OT: Contactless card fraud?

My wife spotted a small (£7.50) charge made on one of our cards by contactless payment at a place that we haven't been anywhere near.

I phoned to bank to ask if they could be more precise about where the payment was taken. During my conversation it became clear that another payment of £5 had been made against one of our other accounts with the same bank on the same day.

So, now we have two small debits made on two different cards made on the same day in a place we've not been to for at least 5 years.

Bank is adamant that contactless cards can't be cloned and that someone must have physically used the cards.

We're sure no one has and also wouldn't have used two different cards. Can anyone explain this?

Bank is going through fraud procedures and will refund the payments and replace the cards but it does make me wonder about the security of the system.

Tim

Reply to
Tim+
Loading thread data ...

I, too, have had a charge on a credit card from somewhere I'd never visited. It turned out the the two places were under the same ownership and somehow their internal systems had used the wrong venue.

Reply to
charles

Contactless cards can be read by a fraudster using a reader. If for example you keep the card in a back pocket, all the fraudster has to do is pass the reader close to your pocket to be able to record the details. Then he goes away and clones himself a card and uses it in other places.

formatting link
and
formatting link

The solution is to keep your card in a little aluminised wallet, which makes it unreadable remotely until removed from the wallet. Examples on ebay here

formatting link

Reply to
Chris Hogg

I have believed from the outset that contactless cards are not secure - and won't have one at any price, necessitating changing accounts on several occasions.

Most financial institutions have now woken up to the fact that not everyone welcomes the contactless idea - and will issue non-contactless cards on request. One notable exception is Barclaycard - all their cards are contactless and they point-blank refuse to do otherwise. Avoid!

If you *must* have a contactless card, carry it in a metal bullet-proof container and for God's sake don't lose it!

Reply to
Roger Mills

I have a RF shielded leather wallet - looks and handled like any other and it provably works as my work door card (also contactless) does not work, *except*:

there's one special position that is unshielded - designed for Oyster cards, but I keep my work door card in there and it means I just have to tap my wallet on the reader rather than get the card out.

Very handy :)

Reply to
Tim Watts

Does anyone actually know the thickness of metal needed for shielding, the range of the scanners, and whether they can work with an "edge-view"?

I have a fold-in-two wallet with four contactless cards that are in the "front" positions when it is open. So, when closed, all four are together as the meat in a sandwich with about a centimetre of leather, banknotes, and other membership cards on each side. I keep it in a front pocket, so not quite as easy to scan undetected as a back pocket. It would not be difficult to add a piece of kitchen foil or brass shim (perhaps laminated in plastic) on either side of the cards. Would it be more difficult to extract the details with four cards stacked together?

Reply to
newshound

That was exactly my thought until I found out that two cards were involved. We once cancelled a payment to a village post office that we'd never visited only to find out that our local paper shop were the old owners of the post office and had taken their pay point machine with them.

Tim

Reply to
Tim+

Keep two different cards together? Card readers in the supermarket can't cope with that.

Reply to
Dave Plowman (News)

I don't think they can be cloned (yet). But they can be proximity read and a transaction run up to £30 against them without you ever knowing.

He can steal upto £30 a transaction and at most 10 transactions before the PIN is required. He does get your account details though :(

Bank should know who was at the receiving end of the transaction too. (in a fraud the money will be long gone by then)

Aluminium foil lining of the wallet will do it. This is one situation where a tin foil hat might just come in useful.

TBH I never did see the point in being able to make spontaneous purchases whilst on a waterslide (their original launch advert).

Reply to
Martin Brown

For the odd occasion when I may be bothered it looks like my fathers silver plated cigarette case may finally have a use again. Hasn't been used for years as it even when he was still around it was too short for cigarettes with a filter.

G.Harman

Reply to
damduck-egg

Transactions frequently pop up in places other than where the card was used - at head offices, other branches, or sometimes under the name of a holdinmg company.

References to the Telegraph and the Mail. Very definitive. Not.

Reply to
Huge

Ah yes. Contactless: the solution to a problem that didn't really exist in the first place.

Reply to
Graham.

Very handy for small purchases.

Can you imagine an Oyster type travel card where everyone had to enter a PIN each time it was used?

Reply to
Dave Plowman (News)

I used to have the same attitude during the early days of contactless cards. Some time later I completely changed my mind because of this:

formatting link

As I see it, every time I use my card in contactless mode instead of entering my PIN, I am lowering the risk of my PIN being obtained.

It is true that the chances of fraud using my PIN are much less than the chances of contactless fraud, but the consequences could be massively greater. A contactless fraud would be for a small amount and the bank will almost certainly refund it. A PIN-based fraud could be for a much greater amount, and the bank will argue they are not liable because my PIN was used.

Reply to
Geoff Clare

Chris Hogg pretended :

Any metalised paper will do, I use a strip of the metalised plastic bag, which we get ground coffee in, inserted in my wallet around the outside when folded.

Reply to
Harry Bloomfield

newshound laid this down on his screen :

As thin as you like, even a fine mesh will work.

They cannot be read edge on.

A scanner will misread several cards stacked together. I have a fold in two back pocket wallet, CC and DC's together in one side, a bus pass in the other, with (above) coffee packet foil around the outside. The buses scanner can only read my pass, if place the open wallet on the scanner outside down (foil near scanner), it cannot read the card. Likewise with other cards co-located with it. Inside of wallet down onto scanner, it works fine.

Reply to
Harry Bloomfield

Martin Brown pretended :

I see, that is what that ad was about - I did wonder :-)

Reply to
Harry Bloomfield

Just punch a hole near the edge and it will be un-contactless. You just break the coil it uses to get power and it stops working.

Reply to
dennis

I'm not sure that's right. I've heard reports of people taking out a card to pay, only to be told "It's OK - we've already taken the money" because one their cards - not necessarily the one they wanted to use - had come close enough to the machine to register.

Reply to
Roger Mills

Indeed! They're attractive to the card companies because they encourage people to use cards instead of cash for small transactions - thus earning commission for the card companies. They're still quids in, even after having to pay out for the occasional fraud. It's *all* about profit - not about protecting the customer.

Reply to
Roger Mills

HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.