Chewon

Contactless credit/debit cards are any credit card sized cards that have embedded chips that store, process and communicate data via radio waves.  They are called contactless because they aren’t swiped like conventional payment cards.  They are generally WAVED, not swiped to complete a purchase or other payment transaction.  

For instance, you have a contactless payment card and want to get through a toll booth.  You just WAVE the card at a payment reader, wait for the acceptance indicator, and voila! Transaction instantly completed and you just move right along.

Wow, what speed!  What convenience!  No signatures, no PINs, no contact.  Just wave and go.  What could be easier to use?

But the information contactless payment cards contain – what could be easier to lose?

Lose?  What do you mean, lose?  Lose my secure card information?  How can I lose it when I keep the card close to my body, hidden and secure in my wallet or purse or even underwear pockets?

Yes you can lose it and here’s how…  An identity thief, armed only with a scanning enabled smartphone that is aimed at your pocket, your purse or you, can find, read and harvest all of your card-held information – immediately — without ever making contact with you.  The perfect pickpocket… electronically, without contact.

You might still have your card but, actually, so does the thief…  And with your card info, he can immediately make online purchases; or he can share your information immediately with fellow baddies, let’s say who are in Singapore, via smartphones.  Then they too can go on spending sprees, right away with your card info. Gee, think of what these crooks can do in a crowded subway or shopping mall!

Haven’t heard of contactless cards?  Possibly not.  But it is estimated that there are about 100 million contactless cards in use.  VISA calls theirs PayWave; MasterCard named theirs PayPass; American Express’ is ExpressPay; and Discover calls their Zip.

As I searched for information about these payment cards, I found that the card vendors cite how much more “secure” these types of payment cards are over conventional “cards”.  There are even statements that there are no fraud activities reported.  That is a bit of marketing malarkey, however.  There are many reports about contactless card fraud and security breaches coming from the UK, Germany and Canada regarding this technology; and there are recorded demonstrations (done at security conferences) that frighteningly prove the real vulnerability of these cards.

One possible reason there are no big news stories about fraud with these cards is that most of these card vendors allow signature free credit card transactions for under $25.  Given these small charge amounts, it is easy for a victim to overlook fraudulent transactions when he checks his account activities — “crimes” that might not even be noticed.  But for the crooks, they can have at it in a big way with even small amounts of money.

Oh, did I mention that smartphones are now capable of doing “wave transactions” as well?   What a vision, smartphones pickpocketing smartphones!

Too bizarre to go any farther…  But, if you want to know more about this technology and details about these cards, search the internet for RFID (radio frequency identification) or contactless cards.  There’s a lot of info out there.  My purpose is not to explain the technology, but rather, to alert us all to the vulnerabilities it presents to our security.

However, I don’t want to leave you feeling totally vulnerable and at risk if you use these cards.  There are some silver bullets to try to protect against the guys with the black hats… (Sorry for the Lone Ranger stuff.  If you’re too young to know about the legend, you can always see the current movie version.  At least the silver bullet stayed true to the story…)

There are now very lightweight aluminum wallets to protect contactless cards; there are also protective sleeve like devices to protect against hacking of contactless cards.  But here’s one protector that I found a bit “cute”…

According to a Forbes article, there is a protective device called GuardBunny.  It supposedly “sits in a wallet alongside payment cards and blocks any would-be RFID fraudster…. Better still, when GuardBunny detects an RFID reader’s signal, it emits a high-pitched whining sound and its bunny icon’s eyes glow to warn of possible contactless pickpockets.”

http://www.forbes.com/sites/andygreenberg/2012/01/30/hackers-demo-shows-how-easily-credit-cards-can-be-read-through-clothes-and-wallets/

Can’t you just picture this?  High-pitched whining and glowing eyes coming from your pants or purse or?  How could you not love having GuardBunny in your wallet right alongside all your identity?
guardbunny
A warm and fuzzy where you least expected it!

This post is only “something to chew on”.  My purpose is not to discourage the use of contactless cards and devices.  It is more to inform.  If you like the convenience of these “cards” at least be aware of the price of that convenience and how to possibly protect against being electronically pickpocketed….

Advertisements