eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
Do you know who has been contacting your “contactless payment card,” or those of your customers? You may not.
With todays magnetic-stripe credit cards, you at least know who you have given your card to.
To use your account, thieves must get their hands on your card; or, if they gain access to online records, they have to get not only your credit-card number, but also its expiration date (and more recently, the authorization code on the card back).
However, the new “contactless” payment systems present new opportunities for fraudulent activity that are far less obvious than with mag-stripe cards.
A thief need not have possession of a victims contactless card in order to capture all the relevant information. He or she only has to intercept the data during the wireless connection between the card and a point-of-sale system.
The thief doesnt even need to decrypt the contents. Its enough to extract the encrypted data and use that in a transaction.
And to read the encrypted data, one only needs to get in reasonably close proximity to the victim. Contactless radio signals are very short range, but can be picked up from three to six feet. A thief can simply “walk by” the victim.
Proximity or “contactless” cards are used exclusively in physical locations which, not coincidentally, is where the majority of credit-card fraud occurs.
Worse, the majority of fraud is perpetrated by employees; by insiders, whose access to cards and ingenuity in misappropriating data are a deadly combination.