Is your contactless card vulnerable?
Filed under: Credit Cards
So what are the risks, and how can you protect yourself?
According to the UK Cards Association there are 19.6 million cards with contactless functionality in the UK. They enable people to wave a card at the reader in a shop in order to pay, so they don't need a PIN, or to rummage around in their wallet looking for a card. Instead they are paying by radiowave - known as radio frequency identification, or RFID.
The risksHowever, as the banking technology has developed, the thieves have been hard at work developing technology to exploit the weaknesses they can find. Now the criminals have put together readers which are sold online and can steal your details.
The risk has been exposed by a number of tests in newspapers and TV programmes. The expert walks past volunteers with cards in their bag while using the RFPID skimming machine. It picks up the 16 digit credit card number, expiry date and the name on the card - which is all they need. Some of the readers can even pick up multiple numbers as they stroll past a crowd. This information can then either be transferred onto a cheap plastic card, or be used to buy goods online.
No solutionMost retailers will demand your three digit security code from the back of your card before allowing you to buy goods online. The skimming process is unable to access these numbers, which is why the banks can argue that the cards are safe. However, there are a few exceptions - including Amazon - which will accept a Visa card without the security code.
David Maxwell, Director of RFID Protect said: "...as more of us start using smart phones, e-passports and contactless cards, (all of which potentially link to databases in cyberspace), we need to be extra vigilant about how criminals might seek to exploit this.... The means to gain unauthorised access to someone's credit or debit card is child's play!"
It's hard to know where the industry is going to go from here. The banking industry argues that it is meeting all the standards required of it, and says that if there's a problem then the fault lies with the retailers for not taking stringent enough precautions. The retailers argue that they are doing everything necessary to protect shoppers online and that the fault lies with the banks for making this vital information accessible to thieves.
What can you do?While they argue about where to place the blame, it's up to you to protect your card. You can place your card in tinfoil or in a foil-lined wallet. The problem is that this renders the contactless functionality useless, so it's only worth doing if you don't mind getting your card out when you want to pay.
You also need to keep a wary eye on your account. Check it regularly - not just when you get a statement - and query any transactions you don't immediately recognise. If you have any suspicions give your bank a call. It's far better to be safe than sorry.
Take care of your card. Given that information can be skimmed from it, it's even more vital than ever to make sure you never lose sight of your card or tell anyone the three digit code on the back unless you know exactly who you are dealing with. The thieves may be able to skim your name and number, but there's no excuse for giving away your security code.
None of these precautions will make you completely safe from the skimmers. However, you can make life a bit more difficult for someone - which makes them more likely to target someone else than waste their time trying to take your cash.