to fraudClaims that contactless payment cards are as safe as houses have been rubbished by a new investigation, which claims users could be unwittingly opening their bank account up to fraudsters.
Researchers at Which? were able to use inexpensive, widely available card scanners bought from a mainstream website to read key personal details from 10 different debit and credit cards.
They were also able to read limited details of the last 10 transactions, although no cards revealed the CVV security code (the number on the back).
They doubted they would be able to make purchases without the cardholder’s name or CVV code – but were wrong, as they were then able to use the stolen data to place online orders for goods costing up to £3,000 without the card’s security code and using a false name and address.
The limit for a contactless transaction rose from £15 to £20 in June 2012, and will rise to £30 in September this year. But, by touching volunteers’ cards to their card reader, researchers got enough details to allow tem to go on an internet shopping spree. With these card details, the contactless transaction limit is irrelevant, because online transactions are not contactless.
Peter Eisenegger, a security expert who helped develop European standards for contactless cards, told Which? that it would be possible for criminals to obtain card readers that could read details from further away than the one in its test.
He said: “It’s vital to protect consumers from fraudsters who have the knowhow to develop mobile card readers with much greater reading distances than those used by retailers.”
Official fraud figures for contactless cards show losses attributable to contactless fraud are less than 1p per £100, but it is impossible to know the true scale of theft via contactless readers, as it would be hard for the victim to know whether their card details had been lifted this way.
The study follows claims that Apple Pay owners are also at risk of fraud. The device was only launched in the UK a fortnight ago, but reports from the US – where Apple Pay has been in place since October – claim that the fraud rate can reach 6% of transactions at some banks – 60 times the average credit card fraud rate. Critics point out that it is easy to use a stolen phone, and even to load a stolen credit card onto the phone.

Related stories
Apple Pay risk as stores lift £20 limit
Apple plots iPhone 6 loyalty
Contactless payments hit by glitch

Print Friendly

2 Comments on "Contactless cards ‘open to fraud’"

  1. Contactless cards ‘wide open to fraud’ #dataprotection #datasecurity #financial #contactless

Comments are closed.