Contactless Payment Cards At Risk From Thieves

Researchers for the watchdog tested six debit cards and four credit cards using the newest technology being sold online, saying they were able to obtain information for each card.

Which? reported: “Using a reader and free software to decode data we were able to read the card number and the expiry date from all ten”.

The tests have shown the thieves armed with scanners are able to capture card numbers and expiry dates to use for online purchases.

With fraudulent transactions it is the responsibility of the card provider to prove that you authorised the payment or were negligent.

A year ago in Britain over £2 billion worth of purchases were paid for with contactless payment.

It could then be used by criminals to make online purchases.

The spokesman added: “By touching volunteers’ cards to our card reader, we got enough details to allow us to go on an internet shopping spree”.

That number should increase this year not only due to the rise in popularity of the cards, but also because the limit for a single transaction with the card is set to jump from £20 to £30 on September 1st. Contactless payment is becoming increasingly popular but could face setbacks if consumers become concerned about weak security.

He said that while no card gave up the three-digit CVV security code from the back of the card, one online store allowed the team to order a £3,000 television with the data gathered from one card.

Privacy expert Peter Eisenegger of the National Consumers Federation predicted consequences could be grave regardless of how small the number of cards affected was.

Metal cases are available to buy which claim to protect cards from such readers, while Which? said in their tests they found wrapping a card in foil did stop the details from being taken by their reader.

At least 58 million of the cards, which do not need a PIN number, are now in use.

What should I do if my details are stolen?

However, the UK Card Association reassured that consumers are fully protected against such fraud losses.

“Instances of fraud on contactless cards are in fact extremely rare, with losses of less than a penny for every £100 spent on contactless – far lower even than overall card fraud”.

‘The method shown by Which? is not a new discovery.

‘The vast majority of online retailers require additional data such as the card security code, along with the cardholder’s address, which can not be harvested electronically.’.