Contactless bank cards

[Francis Davey]

On 16 November 2010 10:28, Peter Mitchell <otcbn at callnetuk.com> wrote:
> Suppose you, as pet shop assistant, on one particular day sell £200 worth of
> rabbit food, of which £150 was paid for in cash and £50 by card. In your
> pocket you have some stolen debit cards along with their PINs. So you steal
> £50 cash from the till and make the total takings back up to £200 by putting
> through £50 worth of debit card transactions. You are £50 richer, the card
> owners are collectively £50 poorer. The shop owner never knows, his EPOS
> only shows him that he has received a total of £200 in various forms. If he
> does a stock check he will find that £200 worth of rabbit food has
> disappeared from his shelves, just as it should have done.
>

I (as a lawyer) have been involved in cases of "double keying" where
the assistant makes unauthorised cashback payments which they pocket -
the customer being poorer and the retailer being unaware unless and
until customers complain (after the fact it can be difficult to trace
the assistant(s) involved).

> The same fraud can be done even more easily with contactless cards where the
> PIN is not needed. It can't be detected by an EPOS unless every item is
> barcoded and scanned as it is sold, which in many retail outlets does not
> and cannot happen. Even if it does the shop assistant can sometimes work
> round it.
>

Actually my first worry on seeing these things advertised was
something entirely legal. Along the lines of an unobtrusive sign
saying "entrance fee £5" or something like that. Auto charge people as
they walk in (does contactless have that range? Or will it) and then
have plausible deniability for a criminal charge. Obviously some
customers will complain and have a reasonable argument for restitution
of the sum taken, but who cares.

More complex and similar scams involving relatively obscure surcharges
and so on can also be carried out.

-- 
Francis Davey