I want to disable contactless payments on my credit card

Please note this sub-forum does not provide professional finance advice. You should seek advice from a licensed financial advisor.

To post in this sub-forum you must have made 100 posts or have Trust status or have completed our ID Verification.

If investing please consider our affiliate link for new accounts: Sharesies.

Forums › Finance and wealth management › I want to disable contactless payments on my credit card - Paypass or Paywave

1 | ... | 3 | 4 | 5 | 6 | 7 | 8 | 9

236 posts

Master Geek
+1 received by user: 9

#641536 15-Jun-2012 17:55

A second-factor auth via PIN would be slightly more comforting (along with SMS/TXT notification for every transaction), but I still have some trouble understanding why an uncontrolled radio broadcast that could be picked up via some pretty easy-to-acquire hardware with little to no vetting is more secure than a sustem I have better control over (nevermind the massive privacy issues being completely ignored).

* http://www.nfc.cc/2012/04/02/android-app-reads-paypass-and-paywave-creditcards/
* http://www.shmoocon.org/2012/videos/CreditCardFraud.m4v (Paget @ Shmoocon 2012)

Admittedly we shouldn't believe everything we read online, but I do not see why I should be forced to adopt something that I do not need or have any intention to use.
I am not alone in these concerns, so either there is an issue with user-education/adoption, or there are still technical/security issues that have not been adequately resolved.

Saying the merchant/bank will simply absorb the risk is unacceptable, when not being exposed to begin with is a better solution.

FLOSS'er, aspiring Maker

sbiddle

30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#641564 15-Jun-2012 18:53

freakalad:
Saying the merchant/bank will simply absorb the risk is unacceptable, when not being exposed to begin with is a better solution.

Except the basis of every bank is risk management. Every single task is about evaluating risk.

I would suggest you really read up about the changes being made as EMV and NFC are rolled out in the US. I'd pick after this you'll probably want to avooid going anywhere near a credit card.

khull

1245 posts

Uber Geek
+1 received by user: 133

#641953 16-Jun-2012 21:44

Curious with all these scary posts about the horrible things that could happen when a NFC card is stolen, has anyone actually been a direct victim to pay pass / pay wave ?

The last reported incident was skimming EFTPOS cards by Canadians rather than exploiting NFC technology.

gzt

18690 posts

Uber Geek
+1 received by user: 7829

Lifetime subscriber

#641961 16-Jun-2012 22:14

No. But banks do not publicize fraud. Successful fraud even less so.

Signature goes here.

sbiddle

30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#642005 17-Jun-2012 09:26

The introduction of chip and PIN in Australia along wkith NFC has seen credit card fraud levels drop substancially. Banks don't publicise fraud levels because they're a risk based % at the end of the day, but it's safe to say the new technology is resulting in downwards movement, not upwards.

Those who keep saying NFC is risky need to remember as I keep pointing out that in the US you have never needed a pin or signature for low value credit card purchases, so the move to NFC changes nothing.

oxnsox

1923 posts

Uber Geek
+1 received by user: 138

#642020 17-Jun-2012 10:30

freakalad: A second-factor auth via PIN would be slightly more comforting (along with SMS/TXT notification for every transaction), but I still have some trouble understanding why an uncontrolled radio broadcast that could be picked up via some pretty easy-to-acquire hardware with little to no vetting is more secure than a sustem I have better control over (nevermind the massive privacy issues being completely ignored).

* http://www.nfc.cc/2012/04/02/android-app-reads-paypass-and-paywave-creditcards/
* http://www.shmoocon.org/2012/videos/CreditCardFraud.m4v (Paget @ Shmoocon 2012)

Admittedly we shouldn't believe everything we read online, but I do not see why I should be forced to adopt something that I do not need or have any intention to use.
I am not alone in these concerns, so either there is an issue with user-education/adoption, or there are still technical/security issues that have not been?adequately?resolved.

Saying the merchant/bank will simply absorb the risk is?unacceptable, when not being exposed to begin with is a better solution.

This sounds like the same concerns folk first had when credit cards were introducted...
Why do I want one? Someone could steal it and copy my signature.

You signed up for a Credit/debit card under the banks T's & C's... and guessing you didnt have an issue with that.
NFC is simply the next iteration of making it easier for you to cycle your money thru transaction systems. As folk have said, the risk lies with the banks (it's their system). The responsility lies with you, same way you're currently responsible for your credit/debit cards

New World

Shop on-line at New World now for your groceries (affiliate link).

freakalad

236 posts

Master Geek
+1 received by user: 9

#642039 17-Jun-2012 11:25

not quite the same - with both magstripe+sign & chip+PIN, you have to give explicit auth, and is a token control on the holder's part. if the merchant or bank do not have their act together in validating that auth, then the onus falls on them, since I've done what I reasonably could on my end.

on RFID it's nowhere the same thing - even if the card does not leave my wallet, pocket or bag, the data (i.e. the important, juicy bits) still leak outside of my control, and there is no additional auth validation involved.

saying that this is the same data that's used for online purchases is one of the weakest cop-outs I've heard - if they can completely eliminate online fraud & the black-market in carding has been decimated, *then* that argument might have merit.

if the system as it is has merit, then I should be able to print that data (maybe in QR-code format) on a t-shirt & walk around with that - at least that way I might have a better idea who's picking up the data by virtue of a camera pointing at me.

FLOSS'er, aspiring Maker

sbiddle

30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#642041 17-Jun-2012 11:31

I suggest you cancel your credit cards.

You want a complete redesign of the entire system to move from a risk based one to a fully secure system that completey eliminates fraud. This isn't ever going to happen. At the same time you may as well get rid of cash because it can easily be stolen..

freakalad

236 posts

Master Geek
+1 received by user: 9

#642323 18-Jun-2012 07:49

I don't have a credit card, but a debit card (oddly enough I can get a special-order CC without RFID; probably old stock), to limit risk.
I only have as much money in my wallet & the account linked to the card as I'm willing to loose at any given time - a mitigation factor I've introduced myself & something I can have control over.

This is not just a whinge about getting things my way, but a need to limit my risk & exposure, and not having to take on more than is absolutely necessary. A few $$$ I'm willing to part with - but not the data.

Being told that "it's all OK because we say it's so" is no good.

FLOSS'er, aspiring Maker

richms

29105 posts

Uber Geek
+1 received by user: 10222

Trusted

Lifetime subscriber

#642393 18-Jun-2012 10:24

If you want to limit your exposure then lose the debit card and get a credit card where you only have a max of $50 exposure and that is never enforced anyway.

debit cards are the worst idea ever, you lose the interest free period, shoulder the risk with your own money and the merchants are still paying the same fees.

Richard rich.ms

freakalad

236 posts

Master Geek
+1 received by user: 9

#642401 18-Jun-2012 10:36

good idea, thanks.

FLOSS'er, aspiring Maker

AliExpress

Shop now on AliExpress (affiliate link).

sbiddle

30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#642420 18-Jun-2012 11:04

freakalad: I don't have a credit card, but a debit card (oddly enough I can get a special-order CC without RFID; probably old stock), to limit risk.
I only have as much money in my wallet & the account linked to the card as I'm willing to loose at any given time - a mitigation factor I've introduced myself & something I can have control over.

This is not just a whinge about getting things my way, but a need to limit my risk & exposure, and not having to take on more than is absolutely necessary. A few $$$ I'm willing to part with - but not the data.

Being told that "it's all OK because we say it's so" is no good.

Debit cards are bad, very bad. For somebody who's so paranoid getting rid of this would be the first thing I'd do!

The biggest issue is that if you have any fraud you're going to have the money taken from your account and then the bank will have to put it back, whereas with a credit card you've never actually paid for the fraudulent charges. You also can't use them at many hotels and rental car companies, and if you can it's your money being held for the pre auth rather than simply a hold put on the credit card itself.

At the end of the day provising you're not breaking your bank terms and conditions your money it safe, but there are some majoer downsides to debit cards

freakalad

236 posts

Master Geek
+1 received by user: 9

#644597 22-Jun-2012 10:35

I can appreciate that there are a number of shortcomings & vulnerabilities in all these systems, but what I want to to address & get a modicum of control over this one issue/"feature" - RFID.

Maybe I'm paranoid... maybe not:
* http://www.scmagazine.com.au/News/305881,android-app-steals-contactless-credit-card-data.aspx
* https://github.com/thomasskora/android-nfc-paycardreader

FLOSS'er, aspiring Maker

richms

29105 posts

Uber Geek
+1 received by user: 10222

Trusted

Lifetime subscriber

#644645 22-Jun-2012 11:41

If you have taken all steps to protect it then you are not liable.

Why try to fix a problem that is not yours? the problem goes back to the merchants that accept the fraudulent cards, and to banks that allow withdrawals using the fake cards. Not you. Not your problem to fix.

Richard rich.ms

sbiddle

30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#644660 22-Jun-2012 12:06

freakalad: I can appreciate that there are a number of shortcomings & vulnerabilities in all these systems, but what I want to to address & get a modicum of control over this one issue/"feature" - RFID.

Maybe I'm paranoid... maybe not:
* http://www.scmagazine.com.au/News/305881,android-app-steals-contactless-credit-card-data.aspx
* https://github.com/thomasskora/android-nfc-paycardreader

I have far greater concerns from a risk perspective that my credit card number, name and expiry date is printed on the front of my card. This can be viewed by staff at every store I visit that doesn't have a pinpad allowing self swiping/inserting of my card and requires me to hand them my card.

You're pointing out a very low risk compromise that reastically can't be done without physical access to the card. Despite people making all sorts of claims about capturing RFID data at a distance the reality is this doesn't work very well at all.

I'm pointing out a very valid risk that is incurred every time I use my card. What do you perceive as the greatest risk?

1 | ... | 3 | 4 | 5 | 6 | 7 | 8 | 9