Contactless debit card

[Sparrow in Texas]

I have just received an offer from my bank to get a contactless debit card. Would it be of any use on the Camino, as in will it replace a chip and pin card or are they currently in use at cash machines in Spain? Europe has always been ahead of the US on technologies like chip and pin cards at cash machines and contactless cards for the Metro. Does anyone have any words of wisdom to offer on this topic?

 

[André Walker]

The cards in Europe work both ways: you can pay using your personal 4-digit code (as before), but you can pay contactless as well (I don't know about American cards, but it makes sense if they also would work both ways).

Both options exist in one card, because of safety reasons contactless payments are limited. If you lose your card (or it it's stolen) anybody could use it for contactless payments. Maybe it varies from country to country, but in Holland contactless payments are limited to € 25,- per payment and a total of € 50,- consecutive contactless payments. If you pay € 25,- contactless, then pay € 10,- using your code, the first € 25,- don't count anymore regarding the total limit of € 50,-. So, in case of loss or theft, the most you can lose is € 50,-.

When the limit is reached, the machine will automatically refuse contactless payment and demand for payment using your code.

And, when using cash machines, you'll still have to use your code.

Does this help?

 

[simeon]

where there is contactless payments you can usually also use apple pay and google pay using your phone or watch as a card. This will be dependent on whether your back has the technology in place to do this.

 

[Sparrow in Texas]

The cards in Europe work both ways: you can pay using your personal 4-digit code (as before), but you can pay contactless as well (I don't know about American cards, but it makes sense if they also would work both ways).

Both options exist in one card, because of safety reasons contactless payments are limited. If you lose your card (or it it's stolen) anybody could use it for contactless payments. Maybe it varies from country to country, but in Holland contactless payments are limited to € 25,- per payment and a total of € 50,- consecutive contactless payments. If you pay € 25,- contactless, then pay € 10,- using your code, the first € 25,- don't count anymore regarding the total limit of € 50,-. So, in case of loss or theft, the most you can lose is € 50,-.

When the limit is reached, the machine will automatically refuse contactless payment and demand for payment using your code.

And, when using cash machines, you'll still have to use your code.

Does this help?

Am I reading your comments correctly that if your contactless card is lost someone could use it to get a limited amount of cash, that is, of course, until you contact your bank to cancel the card?

Probably it would not be a good choice for the camino given the ever present possibility of theft or loss.

Are these contactless cards becoming the norm in Europe?

 

[Jan_D]

Are these contactless cards becoming the norm in Europe?

Yes "contactless" is now ubiquitous in all sorts of establishments, all over Europe. Here in Scotland contactless card readers are even replacing the use of cash for bus fares. You just beep your card on the reader and you're done in 2 seconds. Seems to be the way most people are paying in shops and supermarkets too these days.

There is a slight risk that someone could use your card if stolen, but as simeon says there's an in-built limit to prevent too much loss. BUT there's nothing wrong in sticking with a card that requires a pin code to make a transaction. The main advantage of going contactless is that it makes quick transactions even quicker, but this might not be a priority for you on your travels. (p.s. anywhere that has a contactless reader, will also have a chip-and-pin option - the former hasn't replaced the latter, it's usually just an alternative payment option).

 

[NorthernLight]

Contactless ... or 'tap' ... cards (both debit and credit) are common in Canada now. They still have chip & pin on them, as the tap feature is limited to purchases under $50. You can ask your bank to turn off the tap feature.

The upside is your card never leaves your hand.

 

[trecile]

where there is contactless payments you can usually also use apple pay and google pay using your phone or watch as a card. This will be dependent on whether your back has the technology in place to do this.

I use Google Pay using my phone whenever possible, and in Europe most registers have contactless readers. I think that it's safer than the contactless cards because you have to unlock your phone to use it. Here's a couple of articles on how it works, and why it can be more secure than using your card.

How To Secure Your Digital Wallets and Mobile Payments (Apple Pay, Google Pay, Samsung Pay, PayPal, etc.)? - Defending Digital

How safe are Apple Pay, Google Pay, PayPal, and other digital wallets and mobile payments? Learn how their security compares to credit cards and other traditional payment methods.

defendingdigital.com

Three reasons mobile pay could improve your life

Add Costco to the list of retailers now accepting mobile pay. But it only accounts for 1% of retail sales, and we think the number should be way higher. We argue here for

www.usatoday.com

 

[Rick M]

Contactless ... or 'tap' ... cards (both debit and credit) are common in Canada now. They still have chip & pin on them, as the tap feature is limited to purchases under $50. You can ask your bank to turn off the tap feature.

The upside is your card never leaves your hand.

Yep, we have had "tap" for a few years now, and its hard to remember how we used to buy coffee before then. The limit is fixed both by the bank AND the place you use it. For instance, I can tap up to $100 in a grocery store.

When I was in europe in the spring, everywhere I tried to use my card, the merchant invariably tried to tap it first. I realized that the card would not work at a point of sale outside Canada, no matter what the amount was, a fact confirmed by my bank when I got home. When the tap failed, we reverted to the old chip and PIN method, which worked every time.

I would not be surprised if tap started working overseas at some point, but not yet!

 

[Marcus-UK]

Am I reading your comments correctly that if your contactless card is lost someone could use it to get a limited amount of cash, that is, of course, until you contact your bank to cancel the card?

Probably it would not be a good choice for the camino given the ever present possibility of theft or loss.

Are these contactless cards becoming the norm in Europe?

Yes if someone has possession your card they can use it for low value transactions without anyone checking the holders entitlement eg Starbucks, Burger king etc.
It is also possible for your card to be read in your wallet if you place it near a scanner. This can cause problems for example if you are used to swiping an oyster card for for the underground while inside your wallet. Then the sensor can pick up your contactless card and charge you. I use an RFI shielded wallet for my cards since I am somewhat paranoid.

 

[rappahannock_rev]

Never heard of 'em! Are they the same thing as pre-paid cards?

 

[trecile]

Never heard of 'em! Are they the same thing as pre-paid cards?

No, they are credit cards that you just tap or hold closely to the card reader, rather than swiping or putting into the chip reader.

MoneyTips - Make Your Financial Life Make Cents

Finance advice without the formal fluff. MoneyTips' trusted network of writers gives it to you straight so you can level up and live your best financial life.

www.creditcardinsider.com

 

[Rick M]

Never heard of 'em! Are they the same thing as pre-paid cards?

Nope, its a feature built into the VISA, MC, or debit card your bank gives you. They are in common use worldwide (except USA) now. The card has an RFID chip inside it that can be read by the "machine" that processes credit or debit cards. You don't need to do anything other than hold the card really close to the machine to use it. We say ""tap"" because you need to get the card within an inch or two of the machine's scanner for it to work. You pull out your debit card when the merchant hands you the machine, tap your card on the machine, it beeps, and you are done. A receipt is printed, your bank account is debited, and you leave.

 

[Sparrow in Texas]

The solicitation that I received, from a major bank, was for a contactless debit card, not a credit card.

@Rick M , is the chip inside the card different from the "chip and pin" card?

 

[trecile]

The solicitation that I received, from a major bank, was for a contactless debit card, not a credit card.

@Rick M , is the chip inside the card different from the "chip and pin" card?

Yes, the technology is different, but some cards have both contactless and standard chips, in addition to a magnetic strip so that they can be read by whichever type of reader the merchant has. I just received a card with all three. But I find it more convenient to use my phone. I can even pay with my new fitbit!

Google Apps

Google Maps and Google Wallet: The apps you love are now on your wrist.

www.fitbit.com

 

[Nana6]

I use Google Pay using my phone whenever possible, and in Europe most registers have contactless readers. I think that it's safer than the contactless cards because you have to unlock your phone to use it. Here's a couple of articles on how it works, and why it can be more secure than using your card.

How To Secure Your Digital Wallets and Mobile Payments (Apple Pay, Google Pay, Samsung Pay, PayPal, etc.)? - Defending Digital

How safe are Apple Pay, Google Pay, PayPal, and other digital wallets and mobile payments? Learn how their security compares to credit cards and other traditional payment methods.

defendingdigital.com

Three reasons mobile pay could improve your life

Add Costco to the list of retailers now accepting mobile pay. But it only accounts for 1% of retail sales, and we think the number should be way higher. We argue here for

www.usatoday.com

Is mobile pay easy to use on the Camino?

 

[trecile]

Is mobile pay easy to use on the Camino?

Yes, easier than getting out my card and signing a receipt. It's not only easier for me, it's easier for the merchant.
The only place that I wanted to use it where they didn't have the right kind of card reader was at a pension in Lisbon.

 

[KinkyOne]

I think @André Walker said it all in post no.2. At least for us users that are familiar with contactless cards

I would just add that usually contactless cards are debit not credit cards.

But in many supermercados in Spain I couldn't pay with my card (whatever type it was) if the amount was lower than let's say 10€. So better always carry some smaller bank notes and change.

And re portable (scam) card readers. Always carry bank cards on the front of your body because you won't allow unknown person to get that close to you to scan it. It is your personal space and you would step back. OTOH you can't see what's going on behind you if you are carrying wallet in your back pocket. Portable card readers don't have to physically touch you just getting close enough is enough for them to get the info

 

[TatiLie]

We use contacless and ApplePay very often because you don't risk exposing your password often. In Galicia it was not as common as in Ireland, most likely because customers are not used to requesting it (it worked everywhere we requeste) We used the ApplePay for the everyday bocadillo and zumo de naranja, so that we didn't need to dig the wallet from the bottom of the backpack.

 

[Sparrow in Texas]

I think @André Walker said it all in post no.2. At least for us users that are familiar with contactless cards

I would just add that usually contactless cards are debit not credit cards.

But in many supermercados in Spain I couldn't pay with my card (whatever type it was) if the amount was lower than let's say 10€. So better always carry some smaller bank notes and change.

And re portable (scam) card readers. Always carry bank cards on the front of your body because you won't allow unknown person to get that close to you to scan it. It is your personal space and you would step back. OTOH you can't see what's going on behind you if you are carrying wallet in your back pocket. Portable card readers don't have to physically touch you just getting close enough is enough for them to get the info

So an important take away is is to use the same security as with any other card and keep a contactless card in the same type of RFID envelope as other cards.

How likely is it that albergues and bars would accept contactless cards? I assume that it is far more likely that supermercados would accept it for larger purchases, perhaps hotels also?

Thank you all for the information. You all have been very helpful!

 

[KinkyOne]

Can't really answer your question about bars and albergues because I don't even try to pay with a card. In my experience chances to pay with card is close to zero especially in municipal albergues. Better stick to cash and you'll have no problem. Small denominations in smaller villages! Of course it's different if you book a hotel/pension on-line. Even Seminario Menor (the biggest albergue in SdC) accept bank cards. But that's another story

Anyway if you'll see the MasterCard, Dinners etc. stickers on the front door or beside them then you'll know. Otherwise don't even bother to ask

 

[henrythedog]

Hello Sparrow.

I think you’ve got the information you wanted. It’s now a very common form of payment in Europe.

I’m curious - have you ever known of an authenticated case of a chip and pin, or contactless card being debited by someone using a remote scanner? I ask because of your comment that you should use a RFID shielded envelope.

So far as I know, it’s an urban myth. Do you believe otherwise?

(To those who are tempted to suggest ‘better safe than sorry’ - don’t bother. Mine is a genuine question and I’ve asked it many times elsewhere without a documented example)

 

[KinkyOne]

...
So far as I know, it’s an urban myth. Do you believe otherwise?

(To those who are tempted to suggest ‘better safe than sorry’ - don’t bother. Mine is a genuine question and I’ve asked it many times elsewhere without a documented example)

I read about it in on-line and newspapers articles and saw few reports and coverages on our National TV Broadcaster with people from National Internet & Banking Security Service that it really exist. I doubt very much that officials would be confirming urban myths in public appearance

 

[Sparrow in Texas]

Hello Sparrow.

I think you’ve got the information you wanted. It’s now a very common form of payment in Europe.

I’m curious - have you ever known of an authenticated case of a chip and pin, or contactless card being debited by someone using a remote scanner? I ask because of your comment that you should use a RFID shielded envelope.

So far as I know, it’s an urban myth. Do you believe otherwise?

(To those who are tempted to suggest ‘better safe than sorry’ - don’t bother. Mine is a genuine question and I’ve asked it many times elsewhere without a documented example)

Hello Henry the Dog, Quite honestly, no, I do not know of an authenticated case of skimming by remote sensor.

Without a degree in IT I really do not know how these technologies work and have to do the best I can with security. I keep my cards and passport close by. I do know that credit and debit cards still do have the magnetic strip from which card identification can be harvested. I also know that a piece of foil is just as effective a shield as a special envelope.

Do you have any better suggestions? What do you do for card security?

 

[rappahannock_rev]

I can even pay with my new fitbit!

Google Apps

Google Maps and Google Wallet: The apps you love are now on your wrist.

www.fitbit.com

Far out! I own and like a Fitbit Versa. ... In what Camino contexts have you used yours to pay for something?

 

[Sparrow in Texas]

Hello Sparrow.

I think you’ve got the information you wanted. It’s now a very common form of payment in Europe.

I’m curious - have you ever known of an authenticated case of a chip and pin, or contactless card being debited by someone using a remote scanner? I ask because of your comment that you should use a RFID shielded envelope.

So far as I know, it’s an urban myth. Do you believe otherwise?

(To those who are tempted to suggest ‘better safe than sorry’ - don’t bother. Mine is a genuine question and I’ve asked it many times elsewhere without a documented example)

A point of interest, my government issued passport card and trusted traveler card each came in their own rfid security envelope.

 

[trecile]

Far out! I own and like a Fitbit Versa. ... In what Camino contexts have you used yours to pay for something?

I didn't even realize that my Fitbit Charge 3 is the special model that can make payments. I bought it in Oviedo after my month old Fitbit stopped working (I returned it to Costco when I got home) All I cared about was that it worked, and was the same model as the one that stopped working. It was only after I got home that I discovered that I could pay with it. I've only used it that way a couple of times, but I can use it at any terminal that accepts contactless cards.

 

[Telboyo]

Contactless payment is ubiquitous in the UK, even beggars and church collection plates use it.
Security is not a problem a lot of the banking apps allow you to temporarily suspend your card if you misplace it. I use revolut for my banking, this app instantly shows any transactions, I have it set up so the card will not work unless it is in the same location as my phone. It works with Google pay so I get instant double notification every time a payment is made. I think contactless is a very secure system, unfortunately card payments and contactless are not that common in the rural parts of Spain. Using cash, actual notes and coins was one of my major culture shocks on the Camino, at-home I only have real money if someone givesitto me and then I put the coins in my pocket until they all fall out and I loose them. Notes (bills) get put in the drawer only to be used to buy euros for when I go abroad.

 

[Mark Day]

Hi,

The Independent newspaper in the UK did a report on Contactless Card fraud in January of this year.

The key passage regarding this fraud in this discussion is below:

“Contactless fraud is low with robust security features in place in every card,” he added. “No contactless fraud has been recorded on cards still in the possession of the original owner.


The link to the whole article is here also:

‘Contactless’ fraud cases double in 10 months

Should you be worried?

www.independent.co.uk

 

[henrythedog]

Dear Sparrow

My sincere apologies if the wording of my post appeared rude. That was not my intent.

This is a particular bug-bear of mine. Somehow the myth that contactless cards present a material risk has been widely publicised - most often by the manufacturers or retailers of a purported solution to the supposed problem. Public bodies have spread the myth also and - as for the possibility that elected politicians may sometimes make statements that are factually incorrect, well, the UK are catching up with the USA rapidly on that score!

‘Snopes’ the reliable fact-checkers are clear on the subject. There have been no documented cases of contactless cards STILL IN THE POSSESSION OF THE OWNER ever having been compromised.

The only money you’ll lose is that which you spend on a RFID envelope.

Passport security technology, and that of government issued cards of various types, is far less secure than that provided by commercial banks.

 

[TatiLie]

How likely is it that albergues and bars would accept contactless cards? I assume that it is far more likely that supermercados would accept it for larger purchases, perhaps hotels also?

Contactless are only used on small purchases, something like €25. On larger purchases you're required to use the chip and pin option

 

[John Sikora]

The US has lagged in the adaption of credit card technology. We are just catching up with the use of contactless cards. They are no different from other credit cards, just a tad faster on checkout. Chase has just started to roll out contactless on all of their cards. They are just as safe (both good and bad) as current cards and a bit more convenient. Ubiquitous in Spain. If you don't have a chip card currently, then definitely get the new card. If you do, it's just a matter of time before you'll have a contactless one anyway since they are becoming the standard now in the US.

 

[Tia Valeria]

I have just received an offer from my bank to get a contactless debit card. Would it be of any use on the Camino, as in will it replace a chip and pin card or are they currently in use at cash machines in Spain? Europe has always been ahead of the US on technologies like chip and pin cards at cash machines and contactless cards for the Metro. Does anyone have any words of wisdom to offer on this topic?

We refuse to have contactless debit card. If lost/stolen the thieves could access £150 before a PIN is required and getting hold ot our bank in the UK, never mind from Spain, would be just one more hassle ....
We have a contactless credit card, although we only use it for transactions over the £30 limit or on-line. Transactions can be checked before payment goes out of our account. Our main credit card is non-contactless
On the Camino we use a money cash card in ATMs. Issued as a pair one was contactless the other non-contactless. We used the latter with the spare kept in foil in case of need.
Paranoid??? Maybe but better safe than sorry and our current account is to important to risk compromising it.

 

[mary_mh]

Contactless cards are the norm in Australia. I’ve used contactless when travelling in Europe for the past couple of years at least, but I do have RFID envelopes for each card and also for my passport. I use a Citibank card as it automatically defaults to the local currency at POS and does not charge any conversion fees. Citibank also has good security and will get in touch if any suspicious activity (you have to give them advance warning of what countries you’ll be in or they will lock the card if unusual transactions). My cards and passport never leave my person.

 

[simeon]

Revolute.....Is the new bank ac. No branches. And very easy to transfer money... As easy as sending a what's app message. It appears to be the default for mennnials these days.

 

[Sparrow in Texas]

Dear Sparrow

My sincere apologies if the wording of my post appeared rude. That was not my intent.

This is a particular bug-bear of mine. Somehow the myth that contactless cards present a material risk has been widely publicised - most often by the manufacturers or retailers of a purported solution to the supposed problem. Public bodies have spread the myth also and - as for the possibility that elected politicians may sometimes make statements that are factually incorrect, well, the UK are catching up with the USA rapidly on that score!

‘Snopes’ the reliable fact-checkers are clear on the subject. There have been no documented cases of contactless cards STILL IN THE POSSESSION OF THE OWNER ever having been compromised.

The only money you’ll lose is that which you spend on a RFID envelope.

Passport security technology, and that of government issued cards of various types, is far less secure than that provided by commercial banks.

Good morning Henry the Dog,
My lovely avatar is named Kate.

Thank you for your kindness in offering an apology. You intended no offense and none was taken. After your post I did some research (how much can we believe of what we read on the internet these days?) and it does appear that RFID protection is needed for fewer cards. That said, we are creatures of habit. We do things because we have always done it that way. It is important to step back occasionally to look at things we do and why and make changes if appropriate.

Life is often just too complicated and seems to be getting more so all the time!

 

[Deleted member 29041]

If you are worried about "contactless fraud", get a rfid blocking sleeve -> ebay example. You can get sleeves for rfid enabled passports as well (sure beats using tin-foil for practicality ).

Fact: It _HAS_ been demonstrated in practice, that rfid enabled card _CAN_ be negotiated at a distance of up to at least 1,5 meters using directional gear. As far as I recall, one of the places it was demonstrated, was at one of the "Blackhat" conferences.

The science behind distance reading rfid is really quite simple and the physical part should in fact be doable by any semi-competent radio amateur. Negotiating the card protocol, is another issue, but I'd be quite surprised if the tools weren't available on the DarkWeb.

 

[Pilgrim Patricia]

Hello Sparrow.

I think you’ve got the information you wanted. It’s now a very common form of payment in Europe.

I’m curious - have you ever known of an authenticated case of a chip and pin, or contactless card being debited by someone using a remote scanner? I ask because of your comment that you should use a RFID shielded envelope.

So far as I know, it’s an urban myth. Do you believe otherwise?

(To those who are tempted to suggest ‘better safe than sorry’ - don’t bother. Mine is a genuine question and I’ve asked it many times elsewhere without a documented example)

I am sorry to say that I had someone remotely scan my card here in Canada almost four years ago. "I" apparently developed a sudden taste for $600 of cigars from Mauritius (cigars from Mauritius???!) and bought an ad on Google. It all happened a few minutes after I walked outside past a number of small shops in my city, and added up to well over $1,000. The bank ate the cost. They phoned me just after I got in the door from my walk, immediately cancelled the card and issued a new one within a week.

I now use RFID sleeves for my credit cards.

 

[Telboyo]

If you are worried about "contactless fraud", get a rfid blocking sleeve -> ebay example. You can get sleeves for rfid enabled passports as well (sure beats using tin-foil for practicality ).

Fact: It _HAS_ been demonstrated in practice, that rfid enabled card _CAN_ be negotiated at a distance of up to at least 1,5 meters using directional gear. As far as I recall, one of the places it was demonstrated, was at one of the "Blackhat" conferences.

The science behind distance reading rfid is really quite simple and the physical part should in fact be doable by any semi-competent radio amateur. Negotiating the card protocol, is another issue, but I'd be quite surprised if the tools weren't available on the DarkWeb.

Was this 1.5 m attack demonstrated on a card in a wallet surround by half a dozen other cards and in a back pocket? in the UK in 2018 there was contactless fraud to the value of 1.8m GBP. That works out at 20p per adult In the UK. I am sure we have all lost more than that down the back of the sofa.

 

[Deleted member 29041]

in 2018 there was contactless fraud to the value of 1.8m GBP. That works out at 20p per adult In the UK. I am sure we have all lost more than that down the back of the sofa.

Well, seeing that I've never lost 1.8m in my sofa ...

Quoting irrelevant averages and useless statistics does not change the fact that it _CAN_ be done.

Yes, on average, it's small amounts. However, I doubt that the targeted persons could care less about averages, as they were hit for a bit more than 20p.

p.s. somehow those 20p reminded me of the old joke where a man got creeps from a prostitute. When he complained to her, she replied: "What did you expect for two and six? Lobsters?"
p.p.s. Yes, not very relevant either, but on average, statistics won't make you smile

 

[gerip]

The solicitation that I received, from a major bank, was for a contactless debit card, not a credit card.

Usually the contactless card is associated with your checking/savings account, which is one of the reasons why there's a limit on how much you can purchase. I don't think I used that function on my card anyway, since most of the time I was in a small village or stopping at a roadside bar which wasn't set up fro contactless payments. At best, chip & pin was available, but on the Camino cash is king. Besides, I like withdrawing a set amount of cash and monitoring how long it lasts me, €300 should last about a week for me. (I'm not a big fan of the menu del dia.)

 

[gerip]

’m curious - have you ever known of an authenticated case of a chip and pin, or contactless card being debited by someone using a remote scanner? I ask because of your comment that you should use a RFID shielded envelope.

So far as I know, it’s an urban myth. Do you believe otherwise?

“Contactless fraud is low with robust security features in place in every card,” he added. “No contactless fraud has been recorded on cards still in the possession of the original owner.

It happened to me. Was in a busy supermarket car park here in the UK. Within hours someone had tried to use my card to purchase a big screen TV in Arizona. Of course my bank contacted me before the sale had gone through.

 

[henrythedog]

gerip,

I’m sorry to hear of your experience.

To clarify - are you saying that someone using a remote scanner managed to access your card data (including the reverse printed CCV code) or that someone fraudulently accessed and used your credit card details to attempt a purchase but not necessarily as I described?

How did you identify when the data was accessed?

Do you know if your experience was ever published anywhere - there has to be a ‘first’and it may well have made the specialist press.

When I see an authenticated case described in a reputable publication, I’ll shut right up.

To be clear, I’m most certainly not questioning your experience, but if as described it deserves publicising.

 

[gerip]

gerip,

I’m sorry to hear of your experience.

To clarify - are you saying that someone using a remote scanner managed to access your card data (including the reverse printed CCV code) or that someone fraudulently accessed and used your credit card details to attempt a purchase but not necessarily as I described?

How did you identify when the data was accessed?

Do you know if your experience was ever published anywhere - there has to be a ‘first’and it may well have made the specialist press.

When I see an authenticated case described in a reputable publication, I’ll shut right up.

To be clear, I’m most certainly not questioning your experience, but if as described it deserves publicising.

All I know is my card and I were here in my flat in the UK when I received a call from my bank asking if I had just attempted to make an in-store purchase for an outrageously priced television in the US (I think it was Arizona). As I don't have the ability to bi-locate and the purchase was completely out of character (and way more than I had in my account) they agreed that it was not me attempting to buy the TV. They had already declined the transaction anyway, but only called me to make sure that the individual at the other end was engaging in a criminal act. How they got the number I do not know, I can only think that it was while I was standing in that car park waiting for a lift.

A similar incident happened to me a decade earlier in the US. I had just come back from a trip abroad and had only gone around the corner to get groceries. When I asked bank personnel how anyone could possible charge my debit card from 800 miles away I was told the criminals have all kinds of ways of getting your card number. Once they do they can auction that off over the internet to anyone who can then produce a duplicate card anywhere on the planet. Remember the CCV code isn't necessary in a store. Often the person who conducts the transaction is an accomplice.

 

[henrythedog]

So ...

Maybe not a ‘contactless’ remote access data issue after all?

I too have had a card compromised. Some kind of card reader attached to an ATM resulted in a duplicate card being made and a series of cash withdrawals at the other end of the country. The bank refunded it straight away as I was apparantly one of many who used the rigged ATM.

To get back on track the OP was specifically questioning the security implications of ‘contactless’ cards vs other cards.

My point remains that there are zero documented authenticated cases of contactless cards being compromised remotely whilst in the possession of the cardholder outside of a laboratory type environment and that the purveyors of RFID blocking products are misinformed at best or charlatans at worst.

Still - let’s not confuse the debate with facts.

Tinfoil hat anyone?

 

[simeon]

And if they do you will probably be reimbursed by the bank......

 

[gerip]

So ...

Maybe not a ‘contactless’ remote access data issue after all?

I too have had a card compromised. Some kind of card reader attached to an ATM resulted in a duplicate card being made and a series of cash withdrawals at the other end of the country. The bank refunded it straight away as I was apparantly one of many who used the rigged ATM.

To get back on track the OP was specifically questioning the security implications of ‘contactless’ cards vs other cards.

My point remains that there are zero documented authenticated cases of contactless cards being compromised remotely whilst in the possession of the cardholder outside of a laboratory type environment and that the purveyors of RFID blocking products are misinformed at best or charlatans at worst.

Still - let’s not confuse the debate with facts.

Tinfoil hat anyone?

No need to be insulting. I'm happy as long as I'm able to maintain my own security. We all need to keep in mind that no technology is 100%.

 

[chinacat]

Apparently, the Chief Cashier at the Bank of England, Sarah John, doesn’t use contactless cards.
Just sayin’....

 

[Former member 60103]

I do wear a funny sun hat sometimes but it is not made of tin foil.
Rightly or wrongly, misinformed or not I had no choice when my bank issued me with contactless debit and credit cards and even though I did not want the facility.
Now I may have certain luddite inclinations but here in UK when it comes to the banks and scammers my start point is that I do not trust anyone.
Sure there are "purveyors" of RF card blockers and yes they are expensive. Why bother with those when you can make your own for pennies and hedge your bets as to whether anyone at anytime, at anyplace has had their card remotely scanned.
My solution.
Thin piece of card . Glue a piece of foil on top then add another piece of card on top so you have a foil laminate. Cut to size then make another so you can place them either side of your cards in your wallet.
Cost is almost nil in time or money. Peace of mind as the foil will block anything reading your card and yes I did try this out in my local shop so I know it works.
From professional experience I know that the ingenuity of scammers trying to get card details from ATM's almost knows no bounds so I would not be at all surprised if someone somewhere was not making serious efforts to read contactless cards in some way.
Don.