Contactless Payment Cards Are Perhaps Not As Secure As You Hoped

Contactless Payment Cards Are Perhaps Not As Secure As You Hoped

If you’re a fan of discovering new anxieties that you didn’t even know you had, then consumer group Which? has some good news: It turns out that the contactless payment card in your pocket might not be as secure as you assumed.

Metro reports that the group were able to use an “easily and cheaply” acquired card reader to successfully retrieve the 12-digit card numbers and expiry dates from six debit cards and four credit cards.

Metro quotes a Which? spokesperson as explaining: “Contactless cards are coded to ‘mask’ personal data, but using an easily obtainable reader and free software to decode data, we were able to read the card number and expiry date from all 10 cards.”

The good news is that despite this, they weren’t able to obtain the three-digit verification code on the back of the cards. Though with only the data they did have, and with the help of a fake name, they were able to put in an order on a “mainstream online shop” for a $US4000 TV.

As Metro notes, despite obtaining the details through a contactless reader, by using the numbers to buy online there is no limit like there is on contactless payments: bad guys could conceivably empty your account.

The news of this potential vulnerability could not come at a better time for Apple, which last week launched Apple Pay in the UK. While it uses similar technology to contactless cards, the number iPhones transmit to the contactless readers is not your credit card number, but a specially generated code. This would conceivably make Apple Pay (and presumably Android Pay and Samsung Pay, once they launch) less susceptible to this sort of theft.


Picture: Shutterstock/ LDprod

This post originally appeared on Gizmodo UK, which is gobbling up the news in a different timezone.