Mobile Terminal Theft
When the image of the man with the mobile payment terminal surfaced, an immediate chord was struck with the millions of individuals carrying a newly minted contactless payment debit card. The convenience of tapping a bank card to the terminal and walking free has seen a sharp uptake on the technology. At the same time, spending limits on contactless transactions have also risen, increasing their potential scope for use.
Mobile terminal transactions are also common. While older payment terminals may have required a wired connection to process a payment, modern versions can utilise GSM networks to make and process a payment from almost anywhere, allowing a potential contactless payment skimming approach to take place anywhere with sufficient reception. A supposed skimming “theft” works like so: the would-be thief keys in the desired amount to be retrieved from the victims account, ensuring it is under the contactless payment limit of £30. They then press Okay/Accept on their terminal, followed by resting the terminal on the victims pocket or bag long enough for the payment to process. The process time is a matter of seconds, and the entire “transaction” could be over in half a minute.
It sounds easy, but it isn’t. Acquiring a terminal is a quick task, and can be completed by anyone with a few quick Google searches and a tiny amount of investment. But to process the payment the thief would need a merchant account, which requires detailed information to be passed to the bank in question. The fraudulently gained monies would then need to be anonymously withdrawn, or at least transferred into an anonymous currency, such as Bitcoin, for further processing.
Despite there being an estimated 81.5m contactless cards in use in the UK, there are still only a handful of reported contactless thefts of this nature. However, that doesn’t mean one should not be aware to the possibility of other forms of contactless theft and fraud, as we will see in the next section.
Thankfully, account skimming of this variety is still rare, but that doesn’t entirely help you in the lost-card scenario. Research completed by The Guardian in 2015 found consumers are still at risk of a fraudulent transaction even after reporting their contactless card lost or stolen.
Some payments, including those accepted by The London Underground’s contactless barriers are processed as “offline transactions,” meaning the actual payment isn’t checked and verified until hours later. And while the cards do contain a chip which can limit overall loss, this limit can be easily reached if the thief only makes offline transactions.
Luckily, and despite these issues, most major banks are happy to refund any fraudulent contactless payments, so long as you alert them to the issue.
Image courtesy of Serge Bertasius Photography / freedigitalphotos.net.