The Contactless Fear Factor

June 19, 2012, 3:57 a.m.
Phil Sealy, Principal Analyst


Has the contactless fear factor already begun in the UK before contactless payments is truly adopted on a mass scale? It certainly looks this way. Back, in April 2012, Channel 4 aired a demonstration on how someone or a criminal can simply “sniff” a contactless card with the use of an NFC phone. By using a simple program the phone extracted the long card number, the card holders name and expiry date. A very similar demonstration was aired more recently (10 May) on a popular UK morning show called This Morning. Again the technology consultant was demonstrating the ease of extracting information from a contactless payment card.

The program did go on to say that BarclayCard had responded stating that contactless cards were perfectly safe, although they admitted that the information obtained was possible, although the “sniffer” would not be able to access the CVV code (the three digit security code on the rear of the card required for card not present (CNP) transactions) or the card holder’s address. Was this statement really enough of an effort in reassurance? I am not too sure.

Although the address and CVV code cannot be obtained it is fair to say that some online retailers do not require or ask for that information to process a transaction. So what was the technology expert’s opinion and advice? It was to check your account on a regular basis and or buy a safe wallet (one that has a foil protection sleeve to prevent sniffing.) Now I for one check my bank account on a regular basis, but would not want to do it on a daily basis in the fear of fraudulent use nor would I want to buy a specially designed wallet or cover my contactless card in tin foil!

HSBC is the latest bank to begin offering contactless payment cards and will begin deploying contactless debit cards in the UK to those cards that will expire from May onwards. More interestingly is a statement within HSBC’s press release stating that customers have the choice and can opt out if they do not wish to use the technology by simply making the bank aware before the card expires. Is this to allow the consumer the choice or also a reaction from HSBC in light of recent bad press and its feeling that maybe some consumers may not feel contactless is safe.

I think more of an effort needs to be placed on positive media, showing how contactless and NFC is safe or any potential fraud is minimal, the benefits to consumers and business and the improved user experience and convenience of the tap and go experience. The only good example I can think of (within the UK) is Barclay Cards advertising campaign for its Playtag solution. TV advertisements demonstrated the benefits and ease of use. More positive promotion like this could go a long way in creating awareness and confidence in contactless technology. Although there is no current evidence to suggest that criminals are targeting contactless technology this will surely change as penetration and popularity of use increases. The banks are certainly the gate keepers in terms of contactless deployments and I have no doubt that penetration and development will continue. The recent tentative approach to HSBC’s launch is certainly food for thought and it will be interesting how banks already deploying contactless payment cards respond and deployment strategies that those yet to deploy contactless cards will employ.