Convenience is the name of the game, especially when it helps customers spend more.
The new generation “tap and go” paywave and paypass cards are designed to do that. By positioning your card close to the payment terminal, authorisation happens in less than a second.
The risks of paywave are that such an authorisation could be misapplied, and that specific card information could be read and misused by hackers in the same way that it is read by contactless payment terminals.
Banks are adamant that there is no added risk in used tap and go payment cards. Police and NFC (near field communication) experts think the opposite.
The potential problems include:
- Multiple $100 thefts using a lost or stolen card, which can be made without authentication and which may go undiscovered for some time.
- Electronic pickpockets standing sufficiently close to victims can read card information and use it for unauthorised transactions.
- Lack of receipts for transactions make it harder for cardholders to detect such unauthorised transactions, even if they are still in possession of their card.
- Tap and go cards can help identity thieves to put profiles of their victims together, to take out thousands of dollars of debt in the victim’s name.
At this stage, prevention and protection measures are somewhat limited. Some police officers report that cardholders wrap their cards in aluminium foil (or line their wallets with foil) to prevent illicit detection.
Keeping a beady eye on bank statements is also recommended. Criminals with purloined credit card details may test with a small transaction worth $1 or $2, to see if they can then move on to bigger thefts.
Card-issuers such as Visa and MasterCard claim that their NFC cards are impossible to counterfeit and that data read from the cards cannot be used to execute e-commerce transactions.
But until the jury pronounces one way or the other, basic precautions like the ones above will not hurt.