How secure are 'contactless' bank card payments?Comments
Paying for mobile phone accounts is becoming easier and quicker thanks to developments in the sector. In this edition of U-talk we look at consumers’ security concerns about these innovative payment methods.
Sophie in Strasbourg asks: “New ways of paying mobile phone bills, such as contactless bank cards for example, seem to be a good thing at first sight. But are these payments really safe? And what about the privacy of my personal data?”
Sophie Nerbonne, a senior official with CNIL, France’s independent date protection authority, provides the answer.
“The contactless card is a new bank card that has a remote payment function, which uses so-called contactless NFC, or Near Field Communication technology, so you can pay without putting your card in the card reader.
“There are two types of risk with the use of contactless bank cards. The first risk was highlighted by a researcher in 2012. It related to the fact that it was possible to remotely read both the holder’s name and the list of transactions, as well as the card number and the expiry date.
“This obviously raised a number of concerns. The CNIL, the French data protection watchdog, immediately contacted the bank card association and now the holder’s name and the list of transactions are no longer available.
“So it’s impossible to clone a remote payment card just from the card number and the expiration date.
“In their current state, contactless payments are secure. But the second risk regarding personal data privacy still exists as the card number and the expiration date remain available. That’s why the CNIL requests that people are fully informed when they are provided with a new bank card using the contactless remote payment technology, so that they can chose whether or not to activate this new feature.”
If you would also like to ask a question on U-talk, click on the participate button below.