Contactless card transactions, those that can be tapped at the terminal, have had a known flaw in their security. In a report posted on MoneySavingExpert.com, the details around the issue are discussed.
Card schemes are taking action to deal with a security flaw which means lost or stolen contactless cards can be used AFTER they’ve been cancelled – but some of the changes will take months to come in and cards will continue to be usable in some cases.
Following a long-running MoneySavingExpert.com campaign, Visa, Mastercard and American Express are changing the way they handle the majority of payments to ensure they are processed online, so that a retailer will instantly know if a card has been cancelled.
The issue arises in places like the UK where, unlike the U.S., contactless payments are widely used and also where floor limits still exist. This means that some low dollar value transactions are not authorized online. So the merchant is not checking with the issuer to see if the card has been placed under a lost or stolen card status. PINs are not required for contactless transactions either, so that layer of protection is not available. The global card brands are working to solve the issue where authorizations are handled off-line:
Visa says it’s already tackled the issue for most transactions and Mastercard has pledged to by March, but American Express says it could take up to 18 months to complete the changes.
Overview by Sarah Grotta, Director, Debit and Alternative Products Advisory Service at Mercator Advisory Group
Read the quoted story here