Contactless bank cards

Peter Mitchell otcbn at
Mon Nov 15 22:24:07 GMT 2010

Roland Perry wrote  on 15-11-10 17:49:
> In article <m1q2e69m38nap333s3rmf9db9lbon25ors at>, Marcus 
> Williamson <marcus at> writes
>> What's the technology behind it? A type of RFID?
> Yes.
>> If so, what's to stop someone reading the card without your son 
>> knowing and/or making small transactions without his knowledge?
> Surely you'd have to set up some sort of "man in the middle" between the 
> card and one of the Paywave terminals[1]. 

Presumably all you need is a dishonest retailer who is prepared to boost his turnover by executing an unauthorised transaction from someone's card every few minutes. The cardholder is unlikely to notice the rogue transaction on his bank statement; it is linked to a retail outlet he really has visited, so if he does notice it he probably reckons he really did do it and has since forgotten it. Especially since there will soon be hundreds of such transactions on his statement every month. 

In fact, thinking about it, I predict the next step: banks will soon stop listing card transactions under £10 in value on the bank statement. Rather like phone companies don't itemise cheap calls. 

Once that's in place, we won't have to worry about these transactions at all. They'll be done "automagically", as IT fans like to say. Along with all those other *good* things. 

Has any bank customer ever *asked* the banks to make contactless card payments possible, I wonder?

Pete Mitchell

More information about the ukcrypto mailing list