In the excitement for increasing acceptance of contactless payments, an article in Computer Weekly tries to temper that enthusiasm with a warning about the security weaknesses of this payment form:
The researchers were able to use inexpensive, widely available card scanners bought from a mainstream website to read key personal details from 10 different debit and credit cards. They were then able to use the stolen data to place online orders for goods costing up to £3,000 without the card’s security code and using a false name and address.
The answer provided in this article to solve these issues is two factor authentication (2FA).
According to Laurance Dine, managing principal of investigative response at Verizon, all payments should have 2FA, such as biometrics to authenticate individuals into systems, applications and data securely. “Since everyone has a unique biological identity, let’s apply that single biological identity to cyberspace to establish trust,” he said.
2FA certainly has its place, but there needs to be a concern about the user experience that it would bring to contactless payments. The beauty of contactless is its speed. Requiring consumers to provide another form of authentication would slow the transaction unnecessarily. The inclusion of tokenization which is invisible to the consumer seems a more likely, first step solution to this issue.
Overview by Sarah Grotta, Director, Debit Advisory Service at Mercator Advisory Group
Read the full story here