Yesterday on Open Mike we had a bit of a discussion about contactless (“tap and go” or “wave to pay”) credit and debit cards as the result of an article linked by Dv, about technologies used by thieves to pilfer small amounts from unsuspecting people’s cards as the pass by.
Banks are keen to get everyone using them, with customers in some places overseas, when given a choice, opting to stay with older style cards. Increasingly overseas, as here, banks are not giving customers a choice. Yet, in spite of assurances, several kinds of problems have been experienced. Banks are pushing this technology, even before solutions have been found for the weaknesses. Apparently it is because the cards make transactions faster, and thus people end up spending more money.
Chris Gardner explains the technological pilfering problem in his article on Stuff:
Billions of dollars worth of New Zealand credit card transactions are at risk from a new breed of hi-tech pickpockets armed with electronic skimming devices available online for less than $100.
The devices – sourced from China – target the latest credit cards incorporating wave-to-pay technology, and can empty your card balance without you even realising.
However, it seems only small amounts tend to be pilfered from cards as the contactless function is usually for payments under about $NZ80.00. Furthermore, a Visa spokesperson, Caroline Ada, is quick to downplay the problem. She says,
that even if a fraudster should “read” the information from a contactless transaction, the information would have limited use.
There had been no reports of fraudulent reading of Visa payWave cards in New Zealand.
“Only minimal account information is stored on a Visa payWave card, which is less than traditional magnetic stripe cards or contact chip cards. In fact, newly issued Visa payWave cards do not even transmit the cardholder’s name during a transaction,” she said.
And apparently there are metal sleeves or wallets made from wire mesh that can protect cards. These can apparently be bought online, but wrapping a card in tin foil would make it just as secure. I tried that, but how do you stop the foil falling apart each time you access your card or wallet?
Additional problems with contactless cards have shown up in the UK. In May, 2013, a Guardian article described some undesirable side effects of the cards:
You hop on a bus and pay the fare with your Oyster card – then, weeks later, you’re going through your finances and discover that the money was taken from your “contactless” credit card instead. You’re left scratching your head as to how this could possibly have happened. Not only have you been charged on the wrong card, you’ve effectively been charged twice for the fare, because you pay for a weekly travelcard to be loaded on to your Oyster card.
This scenario is already being played out in London now that passengers on the capital’s buses can pay using credit and debit cards displaying the contactless payment symbol.
This speedier method of payment, is now resulting in customers having to take time to take precautions:
Transport for London (TfL) is warning people to stop keeping their Oyster card and contactless payment cards together in one holder/wallet/purse to avoid problems caused by clashing technologies.
There’s also been reports of people having had money taken from their contactless cards in department stores when they weren’t planning on using the cards. And, a reverse problem has been encountered the card wouldn’t work when an Oyster and contactless card were together in the same wallet.
The Daily Mail reported in June that, according to Ross Anderson, “professor of security engineering at Cambridge University”, in contradiction of the Visa spokesperson quoted above,
‘The problem with contactless cards is they have been rolled out in a haphazard way without careful thought into the consequences.
‘With a modified phone, which can be put together easily, a bank account can have its details stripped from a contactless card in seconds. With the list of someone’s last ten transactions, a thief can use that to answer a bank’s security question.
‘That’s not all they need to know, but a determined thief will be able to get the other information fairly easily and have access to your bank account.
‘Banks blame the stores and vice versa, but the people losing out are customers having their details stolen. The big beneficiaries are the firms who invented the inadequate technology – and, of course, the thieves.’
However, it’s not only the inventors of the contactless technology that are benefiting, but the banks and other businesses. According to The Smart Card Alliance, contactless cards have resulted in merchants seeing increased sales volumes, and fewer costs due to the ease of transactions. They claim an added value of increasing the amount of transactions and,
improved customer acquisition and retention.
They also claim something that gets a bit lost in corporate speak: i.e.
service providers can now differentiate themselves with innovative new form factors.
as well as
delivery of payment products into a variety of product types targeting different cardholder segments that have specific desires for their shopping experience.
I’ll let you work out what those last two points mean.
The Smart Card Alliance has a lot of big players in their membership, including the main producers of contactless cards, Mastercard and Visa.
So, basically, in their rush to get more of our money, these institutions that spend a lot of time warning us to handle our fincances in secure ways, ultimately care less for our security and more for their profits. And they don’t seem to care about the extra worries and hassles their rush for profits may visit on us.