Fraud fears grow over contactless bank card technology

Quote:

Originally Posted by Matt D

Well, you'd think so, but according to C4's investigation they were able to purchase items from Amazon using different billing and delivery addresses to those of the cardholder.

In which case, the critical weakness is with Amazon, not with the Visa card. They should be verifying that the purchaser is in possession of the card by collecting the CVV at point of sale, but they're not (presumably because they think it interferes with their one-click impulse buying engine). They should also be cross-checking addresses but again, they want to operate a gift delivery service so their product offering is taking precedence over card security measures.

[Stuart]

Quote:

Originally Posted by Hom3r

Correct me if im wrong, but this contactless method (I have a Barclaycard with this) is limited to small amounts of around £10/20, and still require a pin ?

If you somehow got hold of a portable reader (like those Waiters often have access to) and reprogrammed it, you could still defraud an awful lot of people just walking down a busy street.

[mertle]

Quote:

Originally Posted by Matt D

It is rather dodgy that someone with an NFC-enabled phone could essentially pickpocket you without ever actually touching your wallet.

Sure, once you report a card as lost or stolen or fraudulently used, it gets blocked... but if the card is still in your wallet, how long would it take for you to realise someone has read the info and gone off to spend your money?

read one way to stop it but special sleeves blocks out scammers getting the signals until removed to be used then can still pick up.

The other not brilliant solution rap it in aluminium.

Was potentially always going to happen stupid stupid idea.

There only one way biometrics or eye scan expensive but only way.

A tinfoil hat for your credit card?

[Tim Deegan]

Quote:

Originally Posted by Matt D

It is rather dodgy that someone with an NFC-enabled phone could essentially pickpocket you without ever actually touching your wallet.

Sure, once you report a card as lost or stolen or fraudulently used, it gets blocked... but if the card is still in your wallet, how long would it take for you to realise someone has read the info and gone off to spend your money?

This is what most credit card fraudsters rely on.

I had one fraudulent transaction against my company, which wasn't noticed until the genuine card holder received their statement. By which time the goods had been delivered

But because the first tranasaction was successful they tried again. But by this time, after a big argument with the secure gateway for giving me the wrong advice on security settings, I had increased the security.

They then made 19 attempts using 19 different American cards.

I can't go into details, but after talking to the fraud squad, it seems that no credit or debit card are as secure as we thing they are. In fact for the buyer, the safest way to purchase is on line through a secure gateway. And make sure the seller is PCI compliant.

---------- Post added at 10:05 ---------- Previous post was at 10:00 ----------

Quote:

Originally Posted by Chris

In which case, the critical weakness is with Amazon, not with the Visa card. They should be verifying that the purchaser is in possession of the card by collecting the CVV at point of sale, but they're not (presumably because they think it interferes with their one-click impulse buying engine). They should also be cross-checking addresses but again, they want to operate a gift delivery service so their product offering is taking precedence over card security measures.

The CVV check is down to their level of security.

As for the address checks, depending on the gateway this should be done anyway (including the status of the alternative delivery address). However, there are things that the banks don't check, but easily could do. It's the banks that really need to tighten their security up.

Before anyone asks me to go into details. I'm not going to for security reasons.

[mertle]

Quote:

Originally Posted by Chris

A tinfoil hat for your credit card?

indeed inconvenient but actually works been advice in yankie land which this stupid techno been out for abit.

http://pamela99.hubpages.com/hub/Ide...als-New-Access

http://www.ehow.com/how_4744558_keep...ards-safe.html

love the first one LEAVE IT AT HOME.

[Tim Deegan]

Quote:

Originally Posted by mertle

indeed inconvenient but actually works been advice in yankie land which this stupid techno been out for abit.

http://pamela99.hubpages.com/hub/Ide...als-New-Access

Yeah, very inconvenient. It would be far better if the banks increased their terrible security, especially AMEX who believe it or not, are the worst.

[mertle]

Quote:

Originally Posted by Tim Deegan

Yeah, very inconvenient. It would be far better if the banks increased their terrible security, especially AMEX who believe it or not, are the worst.

Indeed it seems they want make life easier for crims. You know what I would not be shocked they wont refund fraud at some point.

[Tim Deegan]

Quote:

Originally Posted by mertle

Indeed it seems they want make life easier for crims. You know what I would not be shocked they wont refund fraud at some point.

Well they certainly aren't making any more difficult for them. The potential is there for very strict security, but they don't seem to want to use what is available to them.

[mertle]

Quote:

Originally Posted by Tim Deegan

Well they certainly aren't making any more difficult for them. The potential is there for very strict security, but they don't seem to want to use what is available to them.

true they blame costs for not implenting the tech but for what fraud costs surley it would balance. Now would love to see the figures of implenting to fraud costs. Not forgeting it would be bank v bank totals.

I glad mine at moment not one these but believe others barcleys got plans it stupid.

You can stand near them get apps on devices which will scim them just by standing next to someone as long the persons wallet near the it will read it.

[Tim Deegan]

Quote:

Originally Posted by mertle

true they blame costs for not implenting the tech but for what fraud costs surley it would balance. Now would love to see the figures of implenting to fraud costs. Not forgeting it would be bank v bank totals.

I glad mine at moment not one these but believe others barcleys got plans it stupid.

You can stand near them get apps on devices which will scim them just by standing next to someone as long the persons wallet near the it will read it.

It shouldn't really be a big cost issue. Many of the merchant services and gateways already request far more information than the banks actually check. The banks have the details to cross check, so it would just be a case of the banks catching up with the gateways and merchants service suppliers.

[mertle]

Quote:

Originally Posted by Tim Deegan

It shouldn't really be a big cost issue. Many of the merchant services and gateways already request far more information than the banks actually check. The banks have the details to cross check, so it would just be a case of the banks catching up with the gateways and merchants service suppliers.

thanks my bank given us software online but secerity already high it interfered.

We have password thing too if buy anything online they now second layer you go through.

Now the only thing about shops is if your asked password or question it could be recorded.

In privacy in bank little easier to have that extra barrier.

The other is identity that again could be faked.

The problem also is people themselves they dont want jump through hoops to shop. This why this stupid idea came from ease shopping. People hate queuing longer necessary hate pin, everything in speed.

When the first barcley advert came up with him sliding down slide we said it would open fraud easier our family.

[Anonymouse]

Quote:

Originally Posted by Matt D

The issue with this is that the cards transmit the cardholder's name, the card number, and the expiry date... all unencrypted.

This sounds like a silly, obvious question, I know, but...why is this information transmitted unencrypted?!

And don't say it's because of cost - how much more does it cost the banks etc. in fraud claims? If they'd just ensure it's encrypted, end of problem...well, at least until some genius proves the Riemann Hypothesis, that is.

[mertle]

Quote:

Originally Posted by Anonymouse

This sounds like a silly, obvious question, I know, but...why is this information transmitted unencrypted?!

And don't say it's because of cost - how much more does it cost the banks etc. in fraud claims? If they'd just ensure it's encrypted, end of problem...well, at least until some genius proves the Riemann Hypothesis, that is.

Its valid point however encryptions only go so far once system cracked you then have to change it suppose thats the expense.

Tetra was deemed uncrackable its now been cracked by maths lecturer at uni. Geniuses cant stop giving themselves the challenge of breaking the unbreakable. Not problem but usually that information finds it way in the wrong hands.

What man can do man can unlock.

[Tim Deegan]

Quote:

Originally Posted by mertle

thanks my bank given us software online but secerity already high it interfered.

We have password thing too if buy anything online they now second layer you go through.

The 3D secure part when you buy on line is what makes buying on line the most secure way to buy.

Quote:

Originally Posted by mertle

Now the only thing about shops is if your asked password or question it could be recorded.

You should never give out any passwords or security questions in a shop. The only place you should do this is by entering your pin number into a chip and pin machine. Or at the 3D secure stage of an on line transaction.

In a shop they should pass you the chip and pin terminal, and they should never handle the card.

With an on line secure gateway, the retailer won't even see the whole card number, and therefore can't record it.

Even if you pay over the phone the retailer should NEVER make a note of the security code.

Quote:

Originally Posted by mertle

In privacy in bank little easier to have that extra barrier.

The 3D secure window on line comes direct from the card issuer.

Quote:

Originally Posted by mertle

The other is identity that again could be faked.

Most secure gateways ask for far more information than the banks request. The banks could easily cross match all of the information, which would lower the chance of identities being faked.

Quote:

Originally Posted by mertle

The problem also is people themselves they dont want jump through hoops to shop. This why this stupid idea came from ease shopping. People hate queuing longer necessary hate pin, everything in speed.

If all the information that is currently required by the secure server gateways was cross matched by the banks, then there would be no need for any extra levels of security.