The truth behind criminals using “tap and go” to steal from your bank card

Daruk

Honorary Master
Joined
Jul 18, 2008
Messages
38,477
The issue is that the banks have only assessed the risk of doing transactions directly from the card. A CVV is only 1000 iterations away once you know a person's card number. That isn't good security.
Seems it's not possible to read the card number with my phone - just tested. It returns an ID which is either encrypted or not related to the card number. It correctly identifies the chip type etc, but I can't get this to work:

https://www.trishtech.com/2016/10/read-your-credit-card-data-using-credit-card-reader-nfc-app-in-android/

Will look into decrypting the data... though this article says it's not necessary:

http://www.nfc.cc/2012/04/02/android-app-reads-paypass-and-paywave-creditcards/
 
Last edited:

ConfusedR

Well-Known Member
Joined
Jun 27, 2015
Messages
199
AK47s is also not supposed to be easy to get........but most criminals are using these
 

Swa

Honorary Master
Joined
May 4, 2012
Messages
20,754
Seems it's not possible to read the card number with my phone - just tested. It returns an ID which is either encrypted or not related to the card number. It correctly identifies the chip type etc, but I can't get this to work:

https://www.trishtech.com/2016/10/read-your-credit-card-data-using-credit-card-reader-nfc-app-in-android/

Will look into decrypting the data... though this article says it's not necessary:

http://www.nfc.cc/2012/04/02/android-app-reads-paypass-and-paywave-creditcards/
If it can be read at all it's a security risk. Even with a registered terminal if there's no transaction taking place there's no way to link it to any person. The banks are mum on this neither saying whether it can be read by anyone or not.
 

bwana

B MyBroadband
Super Moderator
Joined
Feb 23, 2005
Messages
72,158
Which isn’t in SA.

But I was under the impression the thread is about tap and go on card payments.

You didn’t define “it” exactly.
It works in SA.

I was curious about security - phone vs card. Both utilise NFC but the phone one seems inherently more secure.

The sentence defined "it" adequately.
 

Daruk

Honorary Master
Joined
Jul 18, 2008
Messages
38,477
It works in SA.

I was curious about security - phone vs card. Both utilise NFC but the phone one seems inherently more secure.

The sentence defined "it" adequately.
For that you need the app running to use it, so I'd say it's generally more secure.
 

marine1

Honorary Master
Joined
Sep 4, 2006
Messages
47,864
Why have we not moved to biometric payments?
They already have our prints
 

Frequent visitor

Expert Member
Joined
Apr 5, 2018
Messages
2,809
Why have we not moved to biometric payments?
They already have our prints
Why not just swipe and enter pin? Who is in such a tearing hurry?
The fingerprint reader on my i5s is unreliable, as is the touch screen. So what will work as suggested by marine1?
 

marine1

Honorary Master
Joined
Sep 4, 2006
Messages
47,864
Why not just swipe and enter pin? Who is in such a tearing hurry?
The fingerprint reader on my i5s is unreliable, as is the touch screen. So what will work as suggested by marine1?
No I mean each paypoint has a biometric machine, yes its not great for hygiene but.....
 

Daruk

Honorary Master
Joined
Jul 18, 2008
Messages
38,477
No I mean each paypoint has a biometric machine, yes its not great for hygiene but.....
I'd prefer my biometrics not be used everywhere. Once compromised, you can't replace that bit of data.
 

SauRoNZA

Honorary Master
Joined
Jul 6, 2010
Messages
33,320
It works in SA.

I was curious about security - phone vs card. Both utilise NFC but the phone one seems inherently more secure.

The sentence defined "it" adequately.
Works where in SA? With a foreign card?

We are crossing channels with something here.
 

Speedster

Executive Member
Joined
May 2, 2006
Messages
7,558
Part of the added safety with NFC is that the card never leaves your hand, so no option to quickly skim the card. Also, as mentioned, using it illegally (without the owner's consent) would require cooperation from the device owner, which the bank can easily trace. This is very different to a skimmed card which can be used at any vendor and is significantly more difficult to trace the perpetrator.

I think it is instructive to note, as per the article, that not a single case of fraud using NFC payments has been reported
 

bwana

B MyBroadband
Super Moderator
Joined
Feb 23, 2005
Messages
72,158
Works where in SA? With a foreign card?

We are crossing channels with something here.
Foreign cards, loaded onto the app, work anywhere in SA where contactless payments are accepted.
 

SauRoNZA

Honorary Master
Joined
Jul 6, 2010
Messages
33,320
Foreign cards, loaded onto the app, work anywhere in SA where contactless payments are accepted.
Aah now that I didn’t know.

So there really is zero barrier to implementing it here.
 
Top