Do contactless cards expose you to fraud?

by , Principal Money Researcher Money 5 April 2012
VN:F [1.9.22_1171]
3 - 0
avatar

Are you worried about the security of using new technology? Barclays hit the headlines after fears customers using contactless bank cards may have had their data stolen via ‘secret swiping’ techniques.

Pick-pocketing

Most of us are keen to try out new payment methods and forms of banking as they provide quick, convenient and flexible ways to manage our finances.

But are the security risks too great?

Contactless cards are designed to allow rapid payment by holding them against special readers, with no Pin required.

Channel 4 News found that readers built into new mobile phones can be adapted to take data from contactless debit or credit cards by swiping them in people’s wallets and pockets.

The new pickpockets

In the Channel 4 investigation, researchers were then able to buy goods online. The information obtained via the ‘secret swipe’ included the long card number, the expiry date and the cardholder’s name, and none of the information was encrypted.

Barclays has blamed retailers for their systems, stating that the issue isn’t with contactless cards, but with the checks undertaken for ‘card not present’ payments by some retailers.

However, Channel 4 said it was only able to access details of Barclays-issued Visa cards and that other banks and their systems weren’t accessible. Whoever is at fault, these revelations will come as a shock to you if you’re a holder of one of the estimated 15 million contactless cards in circulation in the UK.

Security worries persist

When Barclaycard launched its new Pingit payment system in February, several of you expressed similar security concerns. Conversation commenter William said:

‘Nice idea, shame about the lack of security. We’ll eagerly await the first news story of how people mysteriously lose up to £300 because banks have no idea what security is.’

However, Banking Insider told us:

‘I imagine that Barclays will have considered all of the possible attack vectors including handset-based trojans. I suspect that they’ll have invested very heavily in security which normally involves working with 3rd party security experts. Don’t forget that they are liable for any losses so skimping on security wouldn’t make a lot of business sense.’

Does the same apply to contactless cards or is this a payment method you’ll avoid? Has this latest episode made you even more wary or do you think that there will always be issues when these products are first launched, that are then quickly resolved?

18 comments

Add your comments

avatar

Les

Barclays have just issued me with a new debit card as they have told me that my details may have been taken from my old card. When I questioned them on this they suggested that a shop assistant had been copying card numbers and I had used my card in this shop so they were doing this as a precaution. I never associated this with the fact that the card was contactless as I never use this feature. Having to change my card details with all my online accounts is a big inconvenience. Couple this with the security issues of these contactless cards and it’s not worth all the bother. Back to the drawing board I think Barclays.

avatar

ayesha

My son who just started university this year was offered one of these contactless cards which he very sensibly declined. He was told that items upto £15 could be paid for with it and when he asked, what if someone got hold of it and went on a spending spree would he be liable? and the bank replied “not if you can prove that it was stolen or that u lost it”

How on earth do you “prove” u lost a card or had it stolen???? I have had cards lost or stolen before now and never had to prove it. i couldn’t!

avatar

Pangit

The answer to this is:
1. Use the card to identify you with the central computer.
2. Then a palm scanner used at the point of purchase of goods to scan the Palm of your hand a copy of which is held on your computer record identified by your card.

The palm of your hand having previously be taken by the card issuer or other body for comparison

If the two items match then the sale goes ahead.

Basically Chip and Hand.

Also stops people lending their cards to there friends or relatives or their kids using them.

The only loophole would be somebody copying your card and copying the electronic signature of your Palm which of course would be possible at the retailers, ATM etc. Just chip and pin numbers you enter at present are copied by the retailer or ATM etc.
The basic rule is if it is electronicaly captured it can always be cloned.

avatar

Bryan84

It is very sad that banks expose us for such risk. Once I watched on TV that thieves can obtain so easily your card details and use them for shopping on Amazon I was really p***** off and scared. Hopefully I found Koruma sleeves on ebay which prevents from unauthorized scanning. It really works tested in shop and on Oyster card.

avatar

Pangit

Try wrapping your card in aluminium Baking Foil – Thats supposed to work. You could put the foil in your wallet where the card goes. Glue the foil inside the wallet card pocket.

avatar

Pangit

There are also card around that you need to pinch with your fingers for the RFID chip to work.
It works for 200milli seconds then stops working. You then have to pinch it again for it to work again next time you need to use it (Again only works for 200 milli seconds). But the banks don’t supply this type of card as it is a bit more expensive!!
Nobody can scan your card without it being pinched wih your fingers – guess you hve to be careful you don’t sit on it on a bouncy bus seat!

avatar

William

Looks like the simple answer ( which I knew all along, as I don;t trust banks ) is YES …

http://www.dailymail.co.uk/news/article-2137106/Your-card-details-stolen-air-Information-robbed-radiowave-thanks-new-contactless-technology.html

I think I summed it up nicely with my comment “banks have no idea what security is” that you used in your article.

avatar

Bryan84

Yes indeed but I’d say rather they know exactly what is wrong with these cards however everything revolves around numbers –> money. For sure they have calculated that incomes will be higher than thefts.

avatar

Tony M

I’ve received two replacement cards recently, a credit card from Barclays and a debit card from Lloyds/TSB, both had the “contactless” logo. I wrote to both companies asking for a card without this facility which I see as being of little benefit to me and a major security risk. Lloyds say they will provide such a card (though it hasn’t arrived yet). Barclays say they will not, therefore I am closing my Barclays account. I also have a M&S credit card which expires in November. I checked with them and received a reply saying that they do not provide a “contactless” facility. Let’s hope this remains so.

avatar

Ben

Interesting and pretty scary item here: http://www.channel4.com/news/millions-of-barclays-card-users-exposed-to-fraud

avatar

Watt Tyler

I have recently been sent contactless cards by CapitalOne – long before my current cards are due to expire – on the pretext that they need to replace my cards because my details on the current cards “may” have been compromised.

I believe that this is a totally dishonest move by CapitalOne , done for purely commercial reasons, because they believe that transaction volumes (and hence their profits) will increase if people don’t have to enter PINs. I have challenged them to provide evidence that my current cards are really ay risk, and have asked them what proportion of their customer base are having their cards replaced early because their details “may” have been compromised. Not surprisingly, answer came there none on either count!

I am very unhappy about the security issues with contactless cards – and cancelled my Barclaycard when they first introduced the feature. It looks as if I’ve now come to the end of the road with CapitalOne!

Does anyone know of a credit card which pays a reasonable level of cashback, and which is unlikely to go contactless?

WT

avatar

Tony Crafnant

I am still worried about the security issues around contactless cards, especially after seeing this youtube video. Are we safe in the UK from this possible ‘skimming’? http://youtube.googleapis.com/v/lLAFhTjsQHw&sns=em

avatar

ben

My contactless barclays credit card embarrasses me alot. it fails every month and i have to call in and get it replaced. Any reason why transaction decline after using it like a day or two before it stops?

avatar

william

How many other contact-less cards do you have in the same wallet ? And I assume you remove the card and use it away from the wallet ?

avatar

TonyM

When the vulnerability of contactless cards was first publicised a couple of years ago, I asked Barclaycard to provide me with a replacement card without this facility. They refused, so I cancelled my account with them – I’m glad I did so.

avatar

wavechange

The banks tell us that contactless cards are secure. The banks told us that phantom withdrawals at ATMs were impossible.

I am now prepared to use a contactless card because my bank will have to refund any money taken from my account. It is their risk and not mine.

avatar

Rick

I’ve been a victim of contactless credit card fraud and got here via search on the internet to see if anyone else has been affected. Noticed only many weeks later as the people spoofed the name of a genuine business (well named it almost identical to a business I use regularly to get my lunch). They spent £9 via contactless payment which is very odd but it was to a fake company. It must have been cloned somehow. The credit card company was reluctant to give any information.
It’s hard to spot unless you check your statement regularly.
I was refunded in full by the card issuer and the card was blocked and a new one supplied.
I have no idea how the scammers got my details but I use my card for everything. Last year I spent over 14K on my card and the payments go out via direct debit. I use my card abroad and also make purchases internationally via the internet.
My advice: check your statements regularly and don’t just assume the label you see on your statement refers to a genuine sale.
The credit card companies are generally very nice and supportive so no need to panic but don’t ignore your statements. Get a phone app and it’s easier to keep track.
Hope this is useful to someone.

avatar

chris m

We have devised a simple and economic system to totally combat card fraud, which also includes payments by mobile phone, but no one seems interested. We believe this is because we are always referred to Card Fraud offices, who make their living only whilst card fraud exists. Using this system, all easily possible with existing technology, any one could parade around wearing their account number printed on their t-shirt and still no one could access their money. There are many other very appealing aspects to our proposal that will interest consumers greatly but no one wants to listen. Do you ?

Back to top

Post a Comment

Commenting guidelines

Your email is never published nor shared. Required fields are marked

Tired of typing your name and email? Why not register.

Register or Log in

Browse by Category

Consumer Rights

762 Conversations

9463 Participants

27111 Comments

Energy & Home

636 Conversations

7001 Participants

24059 Comments

Money

811 Conversations

5957 Participants

15525 Comments

Technology

769 Conversations

7414 Participants

19214 Comments

Transport & Travel

597 Conversations

4759 Participants

13403 Comments