Are Contactless Payment Cards Tickets to Wholesale Fraud?

Opinion: Contactless systems that let customers wave a credit card over a reader to make a purchase are convenient, but the capacity for fraud is mind-boggling, according to Jeff Chasney, CIO of CKE Restaurants.

Do you know who has been contacting your "contactless payment card," or those of your customers? You may not.

With todays magnetic-stripe credit cards, you at least know who you have given your card to.

To use your account, thieves must get their hands on your card; or, if they gain access to online records, they have to get not only your credit-card number, but also its expiration date (and more recently, the authorization code on the card back).

However, the new "contactless" payment systems present new opportunities for fraudulent activity that are far less obvious than with mag-stripe cards.

A thief need not have possession of a victims contactless card in order to capture all the relevant information. He or she only has to intercept the data during the wireless connection between the card and a point-of-sale system.

/zimages/6/28571.gifHow Safe Are the New Contactless Payment Systems? Click here to read more.

The thief doesnt even need to decrypt the contents. Its enough to extract the encrypted data and use that in a transaction.

And to read the encrypted data, one only needs to get in reasonably close proximity to the victim. Contactless radio signals are very short range, but can be picked up from three to six feet. A thief can simply "walk by" the victim.

Proximity or "contactless" cards are used exclusively in physical locations which, not coincidentally, is where the majority of credit-card fraud occurs.

Worse, the majority of fraud is perpetrated by employees; by insiders, whose access to cards and ingenuity in misappropriating data are a deadly combination.

/zimages/6/28571.gifRead the full story on CIO Insight: Are Contactless Payment Cards Tickets to Wholesale Fraud?