Following on from my last release of credit card fraud, I felt that I had to write a small article on one of the topics mentioned in more detail, contactless credit card fraud.
Contactless credit/debit cards are now (in the UK) a very common addition to the chip and pin payment method. Imagine this, I am at my regular coffee house and go to order that double shot latte and notice that I have no cash on me, no problem, I will pay by card. I get my card out and simply touch my card to the contactless device and hey presto, coffee paid for. What’s the problem with this I hear you ask? Contactless payments have been around for quite some time here in the UK. Well there’s no problem with the mechanism itself, only with the fact that the chap standing behind me has just scanned my cards (and I have a few) in my wallet with his phone and helped himself to my full name, number and expiry date of all of the cards in my wallet without even stealing it! How about that for a perfect crime and the app runs on any “off the shelf” smartphone.
There are approximately 19 million contactless cards in the UK, Barclays attribute for about 13 million of them. So, the majority of online stores have linked added security verification (Barclays in particular) to prevent this fraud, as well as the C V V (3 digit number on the back of the card) to be required for payment. However there are hundreds of online stores that don’t ask for the C V V or added security measures.
I know what you are thinking, that’s terrible right? How can banks issue these cards without even encrypting the contactless information when paying this way? I think the same way and now that Lloyds and other banks are issuing these cards, there’s serious fraud about to happen. This is a very serious breach of the data protection act without any doubt and what are the banks doing about this, nothing. In fact they freely admit this is a concern but without the 3 digit C V V code it should not be possible to use the information. But, as Channel 4 News highlights, it is indeed possible and hundreds of websites accept these “stolen” details as payment (including Amazon – go figure that one). Don’t just take my word for it, click on the link at the end of the page to watch the video and read what Channel 4 News has to say.
You know, someone will always benefit from someone else’s misfortune, and this is a perfect example. Sales in shielded wallets have gone up massively (and will go up even further once this information becomes general knowledge) and I am not kidding either.
This is incredible and hard to conceive that theft could be so easy. Can you imagine how many opportunists will be walking the streets getting that little bit closer to you with a smartphone in their pocket (is that a phone in your pocket or are you just about to rob me – sorry, I couldn’t resist that comment). On the tube, on the bus, in-line for that coffee and capturing not just one cards information from your wallet, all of them! Look who’s hosting the Olympics this year and the extra million’s coming over, all with wallets.
There is a website that details the contactless system of payment and also a 17 page document that highlights the process of payments – from a retailers point of view. There is one part where the document states “Customer Action”, and I am going to write in and suggest to cover your wallet in tin foil or indeed, buy a shielded wallet and watch the shares go up.
My advice, get a shielded wallet and buy shares in the company that makes them as this will be a massive problem that we have not seen yet.
With thanks to Channel 4 News http://www.channel4.com/news/fraud-fears-grow-over-contactless-bank-card-technology
Neil Cattermull, Director of Cloud Practice, Compare the Cloud
Neil's focus is on developing cloud technology and big data. You can often find him advising CXOs on cloud strategy.