Consumers have been warned about a new scam which targets people with contactless bank cards.



....Bankers' body the Irish Banking and Payments Federation said it was not aware of any incidence of the scam happening in this country yet.

While I can understand how this might work, it seems like a lot of hard work for the odd €30, with the risk of being seen with the machine in your hand quite high and by extension, also the risk of being caught.

There was a message doing the rounds on LinkedIn or Facebook or one of those recently also warning about the risk of this method of theft, but interesting that Banking & Payments Federation are not aware of any incidents to date.
 
"Most banks here have now replaced old Laser cards with contactless debt [sic] cards" an interesting Freudian slip by the Indo typist. Do I remember an AAM thread predicting this form of scam and advocating the use of security wallets now being touted by the Indo's "Electronic security specialist"? No? I must have imagined it. Or the Indo must have filed that thread in their enormous plagiarism file.
 
I have been spectacularly unimpressed with banks so-called security efforts... all their efforts have been about displacing the risk onto consumers rather than actually increasing the level of security in the system as a whole. I've had financial institutions phone me up on an (unlisted) number and ask me to confirm my details to them so they could have a chat to me about the bank... they saw nothing amiss with this even when I logged a formal complaint.

Banks will not give a damn if contactless cards lead to scams.
 
I'm due a new visa debit card with ulster bank at the end of may, I think ub are only offering these contactless facility on their credit card only.

Anyway If you didn't want this facility, can it not be disabled before issuing the card or is it a case of one size fits all!
 
I'm due a new visa debit card with ulster bank at the end of may, I think ub are only offering these contactless facility on their credit card only.

Anyway If you didn't want this facility, can it not be disabled before issuing the card or is it a case of one size fits all!


I don't know but in the UK some of the banks will give you a card without the contactless facility. I lost my card a few weeks back and didn't realize it was gone until a day later, I checked my bank statement and noted several purchases to supermarkets and fast food chains which I didn't recognize. When I rang my bank they were co-operative, for a start I told them I never use the contactless facility and always use the pin. I was refunded my money, think it came to under £100 and they asked my permission to pass it on to their fraud squad. I don't like these cards, they too easily stolen as well and its like handing cash to a thief. I think after a while they will probably stop refunded people citing personal responsibility for losing your card etc.

Wrappign the card in tinfoil apparently prevents the card from being read while in your pocket or bag.
http://www.thisismoney.co.uk/money/...ntactless-cards-safe-protect-wallet-foil.html
 
Last edited:
The problem about journalism today is that it is all about page views, clicks and likes....

The only known operation of this scam are demonstrations where a genuine merchant used a genuine card reader to read a card that was within a few centimeters of it. In other words the system worked correctly as no one put the intended customer would have their card that close to the reader!

To actually get such a scam working one would first have to either steal or build a card reader including breaking it's encryption. Even then you are only half way there - where would the money go? You need a merchant account to receive the transfer so another hacking exercise? And all for a couple €20 - €30 transactions... Can't see this being much of a scam when picking a single wallet would get you more!

Part of the security of this system is that it is unattractive to scammers, the other is that the transactions are kept low because the card company fully expect to have to make refunds where errors occur.

Apart from keeping an eye on your statement for unexpected charges I would not worry about this one.
 
If banks were serious about security, they would be offering card versions that only work with PIN i.e. cannot be used online. I am not aware of any such offerings where you can purchase items with the PIN but it cannot be used either contactless, or in a great example of security, has its full card number and expiry date printed on the card for the world to see and use online.

There should be no need in 2016 to be carrying around a card in public that if lost is usable.
 
If banks were serious about security, they would be offering card versions that only work with PIN i.e. cannot be used online. I am not aware of any such offerings where you can purchase items with the PIN but it cannot be used either contactless, or in a great example of security, has its full card number and expiry date printed on the card for the world to see and use online.

There should be no need in 2016 to be carrying around a card in public that if lost is usable.

Number26 allow you to switch on and off Online Payments, Cash withdrawals and Payments Abroad in real time via the App. It also allows you to set daily limits. They also send you a message every time your card is used.
 
Number26 allow you to switch on and off Online Payments, Cash withdrawals and Payments Abroad in real time via the App. It also allows you to set daily limits. They also send you a message every time your card is used.

Good to see someone showing initiative, hopefully it will kick the big banks into action in terms of upping their security... they seem to find it easier to pay out losses than take pro-active steps to improve their cards along those lines.
 
Do I remember an AAM thread predicting this form of scam and advocating the use of security wallets now being touted by the Indo's "Electronic security specialist"?

There's this, and likely others.

The only known operation of this scam are demonstrations where a genuine merchant used a genuine card reader to read a card that was within a few centimeters of it. In other words the system worked correctly as no one put the intended customer would have their card that close to the reader!

Fraud on contactless cards is running at .02% versus .069% for overall card fraud, so it is happening. The level of contactless fraud is also likely higher as it's believed a lot of people who regularly use contactless payments do not notice a one-off fraudulent transaction. Readers are cheap and readily available online if you know where to look.

The card provider can set a limit on the number of contactless transactions allowed before the user must enter their PIN.

So far I haven't heard of a bank refusing to reimburse a fraudulent transaction, but the T&Cs you agree to fully entitle them to do so for all contactless payments or other payments where the PIN or Verified by Visa / Master Card Secure password is used.
 
Fraud on contactless cards is running at .02% versus .069% for overall card fraud, so it is happening. The level of contactless fraud is also likely higher as it's believed a lot of people who regularly use contactless payments do not notice a one-off fraudulent transaction.

So can you explain to me how it is possible to get your hands on the cash even if you manage to get a reader in the first place. And do you have a break down those figures showing the percentage relating only to the type of scam we are referring to as opposed to general fraud on these type of card?

Readers are cheap and readily available online if you know where to look.

Do you actually have a reference to a card reader that is not only capable of reading the card, but has the capability to decrypt the card information in the correct way?
 
Jim, what makes you think the information on the card is encrypted? Mobile phones with NFC can read contactless cards e.g. https://play.google.com/store/apps/details?id=com.github.devnied.emvnfccard&hl=en

The point is not that cash be obtained directly. The point is to obtain goods or services fraudulently (and perhaps fence them for cash).

Regardless, I agree that this is scaremongering, for the simple reason that cardholders should not be liable for fraudulent contactless payments. In the event of a dispute, it should be up to the merchant to prove the transaction was genuine. Handling cash is expensive for banks and merchants, they will happily foot the bill for some fraud, as displacing cash will save them money overall.
 
Is there any evidence that this scam is actually happening? The media seem to like talking about it, but I dont see them mentioning any actual cases
 
The numbers I quoted came from the UK Cards Association, whose remit is to encourage card payments and represent the industry. So they're not likely to exaggerate numbers as card payments are a huge revenue generator for the institutions they represent. They reported over half a million in confirmed fraudulent transactions in the first half of 2015.
 
It's a common occurence in banking for fraudsters to "buy" or "rent" a bank account for fraudulent transaction to wash through. I've seen and bounced plenty of such payments in the past. The same could easily be done for a merchant services account as well.

Having said that, the article linked above is based on UK articles originally written after a post someone made on Facebook which has since turned out to be based on a photo from the Moscow underground, hence the veracity of the story must be questioned

Having said that, there was significant issues in London when they rolled out contactless payments on the Underground. People were used to not taking their Oyster card out of their wallet when going through a gate. They were finding that if you had a contactless card in your wallet as well and left your wallet on the reader for a fraction of a second too long, that both cards would be debited. Hence for a while, you couldn't travel on the Tube without being warned about "card clash"
 
Back
Top