Stealing data from contactless cards is easy, experts warn – are they safe?

[zenitzz]

Stealing data from contactless cards is easy, experts warn – are they safe (and can you protect your wallet with foil?)

Holders of contactless bank cards could be exposed to the risk of fraud as thieves can use scanners to steal account details, consumer group Which? has warned.
It said thieves could exploit a security flaw to steal key data from contactless debit and credit cards even when they are in the holder's wallet. Tests show that thieves armed with scanners can capture the numbers and expiry dates on the cards and use them for online purchases.
At least 58million of the cards are in circulation, with total spending reaching £2.32billion last year.
So are contactless cards safe – and if you use them how can you help protect yourself against fraud?


How is the data stolen?
Contactless or 'tap and pay' cards do not need a pin number. Instead, they have a tiny antenna that links with a till terminal through near-field communication, or NFC.
The technology means that a payment is taken if the card is placed on or hovered over the till terminal.
However, Which? warned that a scanner held nearby can intercept this NFC data. It can read the card number and expiry date from the card, it said.
Its researchers tested ten cards – six debit and four credit – and found all of them had the security flaw.


Read more: http://www.dailymail.co.uk/money/saving/article-3173363/Are-contactless-cards-safe-protect-wallet-foil.html

[pedrog]

This is pretty old, people have been warning and demonstrating how to hack this cards since they were created.

Here's a presentation from 2012: https://www.youtube.com/watch?v=HRXb-FZ6WFM

[goosoodude]

This is pretty old, people have been warning and demonstrating how to hack this cards since they were created.

Here's a presentation from 2012: https://www.youtube.com/watch?v=HRXb-FZ6WFM

That's correct.

Though the risk is lower at the end with credit cards than with bitcoins. When a hacker steals your data and buys some things then you can simply do a chargeback. No problem. The one at fault would be the credit card company, because they allowed to give out a card that has a risk. So the right party has to pay for it and surely it will lead to them creating safer cards.

[pitham1]

This is one reason why chargebacks are important.
With normal credit cards, a simple swipe across a skimmer could compromise all your data. Turns out contactless cards are not safe either. Two-factor authorization is a pain, but a necessity to prevent credit card fraud.

[Miracal]

This is one reason why chargebacks are important.
With normal credit cards, a simple swipe across a skimmer could compromise all your data. Turns out contactless cards are not safe either. Two-factor authorization is a pain, but a necessity to prevent credit card fraud.

Honestly I do not find two factor authorization such a painful task, I don't even categorize the work as inconvenience if I have to munch down 6 alphabets or numerals from my phone to my browser, based that it protects me from any credit card fraud. It rather makes me feel much more secure that the bank is taking steps to ensure where my money is going, only because I would kick their ass otherwise.