Not to want a debit card with contactless technology?

[Molehillmountain]

Had my bag taken earlier in the week and have just had replacement card with contactless technology. I don't feel all that comfortable tbh. Within twenty minutes of being stolen, my previous card had been used (although the payment was refused). Aibu to think this would just make it easier and more attractive to steal cards? Or am I just jittery after the events earlier in the week?

It is different to what we do now, toombs, because it removes the human checking element.

To debit a card now, it has to be pushed into a slot. So it's very clear when a card is being used and which card it is.

Contactless cards open the possibility for scams where one card is being shown but another, nearby and concealed, is actually being debited. Or for scanning through a handbag.

I don't know exactly how this weakness will be exploited, but it's certainly a weakness.

OK I wrote the above before you added your further explanation - which hasn't reassured me one bit. Because the security you describe is no security at all to both of the scenarios I describe.

And being able to suspend the account immediately you realise there's been a theft ain't a "bonus". It's a minimum operating condition for any card account. It will also be harder to do even than now (and god knows having a card stolen already causes chaos) if you've just lost YOUR PHONE.

Sorry, I think this technology will be very popular because people lurrrrve their phones. And may also cause significant security probs.

Sorry, StaceyM, I ended up repeating some of what you'd said.

toombs I don't want to have to dispute low-level transactions if my card is stolen. When I was mugged, I didn't need to worry about someone using my card as they didn't know the pin. If I'd been mugged now, I would have to worry due to the contactless technology.

And why are banks ok with this? I don't like the "It's ok if some fraudster/mugger steals your card and uses it for £20, we'll pay you back". That's not the point, the money has to come from somewhere. No wonder there's a banking crisis when they're so blasé.

The card has to be touched on the reader, the maximum read range is 5mm, you can't scan through any significant object such as a bag or get it to selectively choose a card to read.

The immediate card suspension is better, the phone is "killed" over the air as soon as the loss is reported, within seconds.

I am obviously still living in a cave. No idea what you are all on about but it sounds terrifying to me.

Off to google.

Slopes off embarrassed about my technological ignorance.

NiniLegsInTheAir It's not your money, it hasn't cost you anything, you don't need to get paid back. If you report the loss any transactions are the responsibility of the credit card company not you.

Toombs - how is it not our money when this technology is applied to debit cards?

Not a side comment I'm genuinely confused by this

So quite enough to read through a pocket then. And enough to read through a dummy card in a typical season card holder with the real card behind it.

The people on the Lost or Stolen Card lines don't exactly hang around when you call them. They too cancel in seconds while you're talking to them. That isn't where the delay happens, it's in making the phone call. See the problem?

Yabu. It's not going to start buying things spontaneously as you wonder through a mall. You have to place it firmly on the reader.

Yes, if you lose it you may have to alert the card company so they can refund the crazy teenager buying Macdonalds but that's true if you lose it currently - your card can be used online or cloned.

Yes, there are security issues but I would far rather risk losing my card, where j get my money back if anyone uses it between
It being stolen and it being turned off, than walk around with cash. And the contact less (inappropriate name btw) is very handy in that it really dies make shopping for small purchases much quicker and easier.

Thanks for comments! I think the thing that worries me is not that I won't get my money back. The bank was so on the ball that the transaction that was attempted wasn't allowed -their fraud department seems very good so no one, bank or me actually lost money. It's just that, when more places have it, casual theft might seem more attractive. Several lots of £20 would be worth the risk for them I think. And really, is it that hard to put a pin into a card reader?

I have had several for about a year. I use them fairly frequently, lots of places in central london seem to be set up. Its mostly for food at so really helps with queues and is only a small amount of money. At the beginning the machines used to not work but I haven't had a problem in ages.

It doenst bother me at all but I suppose I'm using an oyster card anyway which is the same thing pretty much.

toombs of course it's our money - many of the banks are funded by the taxpayer! And they use money stored in accounts etc on the stockmarket/loans/whatever to make more money to keep themselves in business - how is that not our money?

Have you tried to snick your hip up into a card reader to let it read through your pocket? You are being silly, unless the reader is placed at convenient hip height and angle and you slam your butt or hip against it after someone has ring up your purchase you will not buy anything by mistake.

We also have a very good grasp of how well the "report it stolen and you won't be liable" dynamic works, because it's been used for years with ordinary cards.

The answer is not 100% of transactions are refunded. Some because of not reporting in time, some the banks blame the customer.

You know, for many people, these risks may be worthwhile and they may love the new technology. But that's different from pretending there are no new risks.

Yes, but the card is still active, it can still be used. The phone is dead. The card would normally be in a holder, my Oyster card is. It still has to be touched on the reader which is in the same place as the chip & pin reader is now.

peanutMD it only applies to credit cards there will not be contactless debit cards.

Sorry, bling, was that at me?

I'm talking about the pirate card reader held by the criminal pressed against you on the tube...

SerialKipper Currently the technology to do this isn't there, you can't use a pirate reader to clone a card. The encryption is very good (3DES if you want to look it up).)

YANBU

I have just got mine through the post and I am unimpressed with the idea.l

Think it should be a choice not a definate

"Yes, but the card is still active, it can still be used."

Eh?

toombs thats not true, i have contactless credit and debit cards (Barclays). Still doenst bother me, as its the banks problem if fraud occurs not mine.

I worked on the contactless project, the limit will be about £20 because shops like Tesco's average small transaction per customer are £20 or less. If there are more than 2/3 transactions quickly the card will be put on stop until you call them - as with most cards 5/6 transactions in a day will also so do this, along with unusual spending patterns and other things that are programmed into the security system.
You are no more likely to have your card stolen because you have a contactless card than you are if you have a normal card and you are less likely to have lots of money taken from your account as they probably won't have your pin number.
It's bloody handy, I'd have one like a shot if I banked with the bank I use to work for - I don't because I got a better deal elsewhere after I left.

LikesContactlessTiggaxx

littleducks So there are, my mistake. I didn't know this had been adopted for debit cards too. I work in the smart card/NFC field not the banking sector.

But it will take time while the bank sorts it out, and in the mean time we cant eat?!

Yes, but that would happen whatever card it was.

Of course the pirate technology's not there yet. It'll be developed in response to the card roll-out.

So the only real thing standing between this and card-cloning is the encryption? Thanks for info about that, btw, shall ask my techie sources.

It may be that encryption is enough. But let's not kid ourselves. There were two layers of security to this: the techno security and the physical handling of the card.

And now one of those layers has been removed.

(As techie friend puts it, you can install all the scanners and fingerprint readers and high-tech wotnot you like at the gate. But you still have a bloke with a gun to make sure there's no funny business.)