Thread: Fraud fears grow over contactless bank card technology
View Single Post
Old 30-03-2012, 10:05   #20
Tim Deegan
cf.mega poster
 
Join Date: Sep 2011
Services: 3 phone lines, 100mb broadband, and TV x2 (including one Tivo)
Posts: 2,128
Tim Deegan has reached the bronze age
Tim Deegan has reached the bronze ageTim Deegan has reached the bronze ageTim Deegan has reached the bronze ageTim Deegan has reached the bronze ageTim Deegan has reached the bronze ageTim Deegan has reached the bronze age
Re: Fraud fears grow over contactless bank card technology
Quote:
Originally Posted by Matt D View Post
It is rather dodgy that someone with an NFC-enabled phone could essentially pickpocket you without ever actually touching your wallet.

Sure, once you report a card as lost or stolen or fraudulently used, it gets blocked... but if the card is still in your wallet, how long would it take for you to realise someone has read the info and gone off to spend your money?
This is what most credit card fraudsters rely on.

I had one fraudulent transaction against my company, which wasn't noticed until the genuine card holder received their statement. By which time the goods had been delivered

But because the first tranasaction was successful they tried again. But by this time, after a big argument with the secure gateway for giving me the wrong advice on security settings, I had increased the security.

They then made 19 attempts using 19 different American cards.

I can't go into details, but after talking to the fraud squad, it seems that no credit or debit card are as secure as we thing they are. In fact for the buyer, the safest way to purchase is on line through a secure gateway. And make sure the seller is PCI compliant.

---------- Post added at 10:05 ---------- Previous post was at 10:00 ----------

Quote:
Originally Posted by Chris View Post
In which case, the critical weakness is with Amazon, not with the Visa card. They should be verifying that the purchaser is in possession of the card by collecting the CVV at point of sale, but they're not (presumably because they think it interferes with their one-click impulse buying engine). They should also be cross-checking addresses but again, they want to operate a gift delivery service so their product offering is taking precedence over card security measures.
The CVV check is down to their level of security.

As for the address checks, depending on the gateway this should be done anyway (including the status of the alternative delivery address). However, there are things that the banks don't check, but easily could do. It's the banks that really need to tighten their security up.

Before anyone asks me to go into details. I'm not going to for security reasons.
Tim Deegan is offline   Reply With Quote