Thursday, June 06, 2013

WELL LOVED SOCKS, CONTACTLESS CARDS AND KITCHEN FOIL SECURITY.

Contactless  credit and debit cards are going to be the the thing to have, whether you want them or not.  Some banks who say they value their customers, have decided that they will ensure their customers have the contactless cards, there will not be any choice.  Either you are a carrying bank card holder, or, I guess, you do not belong. That's real customer service, of a perverse kind.

Just for interest, I went into one bank, where the staff from the manager down did not know what I was talking about when I asked about their policy regarding contactless cards, they had never heard of them.  Yet, the bank had sent out a major mailing to all their customers about their changeover plans to these cards, just two days before!  

There are banks who appreciate that some of their customers,  rather a lot of them, do not want  the alternative debit or credit cards, they would like to stay with what they know, imperfect though the system may be. Customers are currently more comfortable using their 'old card technology,' a bit like a pair of old reliable pilling socks. They may pill, but they do not fall apart.  These banks are giving their customers a choice to opt out of receiving contactless cards.

People who are holding off changing their arrangements are being cautious. There have been 'accidents'.  Funds have been swiped from accounts, where the purchaser has not consciously used the new style card.  Scanners have picked up the details from cards resting out of sight in wallets or handbags.  Newcastle University has been researching the security of the contactless system.  There are ways and means with unsophisticated equipment to scan for these cards -even from across the street .

Personally, I do not find it comforting to know that only five transactions of up to £20 sterling can be lifted from an account before a block is put in place; that's £100 which can disappear.  It is not clear whether that policy applies to both debit and credit cards.  I do  not find it reassuring to hear that the banks will take the risk and refund any losses.  I just do not want to go there.

If you're with a bank that insists you use their contactless cards and you do not want to change banks, there is a way to try and block accidental or malicious scanning.  If you have not got any kitchen foil, then go get some. I would advise you get a good quality foil which will stand up to at least one day of use.  With the foil, line the outer wall of the wallet in which you keep cards; a similar process is advised for purses (if that’s what you use). Otherwise fit a foil membrane into the section of your bag where cards may be placed. 

It would be a good idea to regularly check the home-made foil membrane for splits and renew
it as necessary, to maintain your security against opportunistic scanners and scanning.







13 comments:

Ian Hutson said...

The banks have truly found a way to make our wallets leak better than before. Auto-payments. Auto-fines. Auto-parking charges. All nicked by remote scanner.

My "bank" (the Yorkshire, and it doesn't deserve the title) is issuing contactless cards to all according to the threat I receive a couple of weeks ago. It's that or "valued Sir" may close "his" account.

This is the bank that doesn't give me an overdraft of any kind, "bounced" a payment on my account that was due for someone else's (!!!) - charged me for the bounce, which took the account into the red by 20p and then re-charged me for the un-authorised "overdraft" to cover the charge for the earlier mistake - and sent me threats about both charges and being in the red!

Oh yes, I trust the banks.

I just won't be carrying my card anywhere.

Vincent said...

my bank has said nothing to me about this but it seems the issue will arise when my present cards run out.

I think it is less risky than you imply. It's clear that only low-value transactions would be doable without a PIN, because of the risk of a card being stolen. I don't think there is too much of a conflict of interest between customer and bank on this. So I'd expect a ceiling on the value of a PINless transaction.

I don't fancy having to unwrap my card from foil every time i use it; but maybe there'll be wallets with a choice of pockets, foil-lined or plain. That would make things easy and safe!

godschool said...

I've heard about this, and about how easy it is for thieves with a certain type of scanner to swipe one's details from across the road. There are now specially-lined wallets to keep the card in, although using kitchen foil is a cheaper option.

flightplot said...

Every time a new type of card comes along there's always problems. If I get one I probably won't use it. Flighty xx

Snowbird said...

I don't know why things have to constantly change. If it's not broken, why fix it? I also hate having to adapt to yet more and more changes, I have so many pin numbers and passwords my brain freezes trying to remember them all!xxxx

ZACL said...

Hello Ian Hytson,

Thank you for commenting. it's nice to meet you.

The Yorkshire Bank's sister organisation has the branch I went into to investigate their policy on contactless cards. All the branch staff from the manager down, got educated in the half hour I was in the bank trying to obtain an answer.

The Product Manager at the end of a phone somewhere in the UK, said there was no opt out with their bank. Interestingly, he also said that there had been a lot of calls about the cards, with many of the callers/customers being dissatisfied about the cards being imposed on them.

There is a choice, I can vote with my feet. It sounds like with your incredible banking experiences with The Yorkshire Bank, you would benefit from doing the same.

Imposing this curious card upon people is not a good position to place customers in, that is why other banks are considering their customer's concerns, (I'll bet they have the same concerns too) and offering an opt out.

ZACL said...
This comment has been removed by the author.
ZACL said...

Hi Vincent,

You may be with a bank that is holding back on introducing contactless cards. Those forcing the issue, include, Santander; Abbey; Yorkshire and their sister banks.

The banks I know of who are offering an opt out include, Lloyds and Halifax. Barclays have offered their credit card with an opt out for some time. There are likely to be other banks in the frame.

You point out with clarity just one of the risks that contactless cards pose, theft. There is also theft by fraudulent actions, such as malicious scanning.

The researchers have found a number of problems, however, they did not state all for obvious reasons. It is their advice to use foil as a simple measure to block the 'simplest' forms of fraud, and accidental scanning.

I know some people do not use measures to protect their computers, they end up having to deal with issues that arise from being exposed to the bad elements, but, so do innocent bystanders with whom they have contact, and who do protect their systems best they can. The impositions of credit/debit cards that are easily abused by third parties, (and accidentally by equipment) is, in my view in much the same league; they have the high likelihood of putting third parties to stress, hassle, and putting them in unhappy situations not of their making. More security work on the cards, before making the customer a guinea pig, is essential.

Until the issues are addressed at a more efficacious level than they are at present, I do not want to be placed in an uncomfortable position I did not ask for. Rather like Ian Hutson, I have to qualify my thinking with, 'do I trust the banks to back up the customer if all hell breaks loose with my account through no direct fault of mine?' As I said, I just do not want to go there.

ZACL said...

Hi GillyK,

I thought there would have to be a marketing opportunity here, however, it was not something I thought had already been produced.

It is cavalier to introduce a debit/credit system that is full of security holes. Admittedly, those who can afford to buy new wallets, purses and handbags with foil linings, will, from what you say, have that option, BUT, why should we be put in that position in the first place!!

Even though kitchen foil is a cheaper option than having to buy lined 'carriers' for cards, why the hell should Jo Public have this foisted on them.

If we choose to buy a computer, a phone or a tablet, we make the choice and therefore, have the responsibility to maintain our levels of security, insofar as we can, with the technology we have chosen to purchase.

If the banks insist that customers have to have such a card, they, in my view, have the direct responsibility for supplying proper carrying equipment for the cards they impose. Or, the customer has the choice to walk to another bank.

What price lack of high street banking competition...here we see its direct effects.

ZACL said...

Hi Mr F,

If you are a user of a debit or credit card, you may find that you will be using your replacement card, either to visit the bank, or, to use an ATM. How the contactless card will work on line is still a mystery to me.

Carrying such a card for innocent requirements could pose a risk, especially if someone around at the time, is into nefarious behaviour.

XX

ZACL said...

Hello Snowbird,

I had a conversation with someone in a computer store yesterday, and the experience of brain freezing with pin numbers was part of the discussion. She worked in the store and had so many numbers to use during her day's work, that when she got home, it was impossible for her to deal with her personal requirements on the internet! Brain overload kicked in.

The proposed new cards do not require a pin to be used - sounds good? We-e-ll, yes; but, for all the security issues highlighted just now with contactless cards, there seem to strong benefits to have the infernal number layers of security with the cards we currently use. Bank staff, who you would expect to be security conscious, are currently giving a thumbs down to the cards.
xxx

thehumanpicture said...

It’s safest to stay in the middle of the herd. And then go along with the crowd. There’s no point in fighting this constant modernization. It’ll happen anyway. But your idea of using silver foil, or whatever, is a good idea.

ZACL said...

Hello Shimon,

What you say has resonances of past experiences. In this case, yes, I agree, the technology is being introduced. However, there are so many security holes in the greater system that third parties have highlighted the poor levels of security and some of the forms it takes. The banking industry kept quiet. The industry cannot deny the issues and are saying, (now they've been forced to speak) they will compensate customers for any losses that occur. Who wants that stress and hassle?

How can anyone trust the banks to do as they say, when the banks have shown their disregard for their customers by being secretive about the high potential for fraud or other loss with the contactless card? The system should not have been installed until proper security and risk analysis had been done. Patently, it has not.

The public have to be aware of the lack of security in the structure and where possible, given the means by which to protect their accounts. The banks which have no opt out, should, in my view, be required to provide protective wallets/carriers for the new cards. The banks with no opt out, are relying on customers deciding it is too complex to move to another provider who offers an opt out, or, on customer inertia.

But for all this Shimon, yes, you are right. Thanks for your comment.