The stories have done the rounds over the years: people losing thousands from having their cards cloned, having identities stolen, ATMs fitted with card readers.
As a species, humans have learned to prepare for the worst-case scenario. For our cave-dwelling ancestors, it helped to have dug a large pit lined with sharp stakes and to have a club if dinosaurs were around.
The potential for serious injury or death when in a moving vehicle is the reason why wearing three-point safety belts are required by law on every journey. The entire insurance industry worldwide is built upon the premise of safety – personal safety in the face of dread disease, retrenchment, or premature loss of life; loss of material goods and possessions like jewellery, cameras and televisions to criminals or natural events like lightning strikes or floods; potential travel disruption such as flight or train cancellations … the list goes on.
Why would it be any different when it comes to money or card protection? As the years roll by, people become smarter about how they do things. Technology definitely helps. People no longer barter or pay for goods and services with salt, tools of napped flint or clamshells: we use money. But even cash is not really king anymore. Plastic has taken over – and contactless, tap-and-go payments offer convenience to shoppers everywhere by means of RFID or Radio Frequency Identification. But how safe is this method really?
What can individuals do to combat this? It might sound a little nuts but wrapping the cards in tinfoil is one (very) easy hack!
One horror story making the rounds shortly before Christmas was of a woman who had R20 000 whipped out of her bank account while shopping. Her cards never left her possession – but she’d been followed around the crowded mall by savvy crooks who had held a skimming device or RFID reader in close proximity to her handbag while she walked between shops!
Statistics in the United Kingdom show that between 2012 and 2016 when contactless or tap-and-go cards were first introduced, card-not-present fraud cases rose from 750 200 in 2012 to 1 437 832 cases just four years later! Despite this, The Guardian newspaper reported in 2019 that there were in the region of 60 million RFID enabled cards in the United Kingdom. Purchases on these cards accounted for £2.5 billion (R50 billion) annually!
How do they work? Bankrate.com said these contactless cards are equipped with radio frequency identification (RFID) technology, allowing the credit or debit card to communicate with a payment terminal using a radio frequency instead of a magnetic strip. RFID technology allows people to simply tap or wave the card near a card reader. Transactions take mere seconds as a result. Plus, your card never has to leave your hand, minimising contact with the card terminal and the likelihood of leaving your card in the reader.
Usage soared over the past two years of the pandemic due to fears of coronavirus transmission on cash or other cards. The magnetic field or readability of the card varies between 5cm and 30cm – and it’s the latter statistic which concerns some card users and security experts.
Another British publication, Which? magazine put these RFID cards’ safety to the test. The 10 cards were supposed to be coded to mask individual data – but the testers discovered this was not the case. Having lifted the information from the cards and using false addresses, they embarked on an online spree. It’s reliably believed that transactions can be limited to small amounts of a few hundred rand before a pin is required. The Which? team successfully bought a £3 000 (R60 000) television set!
“We doubted we’d be able to make purchases without the cardholder’s name or CVV code – but we were wrong,” the magazine’s authors wrote. “With these card details, the contactless transaction limit is irrelevant, because online transactions aren’t contactless.”
An industry expert said that even if a small percentage of cards could be read at a distance of 15 to 20cm from the reader, with hundreds of millions of transactions taking place, the number of consumers affected would be vast.
What can individuals do to combat this? It might sound a little nuts but wrapping the cards in tinfoil is one (very) easy hack! The metal foil becomes a Faraday cage, utilising simple physics to block the card’s electromagnetic field. Practically, it’s not necessarily the best thing since the aluminium foil degrades with frequent usage. Far better would be to make use of some of the many RFID wallets, purses or sleeves which are commercially available online. These special card holders effectively block ability of devices wielded by crooks to read your RFID cards.
While these contactless cards are the most secure of all cards – at the moment, nothing is perfect. The onus is on the owner to be alert and take precautions to protect their possessions. After all, isn’t the reason you have insurance and wear a seatbelt “just in case”?