No increase in NZ fraud stemming from contactless cards Visa says, as Aussie parliamentary committee recommends opt-in option for contactless credit cards

No increase in NZ fraud stemming from contactless cards Visa says, as Aussie parliamentary committee recommends opt-in option for contactless credit cards

This story was published in our email for paying subscribers. See here for more details and how to subscribe.

We welcome your comments below. If you are not already registered, please register to comment.

Remember we welcome robust, respectful and insightful debate. We don't welcome abusive or defamatory comments and will de-register those repeatedly making such comments. Our current comment policy is here.


Opt-in they should at least let you opt out.

I do not like idea of no pin, contactless I can see certain advantages.

While being more secure than other types authentication on the card l some respects, they also provide a vector of attack that are not available, via the old mechanism. Since the other payment methods still exist the card can only be less secure.

I will assume the cards use a challenge response authentication, but the last time I read the spec there was no guarantee of that.

Firstly no pin, that means anybody can simply take my card pay for something and return it. Also they may be able to set up a reader that will deduct money as I walk past. The answer to that is of course you have to be really close in order to read the card, while being true of standard readers, from what I have read, like most RF transmission it is a function of the size of the antenna and the broadcast strength. What is stopping criminals constructing something that transmits at a higher power, with a larger antenna, certainly not concern for my health.

Secondly this $80 limit, if banks truly believed that contactless payment was more secure why limit at all? I believe the reason for this lies in the terms and conditions of your card. Basically if you don’t report the fraud within a month, after you receive your statement, it will be your problem. I use my card for every purchase I can because it has no transaction fees and give me 1% back, and pay it off in full. That means that there are a lot of small transactions on it, it would be easy for me to miss a small payment, and I don’t remember every little thing I paid for do you? I would instantly notice an extra $1000 on my credit card bill but not $80. That brings to the headline no increase in fraud, how would they know if it was unreported, it may be just kids taking their parents cards and paying stuff at the corner shop, still fraud but no one would report it.

Now I do think the magnetic and the card number printed on them are very insecure they should go. Chip and pin or contactless with pin should replace the magnetic strip. And a reader that you can a one off challenge response to authenticate you (with your pin) over the internet that either is a plug in USB device, or use NFC on your mobile device. I don’t like the idea of using a phone, that is basically a programmable device to store information that can access your account, do you really trust the makers of the apps you install on your phone that much?

Finally, is that it should be my choice not theirs it cannot be that hard put a flag on the server to say disallow contactless payments. ASB let you do it. Anyway I have opted out with a hole punch through the aerial.

Where on the card did you punch the hole ? I have a couple of old cards so perhaps I could take a scalpel to them to find the aerial, it probably runs round the outside of the card near the edge ?

I had the supermarket deduct from my work credit card for private groceries rather than my private card. Just because I was near the machine. This is something I do need to keep straight and was a real hassle. Bank refused to reverse and to take any responsibility whatsoever.
As for the comment from Visa. Exactly the self justification you would expect.

I would opt out straight away. This swipe system is for people too lazy to put their card in a machine and press five buttons. I would prefer the security in not having it.