Call it the “skim seen around the world.”
Early last week a blogger in Russia posted a picture of what appeared to be a person on a metro car using a compact point-of-sale (POS) device to “skim” money from contactless credit or debit cards in the wallets and purses belonging to other riders. Within days the picture had been shared and seen by millions, many or most of whom had no idea such a threat even existed.
Adding to the confusion was the differing amounts of money that such roving fraudsters were said to be able to make off. This is due to the different limits in various markets put on contactless transactions. Currently the limit for any single contactless transaction is $25 in the US, £30 in the UK and roughly comparable amounts in other markets, though in some markets there is no set limits for single transactions but a ceiling beyond which a user must “sign” a transaction with a PIN. (In Spain PIN verification is mandatory for transaction over €20, in Slovakia a similar €20 limit is paired with PIN authorization for every three consecutive transactions, and in Holland a PIN is needed for individual transactions greater than €25 or for transactions that together exceed €50 in one day.)
Meanwhile, the threat may be much greater than a one-time “skim” of whatever the single-transaction or single-day limit is in a given market. According to this sobering article published last summer, staffers of a UK tech review site were able make purchases including a £3,000 television from a “mainstream” online retailer using data skimmed from a contactless card.
So what can people do to ensure that the information from their contactless cards isn’t swiped? One answer is to wrap them, or their wallets, in aluminum foil, which blocks radio signals. You can also get purpose-made RFID card holders.
Needless to say, having to wrap and unwrap a credit or debit card and enter a PIN code into a merchant’s terminal runs counter to the very point of contactless cards, which is speed and convenience. Which is yet another reason why, just as contactless and chip-and-PIN cards have over time rendered simple plastic cards obsolete, cards as a whole are likely to be increasingly displaced by smartphones which allow users to safeguard their information with their choice of numeric or biometric security, and with greater speed and ease of use. In the meantime, watch your back.