[LINK] RFI: PayWave/PayPass Contactless Chip Cards
Scott Howard
scott at doc.net.au
Fri Apr 13 12:54:49 AEST 2012
On Thu, Apr 12, 2012 at 5:54 PM, Rick Welykochy <rick at praxis.com.au> wrote:
> Does it take a class action suit against a bank to raise their awareness
> that what they have provided their customers is insecure?
>
Within the past few months, all within a maybe 10km radius of here, we've
had :
* Skimming devices in supermarket self-serve checkouts
* Skimming devices in gas stations ("pay at the pump")
* Skimming devices in ATMs
* Staff at a fast-food chain caught double-swipeing cards to get a copy of
the magstrip info to copy cards
* Countless cases of data breaches causing the loss of millions of credit
card numbers
We now also have :
* Credit card magstripe readers that connect to your smart phone (Square,
Paypal and others)
* Credit card readers that simply take a photo of the card (card.io, Paypal)
* On-line retailers who choose to ignore best practice (eg, Amazon UK in
the Barclays example, for failing to use/check the CVV2)
Personally I simply don't see RFID/NFC as being the biggest issue facing
credit cards now days...
(Note that I'm ignoring the Barcleys example. Having the Cardholders name
and the standard credit card number available by RFID is disallowed by
Visa, and deserves to be treated separately to those that are doing thing
correctly).
Scott.
More information about the Link
mailing list