Author Topic: Contactless cards - unasked for fraud risk?  (Read 13498 times)

0 Members and 2 Guests are viewing this topic.

Offline Spunkymonkey

  • Member
  • *****
  • Posts: 999
  • Gender: Male
  • Hello !
Re: Contactless cards - unasked for fraud risk?
« Reply #40 on: September 05, 2014, 09:00:08 PM »
Barclays have given me a non contactless card.

Offline Mart

  • Member
  • *****
  • Posts: 5249
  • Where's my cow?
Re: Contactless cards - unasked for fraud risk?
« Reply #41 on: September 05, 2014, 09:07:03 PM »
My Beloved told me if I touch my card again she'll chop my feckin hands off. For my own good, obviously.
Sometimes I think you have to march right in and demand your rights, even if you don’t know what your rights are, or who the person is you’re talking to. Then, on the way out, slam the door.

Offline Tobes

  • Regents
  • Member
  • *
  • Posts: 4951
Re: Contactless cards - unasked for fraud risk?
« Reply #42 on: September 05, 2014, 09:08:14 PM »
 ;D
I do not agree with what you have to say, but I'll defend to the death your right to say it - [attributed to] Voltaire... 'Entia non sunt multiplicanda praeter necessita' - William of Occam.... 'You have a right to feel offended, but just cos you are offended doesn't mean you are right'

Offline Spunkymonkey

  • Member
  • *****
  • Posts: 999
  • Gender: Male
  • Hello !
Re: Contactless cards - unasked for fraud risk?
« Reply #43 on: November 01, 2014, 01:38:07 PM »
Another reason not to have a contactless card:-

http://www.bbc.co.uk/news/business-29861514

Quote
Researchers claim they have found a security flaw with Visa contactless payment cards.

In the UK, people can make purchases up to £20 by just touching the card against a machine - without needing to enter a PIN.

However, the researchers say that a glitch means Visa's cards will approved unlimited spending if it is put through in a foreign currency.

Offline Tobes

  • Regents
  • Member
  • *
  • Posts: 4951
Re: Contactless cards - unasked for fraud risk?
« Reply #44 on: September 01, 2015, 05:14:31 PM »
Spunky - I hope you're going to stay with us as this story continues to raise my eyebrows...

http://www.bbc.co.uk/news/business-34110348

Quote
Shoppers in the UK will now be able to spend up to £30 using contactless cards after the limit was increased.
The limit per transaction for the wave and pay cards, which do not require a PIN or a signature to authorise payment, was previously £20. The move follows a huge rise in the number of people using contactless cards in the UK.
Transactions for the first half of this year totalled £2.5bn, already higher than the £2.32bn spent in 2014.
The UK Cards Association, the trade body for the card payments industry, said the increase meant that the average supermarket spend of £25 would now be covered. "The growth in contactless payments shows people want to use contactless cards, and increasing the limit gives customers even more opportunities to pay in this way," said chief executive Graham Peacop.


All very predictable... How many uses would be required however, before a cashier would require a PIN check to ensure the card hadn't been recently stolen from someone?

Quote
In July, consumer group Which? warned that data from contactless cards could be easily stolen by determined fraudsters.
But the trade body said fraud via the cards was "extremely low", at less than one penny for every £100 spent.
The increase also comes after technology giant Apple allowed users of its latest devices to make contactless payments.
Kevin Jenkins, managing director UK and Ireland at Visa Europe, said contactless payments were becoming the "new normal".
"We've seen unprecedented growth in this area, with the number of Visa contactless transactions more than trebling in the past year in the UK," he added. The increase was first announced in February. Payment terminals must be updated for the new limit to apply, and card issuers still have the right to limit an individual's contactless payments to a lower amount.


We've been told that the array of products and services offered to us by banks are there for our convenience and for our 'choice' - but it appears that very soon this choice will be removed.

The list of banks offering customers the right to protect their data and to reduce the chances of being mugged for a card which will be worth over £100 to ANYONE stealing it, is dwindling rapidly. This new form of transaction is simply absorbed into the norm through a mixture of point of sale bombardment, the automatic 'upgrade' of all reissued cards to contactless and retailers desire to avoid handling cash or going through the pesky security check of having someone type in a PIN.

Its another example of how the corporate world regards a level of crime and fraud as simply an acceptable business risk - even though, in this instance, its a risk which is actually being carried by the card holding customer.

Sharp practice, in my view - and another 'Tobes' prediction on TS for future trouble...
I do not agree with what you have to say, but I'll defend to the death your right to say it - [attributed to] Voltaire... 'Entia non sunt multiplicanda praeter necessita' - William of Occam.... 'You have a right to feel offended, but just cos you are offended doesn't mean you are right'

Offline Tobes

  • Regents
  • Member
  • *
  • Posts: 4951
Re: Contactless cards - unasked for fraud risk?
« Reply #45 on: September 01, 2015, 05:23:52 PM »
... and not just cynical old me either:

(Taken from a July Telegraph article - http://www.telegraph.co.uk/technology/internet-security/11758990/Contactless-cards-at-risk-of-fraud-warns-Which.html )

Quote
"As the use of contactless payment becomes increasingly widespread, it has never been more important for banks to have robust security checks in place. Not only to ensure that sensitive data is masked, but also to flag unusual activity on a user’s account," said Ross Brewer from security intelligence company LogRhythm.
"As contactless payment limits rise to £30 in September, it is more likely that criminals will begin to target cards rather than the old-style chip and pin for a quick and easy pay day."


 ???

Quote
Contactless payment cards were used more than 1bn times in the past 12 months in Europe, but a security flaw means they can be "easily and cheaply" exploited for fraud, according to new research by the consumer watchdog Which?
Using inexpensive card-reading technology puchased from a mainstream website, the researchers were able to bypass security measures and remotely 'steal' key details from 10 contactless cards (six debit and four credit).
These included the card number, expiry date, and a list of the last 10 transactions carried out on the card. However, none of the cards revealed their CVV security codes (the number on the back of the card).
Although it is difficult to make online purchases without the cardholder's name and CVV code, the researchers succeeded in ordering two items – including a £3,000 TV – from a mainstream online shop using the "stolen" card details, combined with a false name and address.


... and scary as that is, it still doesn't address a basic threat which even chip and PIN and signature strip cards largely obviate; that of a mugger grabbing your mobile and wallet and going on a spree until such time you can report it to the police, get in touch with your bank, pass through their own security checks, and get your card cancelled.

Remember, if it can take up to four transactions [see important note below] before a PIN is required, everyone with a contactless card may as well also be flaunting a wallet carrying £120 in cash.  :idiot2:

EDIT. I've been doing some research to try and find a statement from the UK Card Association confirming how often you'll be asked for a PIN check on your card, and rather scarily, I can't.

IN FACT, THERE IS NO CONFIRMED CRITERIA FOR WHEN YOU'LL BE ASKED FOR A PIN CHECK THAT I CAN FIND ANYWHERE.

This is what they say themselves (my italics)

http://www.theukcardsassociation.org.uk/individual/what-is-contactless.asp
Quote
There’s no need to mess about entering your PIN in to the terminal every time. From time to time, you may have to enter your PIN in to the terminal, this is just a security check - to verify that you, the authorised cardholder, are still in possession of the card.


'From time to time'.

Note that carefully: It means your card is potentially worth much more than £120 to any standard pick-pocket, mugger or burglar who will soon find out that virtually EVERYONE on the street will be carrying one, regardless of sex, age or appearance. And all they need to do is steal it from you and they can buy their booze, fags or whatever else, either for themselves or to sell on to turn into folding money. No PIN, no signature required - just the wave of a card in front of a till.

This inevitably means an associated rise in street robbery. Tain't brain surgery.

I wonder if, after the scandal of mis-sold PPI, the banking Industry has set up a similar fund to cover the costs of those traumatised or injured as a direct result of this enforced technology and the crime it will encourage? Afterall, its not even as if most customers are being given the choice of contactless or not. I wonder if they bare a duty of care which extends beyond their profit margin?

 :-\
 
« Last Edit: September 01, 2015, 06:14:23 PM by Tobes »
I do not agree with what you have to say, but I'll defend to the death your right to say it - [attributed to] Voltaire... 'Entia non sunt multiplicanda praeter necessita' - William of Occam.... 'You have a right to feel offended, but just cos you are offended doesn't mean you are right'

Offline Phil Chitty

  • Member
  • *****
  • Posts: 250
  • Gender: Male
  • The user formerly ph1lc
Re: Contactless cards - unasked for fraud risk?
« Reply #46 on: September 02, 2015, 08:40:55 AM »
Nice work Tobes.

At present it is possible to opt out of contactless cards - I indeed have and I'm certainly not registering my cards on my I-phone.

How long will it be possible to carry on opting out? The usual practice it to bring in compulsion via the back door -take driving licences for example.