Contactless payment is convenient, but like any technology, it comes with both mobile security and data privacy risks. Because you don’t need a PIN, a lost credit card or stolen device potentially gives a criminal easy access to your account. A phone without the proper security features in place makes it easy for anyone to ring up purchases without detection. Because many of these transactions happen without a receipt, it is difficult for the owner to prove the charges were fraudulent. The new contactless credit cards use radio frequency identification (RFID) to transmit the data, and hackers have been successful in making fake scanners or using card skimmers designed to steal data transmitted via RFID. If a hacker gets the information from the card or wallet, they can create cloned cards. Mobile wallets, on the other hand, rely on near-field communication (NFC) that transmits data within a very close range. It remains one of the most secure ways to conduct financial transactions.
Since contactless payments can decrease fraud through more secure methods of transmission and mobile device locks, the bigger threat could be data privacy. Contactless systems collect immense amounts of data from users and can use that information to track them. And of course, any time you download an app to your smartphone, there is a risk of malware or man-in-the-middle (MitM) attacks that can access information stored on the device — bank account numbers, personal information or confidential work files to name a few types — as well as social engineering and phishing scams designed to steal sensitive data.
HOW TO PROTECT YOURSELF?
If you do have RFID cards in your wallet, you can protect yourself by buying an RFID-blocking sleeve or special wallets or purses that are designed to block the signal from readers. But even this might be a waste of money. Studies indicate the risk of having your information stolen by a thief armed with a scanner is low. Most criminals haven’t invested in the scanners necessary to pull off this hack, these reports say. And thieves have to be awfully close to you to intercept your RFID signal. Consumers shouldn’t really worry about buying card-blocking wallets or purses, even if they are using RFID-enabled credit cards. According to a story by Slate’s senior technology writer Will Oremus, the actual instances of criminals using special scanners to commit what is known as RFID skimming are extremely rare. Again, it comes down to convenience. It’s easier for criminals to use other means to steal your credit-card information.
Oremus points to skimmers that thieves can install on ATM or point-of-sale machines. These skimmers allow criminals to steal more information from a larger number of cards in a quick amount of time. In addition card providers are also now doing a better job of protecting consumers that use RFID cards for contactless transactions. Today’s contactless cards now send a one-time code for each transaction initiated by consumers. This means that a criminal might be able to skim information to make one fraudulent purchase. But that would be it: The thief would have to intercept a new code the next time this consumer makes a transaction. Also like in the case of Republic bank, you can only make a contactless purchase of up to $500 per transaction, This may also be another security measure. It’s important to note, too that even if a criminal did intercept your card’s RFID signal to make a single fraudulent purchase, you wouldn’t be financially responsible for this fraud. Most credit-card providers will erase the fraudulent transaction from your bill. Instead, criminals prefer to go after easier targets when it comes to credit-card fraud.