I’m aware that the expression ‘contactless’ best describes the physical relationship many of us have with our partners, however, on this particular occasion I’m referring to the massive rise in the use (and fraud) of contactless cards. The ease at which this functionality has entered our everyday lives is probably best evidenced by the look of horror on the face of a customer when the vendor apologises profusely for still having a chip and PIN system so they have to ‘go to the trouble’ of entering their 4 digit number. They would look less alarmed if they had just been unexpectedly goosed by a great aunt at her husband’s funeral. Even worse is when (during Covid) you try to pay for something in cash. The last time I tried to do this (when I forgot my wallet and had to resort to my emergency £20 note in the sun visor) I got a look reserved for when Jimmy Savile turns up at your door as a locum baby-sitter!
As society changes so do our habits - when was the last time you wrote a cheque? As our habits change, so do the opportunities for fraudsters to steal from you and/or the banks. There are various urban myths out there regarding the ease at which one of the bad guys can digitally pick your pocket. I’ve read stories of people alleging that their lives were ruined after they brushed past some dodgy looking guy on their local high street. They can’t quite pinpoint what he did, however, he invaded their personal space (for many British people that includes being in the same postcode) and looked like an extra from a bad gangster movie that went straight to video.
According to Financial Fraud Action UK (FFAUK) - surely someone could have thought up a better acronym?? it sounds like a posh bloke stuttering after he stubs his toe! ) contactless fraud losses in 2017 reached £14m, up from nearly £7m the previous year and nearly £3m in 2015. Even for the dullest amongst you, these figures make it clear that things are only going in one direction. However, given that £52bn was spent using contactless cards in 2017 I believe that these figures are complete bollocks.
In the UK, the banks don’t record these as ‘contactless fraud’ but rather ‘cardholder not present’ or ‘remote card’. In 2017 this type of fraud totalled £409m, way over the the official UK contactless fraud figure of £14 million. You decide who you believe, someone who has a history of taking advantage of others and whose only real concern is for themselves - or me a self-confessed fraudster.
Banks only count as fraud, those instances they consider to be fraudulent. It is not in their interest to alarm people as spending might drop inline with their profits. Don’t forget - banks have a notional threshold tolerance for fraud. Providing the level of fraud remains below that threshold (calculated as a percentage of their overall profit) there is no business benefit in them doing very much about it. Yes there are the usual mealy-mouthed platitudes of how much they care about their customers. Just like foxes care for chickens!
One of the myths surrounding contactless cards is that someone can grab all of the information off your card by simply walking/brushing past you. Some geeks did a test where they managed to do so at a distance of 18-31 inches (clearly the geeks haven’t gone metric yet) in laboratory conditions using a vendor card reader i.e. the same as the ones you tap your card on in a shop.
Interesting, however, I take the view that since the VW emissions scandal, laboratory condition results have somewhat lost their cachet and credibility. Also, even the most unobservant would probably notice someone holding one of those things next to you ‘Is that a vendor card reader in your pocket or are you just pleased to see me?’
The real threat is having your card skimmed. You can download an app (seriously) that transforms your smartphone into a card reader. The technology is already built-in by the phone manufacturers thus allowing you to use the phone as contactless card and tapping the phone on the vendor’s reader instead. If you prefer to use the app, have a look at ‘Credit Card Reader NFC’ It’s free and legal and there is bugger all you can do about it.
Whilst skimming allows you access to everything except the CVV number (3 digit security code on the back of the card) that is more than enough. Try making a purchase on Amazon. They don’t ask for it, irrespective of the value of the order - so no £30 limit there!
A surprisingly high number of online retailers don’t do any cross-referencing of card numbers and billing addresses. Whilst the UK has its problems regarding fraud, they pale into insignificance when compared to many countries across the globe. Most purchases made in Africa and Asia, and even the USA, only require the long card number and expiry date!
However, the easy money is to sell on the details of skimmed cards abroad, without the CVV. These are then ‘spanked’ until they weep, and the first thing you know about it (if the banking algorithm works properly) is when they ring you to confirm that you have simultaneously bought a £750 camera in Bangkok and a £1200 laptop in Cape Town.
You don’t actually need to digitally pick the pocket of a cardholder and grab their CVV to be successful. The low tech skimmer is all you need, and as we know there is a free app for that. If I was looking for a simple and cheap way of defeating this type of fraud I would either get my bank to disable my contactless functionality and/or buy one of these wallets that shield your details. There is even one that contains a chip that apparently jams the signal of anything trying to connect with your card whilst it’s still in the wallet!
So next time you see someone standing next to you with a rather strange shaped bulge in their pocket and a mischievous glint in their eyes, the chances are it’s either a fraudster with a vendor card reading machine in his pocket or it’s going to be an uncomfortable first date!