You are here: Home - Saving-Banking - News -

Contactless card fraud a doddle, Which? investigation reveals

0
Written by:
23/07/2015
A security flaw in contactless cards can be exploited by fraudsters to make expensive online purchases, a Which? investigation has revealed.

Which? researchers purchased contactless card-reading technology “easily and cheaply” from the internet, then tested 10 common contactless cards (six debit, four credit) to assess the strength of their security.

While the cards were supposedly equipped with ‘masking’ provisions to hide sensitive personal information, the consumer group easily obtained and decoded account data – including card number, expiry date and recent transaction details – using free software.

“We doubted we’d be able to make purchases without the cardholder’s name or CVV/CCV code,” an unnamed Which? researcher said.

“But we were wrong.”

Researchers went shopping with the information they had obtained, and were able to successfully place orders for expensive items on a mainstream ecommerce site, including a £3,000 television.

Concerns have previously been raised about the size of transaction allowed via contactless. When contactless cards were first introduced, transactions were capped at £15. This rose to £20 in June 2012, and is scheduled to increase to £30 this September. Transaction caps are standard across contactless cards – reducing them can be at best time-consuming, at worst impossible. This gives rise to the prospect that a lost or stolen contactless card could be used to make several payments before cancellation by the holder.

However, Which? now believes the real concern for consumers and issuers should be the ease with which payment details can be lifted from contactless cards.

“Using our card reader, we got enough details to allow us to go on an internet shopping spree – with these card details, the contactless transaction limit is irrelevant, because online transactions aren’t contactless,” the researcher continued.

Recent UK Payments Council research suggests there around 58m contactless cards in circulation the UK, with £2.32bn spent using them in 2014. Official fraud figures for contactless cards show losses attributable to contactless card fraud are currently less than 1p per £100, but Which? believes it is impossible to know the true scale of theft via contactless readers, as it would be hard for a victim to know whether their card details had been lifted this way.

Which? is calling on banks to allow consumers to opt out of contactless cards if they wish.  Almost all leading debit and credit card providers issue contactless cards as standard, and few allow customers to opt out of having one.

Commenting on the Which? investigation, Peter Eisenegger, a security expert who helped develop European standards for contactless cards, said: “It’s vital to protect consumers from fraudsters who have the knowhow to develop mobile card readers with much greater reading distances than those used by retailers.”

There are 0 Comment(s)

If you wish to comment without signing in, click your cursor in the top box and tick the 'Sign in as a guest' box at the bottom.

Autumn Statement: Everything you need to know at a glance

Yesterday Chancellor Jeremy Hunt made his first fiscal statement in the role, outlining a range of tax measure...

End of Help to Buy: 10 alternatives for first-time buyers

The deadline for Help to Buy Equity Loan applications passed on 31 October. If you’re a first-time buyer who...

Moving to an energy prepayment meter: Everything you need to know

As households struggle with the soaring cost of energy, tens of thousands of billpayers are expected to move o...

What will happen if rates change

How your finances will be impacted by a rise in interest rates.

Regular Savings Calculator

Small regular contributions can build up nicely over time.

Online Savings Calculator

Work out how your online savings can build over time.

DIY investors: 10 common mistakes to avoid

For those without the help and experience of an adviser, here are 10 common DIY investor mistakes to avoid.

Mortgage down-valuations: Tips to avoid pulling out of a house sale

Down-valuations are on the rise. So, what does it mean for home buyers, and what can you do?

Five tips for surviving a bear market mauling

The S&P 500 has slipped into bear market territory and for UK investors, the FTSE 250 is also on the edge. Her...

Money Tips of the Week