The Problems with Contactless Cards | 21 contactless cards problems

Contactless card problems

Do you have contactless card problems? What problems could anybody have with contactless cards?

Suppose you have problems with contactless cards, try and make sure and insist on seeing the receipts for the voided transaction payment.

Tell the operator you want to make sure to avoid paying twice otherwise you will be force to speak with the manager.

You may found that the problems you had with your contactless card have been the fault of the till operator or the till operator claim that the contactless reader didn't work.

Then try to put through the transaction again so that you could do a normal contact or pin payment.

If you're living in London, United Kingdom (UK) - make sure you're NOT keeping your contactless card near an oyster card or other contactless card as this will cause problems.

There is a guide released by Transport for London (website: http://www.tfl.gov.uk/tickets/26416.aspx ) for using contactless cards on buses which stated the following:

"If you keep your contactless payment card and Oyster card together (for instance in a wallet) and touch them on the yellow card reader together, the reader will normally reject them both.

This is because we can't be sure which card you want to use. If you have more than one contactless card (Oyster card, payment card or building pass), please choose the card that you intend to pay with, and touch it on its own on the yellow card reader.

If you don't there is a small possibility that payment will be taken from a card that you did not intent using."


The contactless technology has been dogged by fears and suspicions that payments could be made by accident or that customers' bank details - such as account numbers and transaction data - could be captured by fraudsters or electronic eavesdroppers.

You can be assured that the instances of fraud on contactless cards are extremely rare.

You can be rest assured that the sort of contactless card reader bought or built by yourself might be able to interrogate a card, any data obtained would be limited to the card number and expiry date that can be seen on the front of the card.

The extra layers of security in place to prevent the use of a card number and expiry date, such as personal identification number (PIN) and the card security code (the three-digit number found on the back of cards), which cannot be harvested electronically.

In the event of a fraudulent transaction, who pays?

The liability usually rests with the customer's bank. But, as experience is the best guide, customers knows that banks are inclined to dispute customers' claims of fraudulent payment where the card has not been lost or stolen and where legitimate transactions have followed the suspect one.

Bank acknowledges 'contactless' card problems by altering its customers terms and conditions

Recently, First Direct, the credit card business arm of HSBC bank (a UK banking giant) has told customers who want to pay with contactless cards that they must remove the contactless card from their wallets, and make payments of up to £20 by briefly touching their card to a contactless reader and do not enter a Pin number.

This advice has been taken by some as Bank admission that the technology can go wrong or acknowledgement of problem with contactless cards by changing rules as First direct banking did to alter its customers' terms and conditions.

First Direct, wrote to its customers saying...

"We have made changes to clarify that if you have a contactless debit card you must remove it from your wallet or purse before using it to make a contactless payment."

This gives the impression of a response to the reported cases of mistaken payments, where money has been taken from peoples' accounts without their knowledge but where they think they brushed against a reader by accident.

A card can be used up to five times a day before a PIN is required.

Fraud victims would have no ideas something was wrong only when they checked their bank accounts, and if they don't check regularly they could find huge sums of money missing.

The stolen card details could be used to run up huge bills at online retailers such as amazon.co.uk or amazon.com, etc..., which for many purchases do not require the three-digit security code.

Importance of educating consumers of
problems with contactless debit cards

A lot of the problems with contactless debit cards that have arisen from contactless are due to the usual problem with payment transaction consumers and the customer services.

A small number of people have actually been bothered to educate themselves and understand what debit credit cards payment they're using.

Education education education Tony Blair speech 1997, consumers not educating themselves, apathetic customer service staff and banks not bothering to train their staff properly to understand how to avoid problem with contactless payment.

However, there is a huge problem with the lack of consistent information on the contactless payment cards.

Contactless cards payment is new, in its infancy stage and is not uniformly adopted. As a result, a fraction of retail payments offer contactless payment, there hasn't been the same public information saying... along the lines of when is a consumer expected to enter Chip & Pin cards.

Banks are coming to terms with how you wave a contactless cards as this have caused billing problems

Some customer have complaint about incorrect billing when a Marks & Spencer till reader billed the wrong card in a contactless payment which attracted a mixed opinion.

To reduced or possibly eliminate and prevent the problems with contactless credit cards payment, two things need to happen.

All banks and credit cards issuers should adopt the contactless system, so that every single person with a payment card gets the information sent to them.

The more cards you have, the more information you get.

All retailers who currently accept any form of debit credit cards should roll-out contactless payments.

That's what happened with Chip & Pin credit cards situation. Nobody had any choice because it was on all cards and at all card readers. If all cards processing retailer knew they will soon to have no choice, people learnt how to use it.

Banks and card payments retailers will be forced to educate consumers with posters, stickers, leaflets, and even information on the news of the daily limit for contactless payment and the future contactless payment.

With this, a customer is expected to enter the PIN to complete the transaction payment. Also banks and retailers staff will be briefed and trained on what to say when customer didn't know or refused to use the contactless payment systems.

Banks job cuts... A contactless card problems?

Contactless card problems includes banks cutting staff (customer facing jobs) from its branch due to the rise of contactless card and mobile banking, citing the rise of new customer channels, particularly mobile banking and contactless card transactions.

As more and more people are choosing to use smart phones and technology for everyday transactions - using branches only when they need access to expertise.

Banks need to respond by investing in the channels that customers are increasingly using, whilst improving customer service.

Some people thinks it's a contactless card problem for banks job cuts. Can we truly blames contactless card and mobile banking?

As a result of technological changes, banks could be able to provide better service for their customers with fewer staff in our branches.

Bank bids to cut costs and take advantage of customers growing enthusiasm for contactless card and mobile services.

MasterCard VISA Quest to Curb PayPal has created Problem with Contactless Payment?

Would it be possible that MasterCard Visa quest to curb Paypal, which have gained a powerful share in the fast-growing market for mobile payment cards online - which will let bank's customers make low-value payments through their phones at stores with contactless POS (point of sale) terminals could be the reasons for the problems with contactless payment?

Why is it you may ask?

Because leading banks and credit cards issuers has been busy pushing contactless cards of low-value transactions hard in the past few years in order to curb PayPal mobile payment dominate;

That they failed to educate consumers via leaflets, posters, stickers, and even TV Ads information on the huge benefits of contactless cards and contactless payment technology.

Even people who are mobile payments enthusiasm are now getting irritated when people ask about contactless cards security.

Banks credit debit cards issuers are expected contactless cards to hit over one billions world-wide next years.

How safe are contactless cards and NFC Technology?

Contactless card payment is safe. Period! You can go home now and sleep well.

You see, contactless card transactions are made using near field communication (NFC) technology, for which MasterCard supported and called it "paypass" and visa call it "paywave" and Amex call it "expresspay"

If you're living in the UK, contactless card are used for purchases of £20or less by customers holding a card or NFC-enabled smartphone near a terminal.

Eurozone countries using contactless card can make purchases of €25 or less and must be made within 5cm (or five centimeters) of the terminal.

The limelight marketplace NFC technology had, has been over shadowed to some extent by other emerging mobile-payment technologies, such as chip & pin devices, apps and QR codes for smartphones.

However, many banking institutions have predicted that billions of contactless card transactions will take place next year .

Contactless card is safe because during the transaction, the terminal requires a dynamic security code, which is generated by the chip at the time of transaction.

Online, the transaction is required to contain the card verification value (CVV2) code, a data element that cannot be obtained through electronic eavesdropping.

Are the new technologies of mobile banking, contactless payments and social media changing the way people bank?

People are managing their money and their new found flexibility. Times are changing and the sign point to new technologies continuing to play an increase role in personal finance and banking.

The security of contactless payments is still a concern to the majority, and most consumers don't know if they are confident in the security.

Young people are more comfortable with contactless payments, which suggests this form of payment may become increasingly popular.

The uptake of contactless and mobile banking is much stronger for under 35s and for people who frequently use social media, groups seen to indicate future trends.

It suggests contactless card and mobile banking will become increasingly popular.

Even as technology advances, traditional, printed cash is still a popular device to monitor and keep control of spending. consumers agree they prefer to use cash when shopping because it is easier to see when they are spending too much.

Social media plays a role in the way people interact with their bank but traditional word of-mouth still tends to be the most powerful force for recommendations.

People are most interested in finding information about and getting tips from their bank via social media. They are less interested in offers of products and services.

Visa security code and card number

Where is the security code on Visa card? According to a new research by Newcastle University in United Kingdom (UK) - guesswork alone can crack Visa card security code of any Visa credit or debit card can take as little as six seconds.

The academic journal IEEE Security and Privacy research by Newcastle University, shows how the Distributed Guessing Attack is able to find a way around all the security features put in place to protect online payments from fraud.

The academic research team in UK shows the flaws in the security code on visa card (or Visa payment system) found.

Neither the visa security card network nor the online banks were able to detect attackers making multiple, invalid attempts to get visa card number or payment card data.

This was done by automatically and systematically randomly generating different versions of the cards security data and sending it at different websites, within second's hackers could be able to get a hit and verify all the necessary visa card number and security code.

The research team thinks this guessing attack method is probably been used in the recent Tesco cyberattack which defrauded online customers of £2.5 million pounds and is frighteningly easy if you have a laptop and an internet connection.

This sort of security code in visa card attack exploits two weaknesses that on their own are not too severe but when used together, present a serious risk to the whole payment system and card security on visa card.

Where is security code on visa? To obtain visa security card details, the attack uses online payment websites to guess the security code data and the reply to the transaction will confirm whether or not the guess was right.

As a result of current online system or security code in visa card does not detect multiple invalid payment requests on the same card number from different websites, unlimited guesses of visa credit card security code can be made by distributing the guesses over many websites.

However, this contactless payment problems found was only on the security code credit card Visa network that was vulnerable.

Visa top competitor MasterCard network was able to detect the guessing attack after less than 10 attempts - even when those payments were distributed across multiple networks.

Because different online merchants requests for different information, it allows the guessing attack to obtain the information one field at a time on security code visa card.

Once a valid card number and security code is obtained as a starting point, hackers will relatively generate variations of security code card numbers and automatically send them out across numerous websites to validate them.

It took security code card numbers hackers at most 60 attempts to guess the expiry date, and up to 1000 tries to uncover the three digit CVV code on the back of the credit or debit cards.

The research team advice the online shopping consumers to Use just one card for online payments and keep the spending limit on that account as low as possible. If it's a bank card then keep ready funds to a minimum and transfer over money as you need it.

The UK Newcastle University research team does not take into account the multiple layers of fraud prevention that exist within the payments system or security code of visa card, each of which must be met in order to make a transaction possible in the real world.

Visa do provide issuers with the necessary security code in visa card data to make informed decisions on the risk of transactions. However, there are steps that merchants and issuers can take to thwart brute force attempts.

The upcoming card scheme improvements in visa security card through the 3D Secure 2.0 specification and the liability shift to merchants that fail to implement the standard would close the loopholes.

The most important thing to remember by consumers is that if their card number is used fraudulently, the cardholder is protected from liability.

21 contactless cards problems

The 21 contactless cards problems includes multiple criminal operations in which fraudsters emulate contactless transactions using a mobile application, Primary Account Numbers (PAN) and expiration dates.

With a number of contactless payment options available to consumers (for example, magnetic stripe, mobile, contact chip and contactless chip) it is important for contactless card issuers to take a comprehensive validation approach across the different form factors and interfaces through which a contactless payment can be made.

MasterCards, Visa and Amex recommends clients follow best practices concerning POS entry modes. Verification of this information is an essential step for identifying and preventing fraud.

1• Criminal methodology for Emulate Contactless Transactions - An alert has been raised of fraudulent activity in which criminals emulate contactless transactions. Some of the cards used have had no previous transaction activity, possibly indicating that the cards have not yet been issued; that the account numbers are generated by a card generator tools; or that the accounts have been previously used.

Credit/debit cards issuers have identified the following notable aspects of this criminal methodology:

   Accounts are first observed being used to conduct low dollar transactions (testing) at e-commerce merchants.

   If this is successful, the fraudsters next use a mobile application to emulate MasterCardd/Visa/Amex MSD (contactless magstripe) transactions with track data loaded into the application. One example of a mobile application is "Swipe Yours", which advertises that it can emulate MasterCardd/Visa/Amex MSD transactions based on track data loaded into the application.

   Fraudsters then visit brick and mortar merchants and use mobile devices loaded with the application to trigger the NFC circuitry and feed the point-of-sale terminal with fraudulent account information. If the issuer approves initial transactions, the fraudsters continue conducting transactions at multiple merchants

   During these emulate contactless transactions incidents, acquirers observe an increase in transaction volume.

MasterCardd/Visa/Amex suspects that criminals have learned that in certain issuers' systems, they can successfully submit contactless transactions and the issuer will approve them without knowing the transaction is fraudulent.

2• Financial Transaction analysis and characteristics - Financial transactions observed in this criminal operation shared the following characteristics:
   POS Entry Mode 91 (MSD) - If a card issuer has not issued cards with this MSD technology, all such transactions should be declined.
   Track 2 Data - During the incident, only track 2 data were present and requiring the issuer to verify the CVV value it received.

3• Ways to reduce Contactless card fraud or Contactless payment fraud - Card issuers should look at a combination of data elements including CVV values, POS entry modes and service codes to identify conflicts and reduce counterfeit and card-not-present fraud. Card issuers should:
   Ensure that the POS entry mode identifies a supported contactless payment interface for the payment card and that the service code is valid.
   Incude the CVV result as part of the decision process.
   Whatever the cardholder verification method, card issuers should validate all data received as part of the transaction.
   Verify whether the POS entry mode, service code and CVV match, and if not, flag the transaction as potentially fraudulent.
   Decline transactions with an invalid service code such as 999 or 000 or when the acceptance channel is one not currently supported.

4• Ways to reduce Contactless fraud - The following example shows how a card issuer might identify and prevent this type of scheme:
   Contactless fraud using compromised magnetic-stripe data - A fraudster has counterfeited a magnetic stripe card onto a contactless interface on a mobile device. When using the contactless interface, the bank should first recognize that this transaction has a POS entry mode of 91 or 07 (contactless) instead of 90 (magnetic stripe). If the POS entry mode shows that the transaction is read via the contactless interface, the issuer should validate the dCVV. The expected CVV for a contactless interface should be dCVV.

5• Point-of-Sale Entry Mode - The point-of-sale (POS) entry mode (Field 22)-sent in each MasterCrad/Visa/Amex transaction tells the card issuer how the transaction data was acquired at the merchant. Because the POS entry mode identifies the acceptance channel in combination with other authorization parameters (for example, the POS condition code), verification of this information is an essential step to identifying and preventing fraud. The most common POS entry modes include:
   01 - Manual key entry
   02 or 90 - Magnetic stripe read
   05 or 95 - Chip read
   07 - Contactless, using chip data rules
   91 - Contactless, using magnetic-stripe data rules

6• Service Code - The service code is a sequence of digits that—taken as a whole allows the card issuer to define various services, differentiates card usage in international or domestic interchange, designates PIN and authorization requirements and identifies card restrictions. The use of a service code is applicable to all Visa products. Typical service code examples are:
   101 - International-use credit and debit cards
   120 - International-use credit and debit cards where PIN is required
   201 - EMV chip credit card
   221 - EMV chip debit
   601 - Domestic-use EMV chip credit and debit cards

Note that the Service codes of 000 or 999 are not valid as identifiers of the card capability or usage, but rather are used in the calculation of CVV2 or iCVV.

Therefore, service codes of 000 or 999 should not be encoded on a magnetic stripe.

MasterCard/Visa/Amex is aware of scenarios in which either 000 or 999 has been encoded on the magnetic stripe of counterfeit cards, resulting in issuer fraud losses.

            Contactless Card Home | About Us | Affiliate Agreement | Anti-Spam Policy | Contact Us
            Privacy Policy | Dmca Notice | Terms of Use | Link to Us