It may be convenient to pay with a wave of your credit or debit card, but Consumer Reports' Andrea Rock says so-called contactless cards make your personal data vulnerable. "Thieves can collect the information while it's being transmitted by using a card reader that costs less than 100 dollars."
To demonstrate, Rock tucks a card reader in her purse and security consultant Henry Bar-Levav puts a contactless card in his pocket. She bumps into him, and in that moment she can steal his credit-card information. "From that little bump in the parking lot, it's possible to download your account number, expiration date, and security data to a computer. From there it's simple to use blank cards to make counterfeits," said Rock.
Recursion Ventures, the security consultants who demonstrated the cards' weakness, were able to use the bogus card to successfully charge a transaction.
You may have contactless cards in your wallet and not even know it. Chase cards say Blink. Mastercards' are called Paypass, and some cards just have a symbol.
"The technology is active whether you use the card for contactless payments or not. And there's not much you can do except ask your bank if they will replace the card with a regular one," said Rock.
Another option is a protective sleeve like one Rock made out of duct tape, lined with aluminum foil. "Recursion's tests showed that it worked better than many of the ones you can buy, but even that didn't block the signal completely."
So while waving your card is easy, making sure it's secure isn't.
The banking industry insists contactless card technology is secure and that there have been no reports of problems. But Consumer Reports says the technology's security must be improved because as these cards become more widespread, they'll become a bigger target for thieves.