Contactless Cards 5/9/11
Reported by Martha Koloski | bio | email | blog
It may be convenient to pay with a wave of your credit or debit card. But Consumer Reports' Andrea Rock says so-called contactless cards make your personal data vulnerable. "Thieves can collect the information while it's being transmitted by using a card reader that costs less than 100 dollars." To demonstrate, Rock tucks a card reader in her purse and security consultant Henry Bar-Levav puts a contactless card in his pocket. She bumps into him, and in that moment she can steal his credit-card information. Andrea Rock, "From that little bump in the parking lot, it's possible to download your account number, expiration date, and security data to a computer. From there it's simple to use blank cards to make counterfeits." Recursion Ventures, the security consultants who demonstrated the cards' weakness, were able to use the bogus card to successfully charge a transaction. You may have contactless cards in your wallet and not even know it. Chase cards say Blink. MasterCards' are called PayPass, and some have this symbol. Andrea Rock, "The technology is active whether you use the card for contactless payments or not. And there's not much you can do except ask your bank if they will replace the card with a regular one." Another option - a protective sleeve like the one Rock made out of duct tape, lined with aluminum foil. Andrea Rock, "Recursion's tests showed that it worked better than many of the ones you can buy, but even that didn't block the signal completely." So while waving your card is easy, making sure it's secure isn't. "