Posted September 11, 2013 by Tameka Riley in Blog

Risky New Bank Card Technology – Is Your Card At Risk

Colorful 1's and 0's image
Colorful 1's and 0's image

It sounds like a great idea. A host of new credit and debit cards issued by big financial players like Chase and MasterCard come armed with small computer chips and radio antennae that allow consumers to make payments by literally waving their plastic over a card reader. But according to a story in Consumer Reports Magazine, in exchange for the convenience of these so-called contactless cards their holders face increased risk of being victimized by thieves.

Here’s the main problem: the very same technology – often a radio frequency identification, or RFID, chip – that makes it such a snap to hand over debit or credit card information to a merchant is also what makes it easy for a thief to lift those vital numbers themselves. That’s because criminals need only to get their hands on the sort of card reader stores use, which is easy because they sell for less than $100. Armed with a reader, a thief must only get within a few inches of a victim’s card in order to swipe the account number and expiration date, which can then easily be transferred to blank cards. Unfortunately, that means a crook can start making purchases with a counterfeit card, even if a victim still physically has theirs in their wallet or purse.

So how do you know if your cards use this technology? Chase cards have labeled their contactless cards “Blink,” MasterCard’s are called “Pay Pass,” and others simply have a symbol consisting of four curved lines. There are plenty of people who have one. Citing The Nilson Report, a newsletter, the Consumer Reports story says 35 million contactless cards are in circulation in the U.S. alone.

If you do have a contactless card, protecting yourself is not necessarily easy. There are wallets with shields that market themselves as RFID blockers. Although they can make it more difficult for an electromagnetic reader to swipe your account information, they don’t entirely block the transmission of card data. Another option is a protective sleeve made out of duct tape and lined with aluminum foil. Consumer Reports tests show that approach was superior to many options available for purchase but still didn’t offer complete protection. Probably the best method of protection is to ask for a card that doesn’t have this technology.

Representatives of the credit and debit card industry insisted to Consumer Reports that contactless cards are safe. Chase spokesman Paul Hartwick told the magazine that the security codes on its contactless cards are designed to change with every transaction so that even if a card were compromised it would work for only one fraudulent transaction.

The Smart Card Alliance, an industry group, maintains that contactless card technology deployed by American Express, Discover, MasterCard, and Visa is secure and that there have been no reports that consumers have been victimized.  American Express says its contactless cards do not reveal the card account number, and Consumer Reports’ own tests supported this assertion.

According to Kevin Fu, a University of Massachusetts at Amherst assistant professor, the absence of a flood of fraud reports linked to the cards is not proof of their security.  Because the contactless cards in circulation in the U.S. represent only 3.5 percent of the total debit and credit cards in use, they have not yet presented a big enough target to lure many crooks, especially when traditional magnetic stripe cards are so easily counterfeited.

Tameka Riley