[LINK] contactless credit cards

Kim Holburn kim at holburn.net
Tue Nov 9 16:36:34 AEDT 2010

On 2010/Nov/09, at 3:51 PM, stephen at melbpc.org.au wrote:

> McDonalds contactless card rollout to lower skimming risk
> By Liz Tay on Nov 9, 2010 http://www.itnews.com.au/News
> McDonald's Australia will switch on contactless credit card technology 
> this month that enables it to charge cards from up to five centimetres 
> away.
> The technology is a feature of Ingenico-Westpac terminals already in use 
> at 816 McDonald's outlets nationwide.
> When switched on at the end of this month, it will enable customers to 
> charge up to $100 to Visa payWave or MasterCard PayPass cards without 
> swiping, signatures or PINs.
> A Visa spokesman said the contactless payment card technology was based 
> on the EMV standard, and used a secure, embedded microchip and antenna to 
> communicate with card readers.
> Card readers 'powered up' a card via radio frequency for each 
> transaction, and transmitted a unique, encrypted code in a process known 
> as 'dynamic card authentication'.

So they can be read at a distance by someone who knows what they are doing.

> Transactions would then be handled in the same way as traditional Visa 
> transactions, with the same layers of security and theft protection 
> coverage.
> Should a customer inadvertently 'wave' two separate, contactless cards at 
> the same time, only the card which the reader picked up first would be 
> charged, the spokesman said.

What if the victim^h^h^h^h^h^h customer inadvertently waved just one card?  What protects them if they are walking past one of these "readers" when someone else is making a transaction?

> The spokesman expected Visa payWave cards to be an "unattractive target 
> for criminals" as only smaller transactions would be processed via 
> contactless technology.

As opposed to banks skimming small percentages of every transaction?

> Visa payWave cards also would be less susceptible to counterfeit card 
> fraud, the spokesman said, because the EMV chip technology was "virtually 
> impossible to duplicate" and the card would not need to be passed to 
> sales staff during contactless transactions.

The cards now do not need to be passed to sales staff.  

> And it would be "very difficult" for criminals to make unauthorised 
> transactions because readers were registered to approved merchants so any 
> fraudulent claims would have to be routed through the merchant's 
> financial institution.
> Last year, Westpac was forced to block more than 10,000 debit and credit 
> cards after criminals stole bank details from compromised EFTPOS machines 
> in McDonald's outlets.
> McDonald's CTO Henry Shiner said its plan to implement contactless 
> payment technology pre-dated the card skimming incident.
> "The planning and development of our cashless solution has been in 
> progress for a substantial length of time and pre-dates the events that 
> took place last year," he said.
> "This is just one more efficiency that we have introduced to improve the 
> customer experience ... Not only does this offer our customers more 
> flexibility in the way they pay, it also provides them with a highly 
> secure payment method."
> Visa expected close to 20,000 merchant outlets, including IGA, Red 
> Rooster, 7-Eleven and Bunnings to have deployed contactless payment 
> technology.
> Visa payWave cards were available from Macquarie Bank, ANZ and NAB. The 
> Commonwealth Bank, Woolworths and Jetstar offered MasterCard Paypass 
> cards.

So far doesn't look like I'd ever want or need one of these.

Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request 

More information about the Link mailing list