Contactless cards, also called dual cards, that can be “dipped” as well as waved at the point of sale terminals to execute a payment have been slow to catch on in the U.S. Some of the reasons include the higher cost to create the card, an abundance of existing contact chip inventory purchased in advance of the migration to EMV, plus a less than compelling number of terminals where contactless can be used. In the UK, contactless has been enjoyed for its convenient and quick checkout capabilities for years. In the chip-and-PIN environment in the UK, the use of PINs with contactless is waived for those transactions less than £30.00. A security flaw has been detected, however, that is creating losses for contactless transactions. Big News Network reported:
In a glaring security flaw that came to light, it has been revealed that contactless bank cards can still be used by thieves for months after they are reported stolen.
According to latest revelations made by the (Financial Conduct Authority) banking watchdog, all cards used to make purchases of up to 30 pounds, without entertain(ing) a PIN can be affected by the loophole.
An investigation conducted revealed that in some cases, the cards could be used for eight months after being reported stolen.
At issue is the fact that these PIN-less transactions are conducted off-line, meaning an authorization out to the issuer is not completed, providing the opening for criminals to get away with low-value transactions. Although the answer to the problem is not provided, a fix is promised.
Overview by Sarah Grotta, Director, Debit Advisory Service at Mercator Advisory Group
Read the full story here