The truth behind criminals using “tap and go” to steal from your bank card

Daruk

Honorary Master
Joined
Jul 18, 2008
Messages
35,837
#41
The issue is that the banks have only assessed the risk of doing transactions directly from the card. A CVV is only 1000 iterations away once you know a person's card number. That isn't good security.
Seems it's not possible to read the card number with my phone - just tested. It returns an ID which is either encrypted or not related to the card number. It correctly identifies the chip type etc, but I can't get this to work:

https://www.trishtech.com/2016/10/r...-using-credit-card-reader-nfc-app-in-android/

Will look into decrypting the data... though this article says it's not necessary:

http://www.nfc.cc/2012/04/02/android-app-reads-paypass-and-paywave-creditcards/
 
Last edited:

Swa

Honorary Master
Joined
May 4, 2012
Messages
18,749
#45
Seems it's not possible to read the card number with my phone - just tested. It returns an ID which is either encrypted or not related to the card number. It correctly identifies the chip type etc, but I can't get this to work:

https://www.trishtech.com/2016/10/r...-using-credit-card-reader-nfc-app-in-android/

Will look into decrypting the data... though this article says it's not necessary:

http://www.nfc.cc/2012/04/02/android-app-reads-paypass-and-paywave-creditcards/
If it can be read at all it's a security risk. Even with a registered terminal if there's no transaction taking place there's no way to link it to any person. The banks are mum on this neither saying whether it can be read by anyone or not.
 

bwana

B MyBroadband
Super Moderator
Joined
Feb 23, 2005
Messages
71,446
#47
Which isn’t in SA.

But I was under the impression the thread is about tap and go on card payments.

You didn’t define “it” exactly.
It works in SA.

I was curious about security - phone vs card. Both utilise NFC but the phone one seems inherently more secure.

The sentence defined "it" adequately.
 

Daruk

Honorary Master
Joined
Jul 18, 2008
Messages
35,837
#48
It works in SA.

I was curious about security - phone vs card. Both utilise NFC but the phone one seems inherently more secure.

The sentence defined "it" adequately.
For that you need the app running to use it, so I'd say it's generally more secure.
 

marine1

Honorary Master
Joined
Sep 4, 2006
Messages
47,397
#51
Why not just swipe and enter pin? Who is in such a tearing hurry?
The fingerprint reader on my i5s is unreliable, as is the touch screen. So what will work as suggested by marine1?
No I mean each paypoint has a biometric machine, yes its not great for hygiene but.....
 

SauRoNZA

Honorary Master
Joined
Jul 6, 2010
Messages
31,636
#55
It works in SA.

I was curious about security - phone vs card. Both utilise NFC but the phone one seems inherently more secure.

The sentence defined "it" adequately.
Works where in SA? With a foreign card?

We are crossing channels with something here.
 

Speedster

Executive Member
Joined
May 2, 2006
Messages
6,975
#57
Part of the added safety with NFC is that the card never leaves your hand, so no option to quickly skim the card. Also, as mentioned, using it illegally (without the owner's consent) would require cooperation from the device owner, which the bank can easily trace. This is very different to a skimmed card which can be used at any vendor and is significantly more difficult to trace the perpetrator.

I think it is instructive to note, as per the article, that not a single case of fraud using NFC payments has been reported
 
Top