/ Money

Do contactless cards expose you to fraud?

Are you worried about the security of using new technology? Barclays hit the headlines after fears customers using contactless bank cards may have had their data stolen via ‘secret swiping’ techniques.

Most of us are keen to try out new payment methods and forms of banking as they provide quick, convenient and flexible ways to manage our finances.

But are the security risks too great?

Contactless cards are designed to allow rapid payment by holding them against special readers, with no Pin required.

Channel 4 News found that readers built into new mobile phones can be adapted to take data from contactless debit or credit cards by swiping them in people’s wallets and pockets.

The new pickpockets

In the Channel 4 investigation, researchers were then able to buy goods online. The information obtained via the ‘secret swipe’ included the long card number, the expiry date and the cardholder’s name, and none of the information was encrypted.

Barclays has blamed retailers for their systems, stating that the issue isn’t with contactless cards, but with the checks undertaken for ‘card not present’ payments by some retailers.

However, Channel 4 said it was only able to access details of Barclays-issued Visa cards and that other banks and their systems weren’t accessible. Whoever is at fault, these revelations will come as a shock to you if you’re a holder of one of the estimated 15 million contactless cards in circulation in the UK.

Security worries persist

When Barclaycard launched its new Pingit payment system in February, several of you expressed similar security concerns. Conversation commenter William said:

‘Nice idea, shame about the lack of security. We’ll eagerly await the first news story of how people mysteriously lose up to £300 because banks have no idea what security is.’

However, Banking Insider told us:

‘I imagine that Barclays will have considered all of the possible attack vectors including handset-based trojans. I suspect that they’ll have invested very heavily in security which normally involves working with 3rd party security experts. Don’t forget that they are liable for any losses so skimping on security wouldn’t make a lot of business sense.’

Does the same apply to contactless cards or is this a payment method you’ll avoid? Has this latest episode made you even more wary or do you think that there will always be issues when these products are first launched, that are then quickly resolved?

Les says:
6 April 2012

Barclays have just issued me with a new debit card as they have told me that my details may have been taken from my old card. When I questioned them on this they suggested that a shop assistant had been copying card numbers and I had used my card in this shop so they were doing this as a precaution. I never associated this with the fact that the card was contactless as I never use this feature. Having to change my card details with all my online accounts is a big inconvenience. Couple this with the security issues of these contactless cards and it’s not worth all the bother. Back to the drawing board I think Barclays.

ayesha says:
8 April 2012

My son who just started university this year was offered one of these contactless cards which he very sensibly declined. He was told that items upto £15 could be paid for with it and when he asked, what if someone got hold of it and went on a spending spree would he be liable? and the bank replied “not if you can prove that it was stolen or that u lost it”

How on earth do you “prove” u lost a card or had it stolen???? I have had cards lost or stolen before now and never had to prove it. i couldn’t!

Pangit says:
29 April 2012

The answer to this is:
1. Use the card to identify you with the central computer.
2. Then a palm scanner used at the point of purchase of goods to scan the Palm of your hand a copy of which is held on your computer record identified by your card.

The palm of your hand having previously be taken by the card issuer or other body for comparison

If the two items match then the sale goes ahead.

Basically Chip and Hand.

Also stops people lending their cards to there friends or relatives or their kids using them.

The only loophole would be somebody copying your card and copying the electronic signature of your Palm which of course would be possible at the retailers, ATM etc. Just chip and pin numbers you enter at present are copied by the retailer or ATM etc.
The basic rule is if it is electronicaly captured it can always be cloned.

Bryan84 says:
29 April 2012

It is very sad that banks expose us for such risk. Once I watched on TV that thieves can obtain so easily your card details and use them for shopping on Amazon I was really p****d off and scared. Hopefully I found Koruma sleeves on ebay which prevents from unauthorized scanning. It really works tested in shop and on Oyster card.

Pangit says:
30 April 2012

Try wrapping your card in aluminium Baking Foil – Thats supposed to work. You could put the foil in your wallet where the card goes. Glue the foil inside the wallet card pocket.

Pangit says:
30 April 2012

There are also card around that you need to pinch with your fingers for the RFID chip to work.
It works for 200milli seconds then stops working. You then have to pinch it again for it to work again next time you need to use it (Again only works for 200 milli seconds). But the banks don’t supply this type of card as it is a bit more expensive!!
Nobody can scan your card without it being pinched wih your fingers – guess you hve to be careful you don’t sit on it on a bouncy bus seat!


Looks like the simple answer ( which I knew all along, as I don;t trust banks ) is YES …


I think I summed it up nicely with my comment “banks have no idea what security is” that you used in your article.

Bryan84 says:
30 April 2012

Yes indeed but I’d say rather they know exactly what is wrong with these cards however everything revolves around numbers –> money. For sure they have calculated that incomes will be higher than thefts.

Tony M says:
4 May 2012

I’ve received two replacement cards recently, a credit card from Barclays and a debit card from Lloyds/TSB, both had the “contactless” logo. I wrote to both companies asking for a card without this facility which I see as being of little benefit to me and a major security risk. Lloyds say they will provide such a card (though it hasn’t arrived yet). Barclays say they will not, therefore I am closing my Barclays account. I also have a M&S credit card which expires in November. I checked with them and received a reply saying that they do not provide a “contactless” facility. Let’s hope this remains so.