[access-uk] Re: Contactless payment cards (was Accessible bank card)

  • From: dudleym@xxxxxxxxxxxx
  • To: access-uk@xxxxxxxxxxxxx
  • Date: Wed, 08 Apr 2015 19:54:35 +0100

Hi, if the only info you can't get is the name on the card and the cvv cryptogram then I wouldn't be at all comfortable. If they can get the card number, expiry date
info and somehow find out your name then they could quite easily purchase from amazon, no 3 digit security is required. I just created a new account with them,put in the account number and expiry date and hey presto my purchase went through.
Not a chance that I'd have one of these cards.

Martin

lsmithso@xxxxxxxxxxxxxxxx recently said:-


Hi: A while ago there was a conversation on here about the
accessability and security of contactless payment cards. I received
mine a few weeks ago, and finally got around to testing if I could
read it with a smart phone.

The answer is yes. I can read the card number, the expiry date, card
type, the card issuer and the number of PIN attempts left, and that
was that. The card holders name and the cvv cryptogram are not
readable.

The card has to be held within 1cm of the back of the phone for about
0.5 seconds for it to be read. It could be reliably read when inside
my wallet, in my trouser pocket. Wrapping the card in a single
thickness of cooking foil completely prevented the card from being
read.

Given that less information is exposed by NFC than is available from a
casual glance of the card, and that any eavesdropper would have to get
pretty touchy feely to be able to scan my card without my knowledge,
then I'm pretty relaxed about having this card in my wallet. I feel
no more vulnerable than if I used a non-contactless card.

App details:
Banking card reader NFC (EMV)
https://play.google.com/store/apps/details?id=com.github.devnied.emvnfccard&hl=en

Android Nexus 5.

--
Les Smithson
** To leave the list, click on the immediately-following link:-
** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=unsubscribe]
** If this link doesn't work then send a message to:
** access-uk-request@xxxxxxxxxxxxx
** and in the Subject line type
** unsubscribe
** For other list commands such as vacation mode, click on the
** immediately-following link:-
** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=faq]
** or send a message, to
** access-uk-request@xxxxxxxxxxxxx with the Subject:- faq

** To leave the list, click on the immediately-following link:-
** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=unsubscribe]
** If this link doesn't work then send a message to:
** access-uk-request@xxxxxxxxxxxxx
** and in the Subject line type
** unsubscribe
** For other list commands such as vacation mode, click on the
** immediately-following link:-
** [mailto:access-uk-request@xxxxxxxxxxxxx?subject=faq]
** or send a message, to
** access-uk-request@xxxxxxxxxxxxx with the Subject:- faq

Other related posts:

  1. Home
  2. access-uk
  3. Archive
  4. 04-2015