Sponsor Robert Siciliano as he runs the Boston Marathon for Miles for Miracles, Children's Hospital Boston
ROBERT SICILIANO, CEO of www.IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds.
Xtreme School

FREE EBOOK

Valid Email Required to receive free eBook

Check here if you're human

Security Tips

Browse by Month

Browse by Category

Are Contactless Payment Methods Secure?

0
Published: Aug 15, 2010
Tags:

“Contactless,” in this context, refers to the use of a wireless device. A payment is contactless when, instead of inserting your credit or debit card, you hold your card or keychain device within a few inches of the terminal, and your payment information is sent and processed wirelessly.

Contactless payments offer a faster and more convenient alternative to cash for small purchases at fast food restaurants, convenience stores, and transport terminals. They are also ideal for remote or unattended payment situations, such as vending machines, road tolls, or parking meters. So far, I haven’t seen a report of bad guys exploiting contactless payment systems.

Hackers, whether they’re black hat (bad guys) or white hat (security professionals), are always looking for vulnerabilities in technology. The bad guys’ intentions are to exploit these vulnerabilities for ill-gotten gain, and the security professionals’ are to make the technology more secure.

A white hat hacker demonstrated some of the vulnerabilities of early contactless technologies for Canada’s CBC News. However, these demonstrations took place in unrealistic settings, and the IT professional went to great lengths to concoct scenarios in which this payment processing method could lead to fraud. These scenarios encourage fear, uncertainty, and doubt, without providing any tangible testing value.

In response to the question of security in contactless technology, the Smart Card Alliance stated, “Contactless smart card technology includes strong security features optimized for applications involving payment and identities. Every day tens of millions of people around the world safely use contactless technology in their passports, identity cards and transit fare cards for secure, fast and convenient transactions. Multiple layers of security protect these transactions, making them safe for consumers and merchants. Some of these features are in the contactless smart card chip and some are in the same networks that protect traditional credit and debit card transactions.”

A researcher can manipulate tests in a controlled environment and create a desired outcome that seems to establish vulnerability, but there’s a big difference between that type of demonstration and real world penetration testing. To date, there is no such thing as 100% perfect security, and my guess is that there will never be. With that in mind, it is essential that the good guys continue to work towards that goal, impossible as it may be, and to expose flaws that they find, but they should do it responsibly.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses on CNBC. Disclosures

About the Author
ROBERT SICILIANO, CEO of IDTheftSecurity.com is fiercely committed to informing, educating, and empowering Americans so they can be protected from violence and crime in the physical and virtual worlds. His "tell it like it is" style is sought after by major media outlets, executives in the C-Suite of leading corporations, meeting planners, and community leaders to get the straight talk they need to stay safe in a world in which physical and virtual crime is commonplace. Siciliano is accessible, real, professional, and ready to weigh in and comment at a moment's notice on breaking news.

Similar Posts

  • Mobile Payment is Coming
    Near Field Communications, or NFC, is the exchange of information between two devices via wireless signal. For example, a wireless signal emitting from your cell phone can act as a credit card when making a purchase. This year, over 70 million mobile phones will be manufactured and sold with NFC built in. NFC can be used in
  • Mobile Payment Set to Dramatically Increase
    Mobile payments generally involve three participants: the mobile device, the merchant, and a financial service provider or trusted third party. That trusted third party, or TTP, is an established, reputable fiduciary entity accepted by all parties to an agreement, deal, or transaction. A TTP authenticates and authorizes users in order to secure a payment transaction, and
  • Banks and Credit Card Issuers Move Toward Chip and PIN
    EMV, which stands for Europay, MasterCard, and Visa, refers to the chip and PIN credit card technology commonly used in Europe and elsewhere around the world. Credit cards that incorporate an embedded microprocessor chip are far more secure than any other form of credit card currently available, including the standard magnetic striped cards that are
  • Standards Will Bring Mobile Payment
    Mobile payment has been around for years in numerous forms for purchases such as downloading music, ringtones and various other services and is now gaining traction for retail purchases in the U.S. But its implementation in the U.S. is a bit slower due to a lack of standardization of payment methods and the overall security
  • Which Will Make a Bigger Splash in 2012, Mobile Wallet or EMV?
    During the latter half of the past decade, a heated battle has been fought around the world to determine which payment method will take center stage in the coming years. Many believe mobile payment will leapfrog what is known as EMV, which stands for Euro MC/Visa, or chip and PIN credit card technology, and that

Leave a Comment