Contactless Cards 5/9/11

Reported by Martha Koloski |

bio

|

email

|

blog

It may be convenient to pay with a wave of your credit or debit card. But Consumer Reports’ Andrea Rock
says so-called contactless cards make your personal data vulnerable. “Thieves can collect the information while it’s
being transmitted by using a card reader that costs less than 100 dollars.” To demonstrate, Rock tucks a card reader in
her purse and security consultant Henry Bar-Levav puts a contactless card in his pocket. She bumps into him, and in
that moment she can steal his credit-card information. Andrea Rock, “From that little bump in the parking lot, it’s
possible to download your account number, expiration date, and security data to a computer. From there it’s simple to
use blank cards to make counterfeits.” Recursion Ventures, the security consultants who demonstrated the cards’
weakness, were able to use the bogus card to successfully charge a transaction. You may have contactless cards in your
wallet and not even know it. Chase cards say Blink. MasterCards’ are called PayPass, and some have this symbol. Andrea
Rock, “The technology is active whether you use the card for contactless payments or not. And there’s not much you can
do except ask your bank if they will replace the card with a regular one.” Another option – a protective sleeve like
the one Rock made out of duct tape, lined with aluminum foil. Andrea Rock, “Recursion’s tests showed that it worked
better than many of the ones you can buy, but even that didn’t block the signal completely.” So while waving your card
is easy, making sure it’s secure isn’t. “