Marks and Spencer, Pret a Manger and Transport for London customers have all reported automatic payment deductions from contactless payment cards while they were making payment by other means, renewing long-standing concerns over the security of contactless payment cards.
Are contactless payment transactions secure? asks the Smart Card Alliance security Q&A FAQ. "Yes," it says. "Contactless payment devices are designed to operate at very short ranges C less than 2-4 inches [approx 5-10 cms] C so that the consumer needs to make a deliberate effort to initiate the payment transaction."
But that hasn't been the experience of several customers at retailer Marks & Spencer. M&S is currently the UK's largest user of RFID-based contactless payments. It has just completed the installation of the technology in all of its 644 UK stores and receives some 250,000 contactless payments every week.
A report by the BBC taken from its Radio 4 Money Box programme describes the experience of two listeners who had payments taken unexpectedly and unintendedly from cards that were kept away from the card reader C in one instance, never nearer than approximately 30 cms. Further examples in the radio broadcast indicated similar occurrences at Pret a Manger and with Transport for London.
The problem is a classic example of the conflict between ease-of-use and security. The whole purpose of contactless payment is to make the process easier and more convenient for the user. It uses a very weak RFID signal that can, in theory, only be read within a distance of no more than 10 cms. But it is completely passive. That means that the customer needs do nothing more than present the card to the reader for the transaction to be completed automatically.
This passivity is the system's weak link. Currently contactless payment cards can only be used for payments of up to 20. However, in Practical Attack on Contactless Payment Cards, Martin Emms and Aad van Moorsel describe how an inexpensive combination of RFID reader and hidden camera can be used to silently read the card data and film the CVV security code. Armed with this combination, an attacker could then use the details to make more expensive card-not-present fraudulent online purchases and have the goods delivered to a separate address,
The solution, say the authors, is simple: such skimming frauds can be prevented by making the cards active rather than passive. "Card activation will be achieved by the application of pressure anywhere on the card, this should be possible whilst the card is still inside a wallet, thereby maintaining the convenience and speed of contactless payments." This would, of course, also protect customers from the inadvertent double payments as seen in M&S.
Mashreq won over the independent panel of expert judges to walk away with two of the most coveted trophies of the evening viz. 'Best Credit Card' and 'Best Debit Card' in the Middle East. The awards were given for developing unique and innovative propositions that offered significant and differentiated value to customers.A chip card is a plastic card that has a computer chip implanted into it that enables the card to perform certain.
The Cards and Payments Middle East awards held on May 14th showcased the best payments products the region's banks had to offer to their customers over the last twelve months. Nominations were received from banks in the UAE as well from the rest of the Middle East.
Farhad Irani, Head of Retail Banking Group, Mashreq, commented, "It is motivating to have the market recognize valuable payments propositions built on careful research and brought to bear by the most experienced management team in the region. Mashreq has a set of exciting innovations that will be launched this month in a bid to augment great proposition with best in class user experience. Being the Best Consumer Bank in the Region means we simply have to work hardest."
Nimish Dwivedi, Head of Payments, Mashreq commented, "We are very proud to have been awarded 'Best Credit Card' and 'Best Debit Card' in the Middle East. At Mashreq,A smart card resembles a credit card in size and shape. our cards business combines innovation, unique features and most importantly unmatched benefits that set us apart. This award is a recognition of our commitment to offering end-to-end payments solutions to our customers."
Dwivedi added, "SmartSaver Credit Card has recorded massive success since it was launched and we have continued to add exciting elements to the proposition to make it UAE's Best Everyday Card."
The award winning Mashreq SmartSaver Credit Card is the UAE's first ever Everyday Card to offer genuine savings on all domestic, international purchases, education and utility spends with no tiers; ensuring that customers earn Cashback on purchases starting from the very first Dirham. In addition the Card also offers customers up to 6.25% Cashback on every transaction, every time, at over 150 & growing partner outlets with no restrictions and no spend thresholds; thus creating the most powerful and value packed Cashback offering in the UAE. The partner outlets are spread across the country and include every possible category that comprises a customer's day to day spending.
The Mashreq Platinum Debit Card was re-launched as the UAE's Best Debit Card for International Travel. Mashreq's Debit Card holders can enjoy free and unlimited international ATM withdrawals and Cashback on their overseas spends. Moreover, customers can now look forward to enjoying their overseas holidays with ultimate peace of mind thanks to Travel Protect, a best-in-class travel insurance program that covers medical expenses, travel inconvenience, Purchase Protection, Wallet Protection not just for the Primary Cardmember but Supplementary Cardmembers as well and is absolutely free to all customers who make their holiday bookings with their Mashreq Platinum or Titanium Credit Cards or Mashreq Platinum Debit Cards.
No comments:
Post a Comment