Saturday, August 20

Security flaws of contactless cards: How a time saving masterstroke can be exploited by criminals



Contactless cards offer a quick and easy way to pay in shops and restaurants, but could also offer easy pickings to fraudsters if not properly protected.

A reader discovered this to his cost when his card seemed to go on a shopping spree without him – and, no, it wasn’t his wife.

Desmond, from Wolverhampton, wrote to me after a cash machine displayed an “insufficient funds” message when he tried to withdraw some money. He knew this couldn’t be right as he had been paid just a few days before.

So he contacted his bank which confirmed that there had been 13 transactions over the past three days totalling £2,125.

Each transaction was an online purchase with his debit card, but Desmond had not made any of them himself.

Desmond was not the only victim, by coincidence he discovered that one of his friends had also been ripped off.

The pair reported the crimes to the police and the pieces of the jigsaw started to come together.

Desmond and his friend had been in Wolverhampton’s city centre on the same day and both were carrying contactless debit cards.

Such cards allow customers to pay for goods worth up to £30 without entering a PIN. The card has a chip built in that, when activated, sends your bank details to a receiver via radio waves.

To make a payment, users hold the card within a few centimetres of a terminal which picks up the signal and processes the transaction. However, this is where the system is vulnerable and prone to attack by fraudsters.

Someone operating in the city was using a machine to pick up bank details from contactless cards as their owners walked by. The information was then used in an online shopping spree.

This demonstrates a major flaw in contactless cards.

However, I spoke to a cybercrime expert who advised users to buy a special ¬plastic sleeve to put over contactless cards. These provide a barrier which prevents a signal being transmitted until you are ready to make a payment.

You should also check your bank statements on a regular basis to look for any signs of fraud.