[LINK] refusing contactless cards

[Paul Brooks]

On 1/08/2013 3:02 PM, Kim Holburn wrote:
> Whatever info they contain and however it is encrypted, it is enough to make purchases.  All you need is that data.
'purchase', not 'purchases' - the newer versions of the technology transmit a
one-time-use code that changes with each transaction - so in the case of someone using
a rogue scanner to 'clone' your card, they can only get one transaction to work.

Those purchases are limited to under $100, and the bank has systems that cut in fairly
quickly to block the card if they see a significantly higher number of purchases than
normal in a short time period. Mainly to protect you against physical theft of the
card, or having it found in the wallet you accidentally left on the train and going on
a shopping spree, but the same protections work against cloning as well.

I seriously doubt that a contactless card, physically stolen or cloned, could rack up
a significant value of $99 transactions before the card was locked and you received a
call from the bank  to verify if the last few transactions were kosher  - and under
the contactless card terms and conditions, those rogue transactions are reimbursable
by the bank no questions asked.
In this respect the technology is safer than the contact-chip-and-pin, which if cloned
allows the crook to get up to your credit limit in only a handful of transactions, and
if stolen is open to claims you might have written your PIN down or allowed them to
see it in use.

P.