Exciting articles several times a month
13 January 2017
Recently, there has been an increasing popularity of contactless payments. In a cafe, buying bus or movie tickets, where the small transaction is acceptable, it is possible to use this new money related trend. No need to enter PIN-code, simply swipe the card at a distance of several centimeters from the payment terminal and money will be automatically transferred from the buyer’s card to the seller of goods or services.
Just the ease of transaction makes you wonder: and what, to steal the money from the card is as easy as apple pie? Pass the reader near pocket, and farewell to the money made by overwork?
To hunt down the question, it is necessary to drill down deep and puzzle out all the tricks of work of “a new toy” produced thin air money. The answer has turned out rather encouraging, though not without nuances.
Inconvenience in the use of contactless payments
1. Lack of proper infrastructure. This is due to the fact that the creation of a network of new card terminals requires considerable expenditure, and neither the banks nor the trade and transport enterprises are in a hurry to invest in it.
2. Contactless payments via smartphones have gone to the grass-roots. If paying in this way, identification is done by fingerprint or passcode, allowing not to enter PIN-code.
However, this technology has its drawbacks and shortcomings. Thus, ATMs are still unable to identify the customer through these payment systems. So, it will still need the card to withdraw cash.
3. If the smartphone runs out or fails, it will be impossible to make transaction.
4. The transaction limit may seem too small and cause some inconvenience to the cardholders of large cities, doing the daily shopping in hypermarkets. If the total of a receipt is above the set limit, the card owners will have to enter PIN-code that equalizes contactless cards with other card products and negates some of the benefits.
Contactless payments: almost completely safe…
The easiest and most common form of stealing money from contactless debit or credit cards – the so-called “skimming”, based on reading the data off from a magnetic stripe. The received data is used by the attacker to duplicate the card, creating its full clone for the subsequent encashment of stolen funds. To do this, the criminals commit a number of expensive purchases, after which the acquired goods are sold on the secondary market for cash. Such a scheme has flourished for decades, still providing criminal community livelihood.
Technically, this theft method is based on the principles of magnetic stripe cards. The magnetic stripe includes personal information of the cardholder, as well as the account number, the name of the issuing bank and the data of the credit limit level. Moreover, the encrypted PIN-code is held there, by which the card owner makes authorization in banking services and cashes money at ATMs. However, PIN-code is not required for criminals, as the transactions using magnetic stripe cards are carried out without password entry that, in theory, should go easy on ordinary consumers. To make the latest do extra movements much more difficult than to prompt them to think about the security of hard-earned money.
2. Chip cards: two centimeters of security?
The chip, set in contactless cards, is almost perfect protection against intruders, providing the maximum security against potential theft of funds. Unlike magnetic stripe, built-in microprocessor holds all in a fully encrypted form. However, the data about the buyer, when making a transaction through the payment terminal, is not transmitted. Instead, a chip card sends a specially generated code, by which the bank, received the request, compares it with the existing information in the database. Accordingly, the issuer automatically approves or declines the transaction.
The feature of a chip card is the need to constantly enter PIN-code, turned into a “final frontier” of protection against intruders. However, the creation of special equipment, allowing to duplicate chips in contactless cards, actually put an end to the further development of up-to-date payment method, forcing financiers to create more modern ways of consumer financial transactions.
3. Smartphone instead of credit card
The latest models of smartphones empty the pockets of their buyers in direct and figurative sense – they are quite expensive and seem to replace the customers’ wallets. Mobile banking in smartphones is nothing new, but the ability to pay for the purchase with one-touch, users just get used to it.
However, according to experts, Visa PayWave and Mastercard PayPass contactless technologies have a number of serious shortcomings. Firstly, PayWave and PayPass do not require PIN-code verification during mini transactions. Secondly, the NFC-chip of the contactless card is always active. If it is brought to a device, simulated the operation of POS-terminal, you can at least get a list of recent transactions, and sometimes even make an unauthorized purchase.
Furthermore, the card number, expiration date and a special code can be copied using contactless chip. This data does not allow to reproduce a chip or magnetic stripe card fully, but it can be used when paying in some poorly protected Internet resources and operations that do not use 3D-Secure technology.
4. Digital hygiene
As for the users of Apple Pay and Samsung Pay, a theoretical danger, nevertheless, remains for them. It may come from criminals, who use methods of social engineering. Over the last years, these practices have gained popularity: using data from public sources (social networks, ads for sales of goods, dating sites), the attackers pry information out of users about access to remote bank services. After receiving the data, they can act on behalf of the client.
The malefactors are able to tie the stolen card data to Apple Pay or Samsung Pay. However, to protect yourself from the jailbreaking is like shooting of fish in a barrel: not to tell anyone PIN-code, CVV/CVC-codes, as well as codes received by sms, – they actually need to tie the card to the smartphone.
Today, one of the most popular ways of stealing money is mobile Trojans and mobile bank attacks. The malicious software is installed on the user’s smartphone that reads sms off and get access to the personal bank account.
Due to the low technical literacy, the users themselves are condoning the cybercriminals. They do not install antivirus software on the gadgets, use free Wi-Fi points, follow dubious Internet links, as well as open unknown emails that may contain malicious code.
Jump into the digital world is fraught with illusion of safety: smart gadget can stand up for itself. But, it is only partly – security depends primarily on the behavior of the users, experts say. Therefore, whatever financial apps for smartphones you may use, first is to master the technique of contactless payments security.
There are a few simple tips to make yourself safe from financial tricks. Get shielded case or wallet for contactless devices. Connect contactless card to the payment system of the smartphone and not remove the wallet for small transactions. The smartphone must be encrypted and locked at least a PIN-code. Do not jailbreak the gadget, download the apps only from the official stores, and install all security updates. From time to time, keep an eye on your bank card account statement and do not panic: most of these tips are only for your peace of mind.
Exciting articles several times a month