Contactless bank cards
Peter Mitchell
otcbn at callnetuk.com
Mon Nov 15 22:24:07 GMT 2010
Roland Perry wrote on 15-11-10 17:49:
> In article <m1q2e69m38nap333s3rmf9db9lbon25ors at 4ax.com>, Marcus
> Williamson <marcus at connectotel.com> writes
>> What's the technology behind it? A type of RFID?
>
> Yes.
>
>> If so, what's to stop someone reading the card without your son
>> knowing and/or making small transactions without his knowledge?
>
> Surely you'd have to set up some sort of "man in the middle" between the
> card and one of the Paywave terminals[1].
Presumably all you need is a dishonest retailer who is prepared to boost his turnover by executing an unauthorised transaction from someone's card every few minutes. The cardholder is unlikely to notice the rogue transaction on his bank statement; it is linked to a retail outlet he really has visited, so if he does notice it he probably reckons he really did do it and has since forgotten it. Especially since there will soon be hundreds of such transactions on his statement every month.
In fact, thinking about it, I predict the next step: banks will soon stop listing card transactions under £10 in value on the bank statement. Rather like phone companies don't itemise cheap calls.
Once that's in place, we won't have to worry about these transactions at all. They'll be done "automagically", as IT fans like to say. Along with all those other *good* things.
Has any bank customer ever *asked* the banks to make contactless card payments possible, I wonder?
--
Pete Mitchell
More information about the ukcrypto
mailing list