While there is some overlap, for contactless credit cards, the standard is EMV which is not a simple RFID system. And NFC used by smartphones for payments is another thing.
The reason you don’t hear a whole lot about people stealing CC numbers via special devices is that there’s a whole lot easier ways to steal them online from the safety of one’s home. One can grab thousands of numbers in a short period of time.*
But the overseas geeks are getting bolder and bolder. Devices to unlock and drive off with various makes of cars are openly sold overseas. And a whole lot of other similar gear. All for not much money. At some point the CC scanners will be sold in bulk and then things might change.
Like TimeWinder I’ve seen a lot of RFID or whatever blocking wallets or card holders lately. And I wasn’t even looking for them.
Keep in mind that people might be carrying cards other than contactless CCs which they may want to protect.
One common way to obtain CC nos. now is to break into the poorly protected cloud storage system where some other cracker has stored their stolen numbers. No honor among thieves.
Historical tangent:
The US fraud rate was low compared to Europe. Europe introduced chip+pin and it took a significant number of years to get their fraud rate down equal to the US level. The US didn’t have the same incentive. But it’s also true that the US is slow on things like this.
Perhaps a stupid question. How does one know if one has a contact-less card. I just looked in my wallet. I have five credit cards, some issued quite recently. None has any indication that it can be “tapped” for payment. Is there something on contact-less cards that tells me? Or should I just try it and see what happens?
Not a stupid question, I was wondering the same thing too. I looked at the cards in my wallet and one has a wifi-looking symbol in the lower right. Here’s a picture, Icon - Album on Imgur.
It’s universal in Aus. All the card readers have been replaced with readers that take contactless payment, it’s faster than pin, and they often don’t accept swipe.
Android pay is making inroads, and when the kids grow up and start buying groceries maybe it will happen, but right now Android Pay is being used for Coffee, not soap.
That’s a fair point. I remember when a company I worked for researched switching its van fleet from diesel to LPG; the initial figures showed a small but worthwhile saving, so we went ahead.
A year down the line, the savings were much more than predicted; our conclusion was that employees weren’t able to steal the gas or use their cards to put fuel in their own cars.
Another advantage of cards is that there is far less cash being carried around, so vastly reduced opportunity for heists. The vulnerable point these days is the ATM; there has been a spate of robberies where thieves have used 4WD trucks or even diggers to drag them out of shops to empty them at their leisure.
About cash vs plastic, fewer and fewer people are carrying cash these days. I carry and use very little, just some small bills for tips, except for some emergency cash tucked away in my wallet. Other than that it’s almost always plastic. It’s very convenient.
The chip does not spit any info at the reader. Unlike a magstripe the chip is encrypted, and the transaction is, or should be, point to point encrypted. The reader just passes the encrypted info on and get an encrypted response back. It never sees any info in the clear. It is orders of magnitude more secure than a magstripe.
Another factor is that we have a lot more banks in the US than your typical European country and they all had to get on board with the idea.
I had both my credit and debit cards at my main bank expire in August and September respectively this year. The debit card is not embossed and doesn’t even have the number on the front, just my name (it’s printed on the back). The credit card is still embossed; I looked at it thinking, “How quaint.” I don’t know if it was because it was a different division or the bank had made the switch in the month between.
Both have the contectless logo on them but I have used it only once. I had to be taught how to do so. I’d been tapping the part on the reader above the screen that showed the logo, would get no response, and shove the card into the chip reader. Finally when there was nobody behind me, I grumbled, “I can’t get this thing to work,” and the cashier said to tap the screen, not where the logo was.