Electronic Product Design

Tuesday, 12 April 2016 00:00 Written by 

Electronic Pickpocketing

12-04-16 Contactless Card 200Last month several corners of the Internet went somewhat crazy. This isn’t usually worth reporting on its own; Internet corners are well known for their usually unprovoked and unfounded craziness. An image of a gentleman carrying a mobile payment terminal had surfaced on various social media outlets, prompting countless individuals to declare theft via contactless payment had arrived and as such, we are all absolutely doomed. DOOMED!

Luckily, things aren’t that bleak, and we’ll quickly explain why – but also alert you to a vastly more tangible potential issue.

Mobile Terminal Theft

When the image of the man with the mobile payment terminal surfaced, an immediate chord was struck with the millions of individuals carrying a newly minted contactless payment debit card. The convenience of tapping a bank card to the terminal and walking free has seen a sharp uptake on the technology. At the same time, spending limits on contactless transactions have also risen, increasing their potential scope for use.

Mobile terminal transactions are also common. While older payment terminals may have required a wired connection to process a payment, modern versions can utilise GSM networks to make and process a payment from almost anywhere, allowing a potential contactless payment skimming approach to take place anywhere with sufficient reception. A supposed skimming “theft” works like so: the would-be thief keys in the desired amount to be retrieved from the victims account, ensuring it is under the contactless payment limit of £30. They then press Okay/Accept on their terminal, followed by resting the terminal on the victims pocket or bag long enough for the payment to process. The process time is a matter of seconds, and the entire “transaction” could be over in half a minute.

It sounds easy, but it isn’t. Acquiring a terminal is a quick task, and can be completed by anyone with a few quick Google searches and a tiny amount of investment. But to process the payment the thief would need a merchant account, which requires detailed information to be passed to the bank in question. The fraudulently gained monies would then need to be anonymously withdrawn, or at least transferred into an anonymous currency, such as Bitcoin, for further processing.

Despite there being an estimated 81.5m contactless cards in use in the UK, there are still only a handful of reported contactless thefts of this nature. However, that doesn’t mean one should not be aware to the possibility of other forms of contactless theft and fraud, as we will see in the next section.

Quick Payments

Thankfully, account skimming of this variety is still rare, but that doesn’t entirely help you in the lost-card scenario. Research completed by The Guardian in 2015 found consumers are still at risk of a fraudulent transaction even after reporting their contactless card lost or stolen.

Some payments, including those accepted by The London Underground’s contactless barriers are processed as “offline transactions,” meaning the actual payment isn’t checked and verified until hours later. And while the cards do contain a chip which can limit overall loss, this limit can be easily reached if the thief only makes offline transactions.

Luckily, and despite these issues, most major banks are happy to refund any fraudulent contactless payments, so long as you alert them to the issue.


Image courtesy of Serge Bertasius Photography / freedigitalphotos.net.

Leave a comment

Connect with us

Check us out:



More stuff

Contact Us

Hawkshead Designs Ltd
Unit 4 Penrose House
Treleigh Industrial Estate
Redruth
TR16 4DE
UK

T: 01209 216 878

E: info@hawksheaddesigns.co.uk

Electronic Design Solutions and Electronic Product Design

Read our Standard Terms & Conditions here.

This website is brought to you by Nicola Bathe.