‘To tap or not to tap’
Watchful Eye by Wendy Knowler
Do those “tap and go” bank cards make you more susceptible to fraud? And do you need to invest in special RFID-blocking (Radio Frequency ID) wallets and purses to stop criminals stealing your bank card details via “radiowaves”‚ just by standing next to you?
If you’ve watched one of the scare videos doing the rounds‚ showing a staged scenario of a man stealing people’s credit card details by getting close to them in a shopping centre‚ and then going on an online spending spree with them‚ you may be afraid of the technology.
Many a South African teller has told me that consumers are dead against it.
Fear not. Hands-free pickpocketing isn’t happening in the real world‚ says Roger Grimes of San Fransisco-based technology digital publication InfoWorld.
“They (the RFID-blocking wallet makers) have yet to produce evidence of a single real-world RFID crime‚” Grimes said. “Year after year‚ nothing…”
South African banks have been issuing RFID credit and debit cards for some time; they can be identified by a WiFi-type symbol on them.
And the banking services ombudsman is not getting fraud complaints associated with them.
The technology enables consumers to pay by so-called tap and go: instead of having to insert the card into the point-of-sale (POS) machine and key in a pin‚ the card is briefly placed on a reader and the purchase is done.
The South African Banking Risk Information Centre (SABRIC) released a statement aimed at allaying any fears that bank clients have about them, assuring consumers that contactless payment cards are as secure as traditional cards, and that the centre has not received any reported crime incidents where “tap and go” cards have been exploited.
You can only “tap” a predetermined number of low-value transactions, less than R500 in the case of most banks, on any specific day, after which a PIN would be required to complete the transaction.
That means the financial reward associated with these “tap” transactions is low, SABRIC says.
And merely holding an POS (point of sale) device close to a bank card will not provide enough information to enable fraudulent card-not-present transactions.
Even if a criminal tapped a victim’s contactless card using an POS device near their wallet or bag, all they would get is the card number and expiry date. Neither the CVV nor the pin number would be exposed, both of which the criminal would need to make fraudulent online purchases.
Still, SABRIC urges bank clients to take note of the following tips to protect themselves when using tap and go technology in South Africa:
• Ensure you always tap the POS device yourself, and that your contactless bank card never leaves your hand.
• Report lost and stolen cards immediately.
• Register for SMS notifications to ensure you are alerted to any transactions on your account.
• Inform your bank immediately if any suspicious or unauthorised transactions are conducted on your account.