Contactless card payments are massively popular within the UK. they have outdone pin payments and chip payments. Contactless payments appreciated by 30%. 52% of all shop payments in July 2018 were contactless. All in all, there were 7.4 billion contactless payments in 2018.
Close to 7 out of 10 UK payments tend to be contactless, and 17% of all 25-34-year-olds make just one monthly payment with cash or depend wholly on cards to make payments. This has led to the contactless card skimming scams.
A good reason for the rising popularity of contactless cards is that they are simple and easy to use to pay for a whole range of goods. Although, by doing away with the need for a PIN code, contactless cards do permit arguably the swiftest way to pay . They are just as readily amenable to criminal manipulation.
How do contactless card skimming functions?
Contactless cards are equipped with both a chip and an antenna that execute a transaction. Upon holding a card near a card reader, the trailer’s card reader transmits a signal that is picked up by your card’s antenna. The card chip has account info by the aid of which the card reader can process payment.
These days, payments are limited to a maximum of GBP 30 and are generally used for minor retail transactions. However, there may sometimes be an issue with card clash, which is when two contactless cards simultaneously engage with a card reader.
Since payments are batch-processed, contactless payments are also relatively instantaneous.
Contactless Card Skimming: should there be any legit safety concerns?
The engineers and designers who have developed contactless tech naturally swear by the tech’s impeccable security. They insist that the stories surrounding the ‘susceptibility’ of contactless cards are just that – stories. These comprise, per engineers, the new Urban Legend. Let’s do a recap :
# Are contactless cards readable from a distance?
hearsay/‘myth’ says : scammers would be using long-range RFID readers to cull data from contactless cards from a distance, employing that data to make cardholders’ accounts reachable, thus enabling theft. Engineers deny this unequivocally. The NFC or near field communication used in contactless cards makes use of a 13.56 Mhz radio frequency tech that restricts itself to relaying data within the briefest of ranges. As a rule, the optimal distance is no more than 4 centimetres – beyond this, the signal undergoes progressive weakening and can never attain 10+ centimetres.
# What about short-range skimming?
Per the ‘myth’ (as the engineers quip): a scammer armed with an NFC reader would be enabled to reach out to contactless cards in someone’s pockets in someone’s pocket/bag in crowded subways and suchlike. Thus, the likelihood of their subsequently ‘skimming’ sufficient vital data to produce a counterfeit card or buy things online becomes quite strong.
The engineers deny this. They assert that it is simply not doable to clone a contactless card. What’s more, these experts are adamant that when a scammer uses stolen data to make online purchases, they get caught by the POS. Both the processing network and the bank come to know immediately of the fraudulent purchase, and the wheels of Law Enforcement start a-turning.
# There are chances of repeated purchases made, thanks to skimmed data from the contactless card.
The engineers discount this as a ‘myth’. They reiterate that the total number of purchases made will remain low even with a counterfeit card. The total number of purchases made with an EMV card is limited in most countries, with no restrictions on tiny transactions in succession. After the said number of small transactions, there’s a requirement for chip reset and PIN contact mode. The engineers like mentioning that the concerned banks will cover the small amounts.
Are contactless card skimming Perfect Security Incarnate?
If we are to believe EMV developers, contactless card security is immaculate.
Engineers posit that, dissimilar to older magnetic stripe bank cards, EMV cards deploy a smart microprocessor chip tech that – secures credentials of the cardholder; does cryptographic computation to shield its communication with the processing network and POS or Point of Sale.
EMV cards are vastly superior to magnetic stripe cards. DDA or Dynamic Data Authentication is genuinely cutting edge when it comes to new security defence mechanisms.
We are lucky to have engineers without an iota of doubt in their products/services. But the plague of thieving makes us disbelieve them that much more.
Has Contactless Card Skimming assumed alarming proportions?
Apparently, contactless technology permits scammers an easy way to reach your funds sans a PIN. Supposing that you take pains to shield your card from harm, consumers are rightly alert since Contactless Card Skimming doubled in 2018.
Since contactless tech at the moment restricts purchases’ value, the total potential value of fraud concerning these frauds is depreciated.
Contemporary research proves that the GBP 30 maximum spent on contactless cards can be circumvented. Furthermore, some contactless cards’ payment system flaws could permit scammers to steal hundreds of pounds in one transaction.
Breaking the GBP 30 concerned a hack that used a device that intercepted signals between the card and the card reader. There’s a simultaneous message to the card that any verification at that stage is uncalled for. It is conveyed to the card reader that verification has been supplied.
Another scammer-prefered method is to process payments by standing close to someone on a bus or in another densely packed, reading their contactless card thru their clothes. There’s no ground to believe, however, that this sort of fraud is not common.
Contactless Card Skimming: avoidance
Contactless Card Skimming is rising in incidence. In the earlier half of 2018, thieves pilfered more than GBP 8 million from Contactless Card Skimming.
- You can put the leash on the thieving and scamming by being attentive to the following points:
- Don’t store your cards in pockets/bags that are easy of access, for that would only draw in pickpockets’ attention;
- Line your cardholder or wallet with tin foil to bar scamming devices from deciphering your card.
- If you don’t fancy all the DIY hustle, there are things like RFID readers that serve the subject just as well;
- Don’t let your card out of sight even for a few seconds – if anyone takes your card out of sight even for a couple of seconds, they could be skimming data from the magnetic strip of your card;
- Be present there physically at the time of transactions – don’t burden even friends with all of the responsibility;
- For proof of goods/services bought, always demand a receipt for the exact amount;
- Watch bank statements with an alert eye, besides your credit report – for those tell-tale signs, stolen/lost cards have to be reported ASAP.
- There’s only so many times you can use a contactless card before you must ask for a PIN, but there’s no call in letting scammers get away with small transactions totaling GBP 30 before security measures are worn out.
The go-to agency nationwide is, naturally, Action Fraud.
While there’s merit in the EMV developers’ assertion that cutting edge tech be trusted, there are yet steps remaining before we may consider contactless cards to become truly indestructible security-wise. Till that awaited invincibility arrives, you have to take your own stand against Contactless Card Skimming. The steps involve habituating vigilance hygiene – getting to know the optimum security and advice banks may offer during difficulties and using whatever means necessary to keep skimming at bay. Too much is at stake, and neither good intentions nor complacency are guarantors for cardholder account security. That’s our best shot – till the engineers can come up with what would have to be something ‘infinitely’ better.