International

UK Watchdog: Contactless Cards ‘Putting Millions At Risk’

Research conducted by U.K.-based consumer watchdog group Which? showed the card numbers and expiration dates of contactless cards can be captured through the use of a simple scanner, opening the door for millions of users to be exposed to fraud, The Daily Mirror reported yesterday (July 23).

Research conducted by U.K.-based consumer watchdog group Which? showed the card numbers and expiration dates of contactless cards can be captured through the use of a simple scanner, opening the door for millions of users to be exposed to fraud, The Daily Mirror reported yesterday (July 23).

The group’s tests proved a handheld device placed near a “tap and pay” card could easily pick up the sensitive data. Six different debit cards and four credit cards were tested and all of them showed signs of the security flaw. The stolen information was then used to successfully purchase items online.

According to The Daily Mirror, a report of the test results stated that while the name of the cardholder and the security code were not captured during the transmission, cybercriminals are still provided with enough information to make purchases from a mainstream website.

“By touching volunteers’ cards to our card reader we got enough details to go on an Internet spree,” the report claimed.

In the U.K. alone, roughly 58 million of the types of cards used in the tests may currently be in circulation and it is possible fraudsters could steal the data by simply holding a device close to a person’s purse or wallet.

Privacy expert Peter Eisenegger, of the National Consumers Federation, told The Daily Mirror a small percentage of cards could be read from anywhere up to 20 centimeters (almost 8 inches) away.

“Even if this was to occur in 0.1 percent of cases, with more than 300 million transactions taking place last year, many consumers could be affected,” Eisenegger added.

But according to others, the threat discovered by Which? may actually be a false alarm.

The U.K. Cards Association stepped up to dismiss the findings and told The Guardian the methods shown by the testing were not a new discovery.

“Instances of fraud on contactless cards are in fact extremely rare, with losses of less than a penny for every £100 spent on contactless – far lower even than overall card fraud,” Richard Koch, head of policy at the U.K. Cards Association, explained to The Guardian.

He added that, in the majority of cases, a retailer requires more information, such as the security code and the cardholder’s address, to even begin processing a transaction.

To check out what else is HOT in the world of payments, click here.

——————————

PYMNTS LIVE ROUNDTABLE: TUESDAY, JULY 14, 2020 AT 12:00 PM (ET)

Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.

Click to comment

TRENDING RIGHT NOW