Stealing your money without touching your card! Contactless fraud hackers can break the Visa £30 contactless limit and steal your money.
Fraud is everywhere, and while we can try to avoid it and think we’ll never full victim, it seems criminals won’t stop.
Thing is, we keep being told contactless cards are safe, but I know plenty of people in the Skint Dad Community Group who don’t trust them.
More and more people are using contactless cards though, with 2 in 5 card payments being done via contactless technology.
Alongside that, fraud on contactless card and devices is on the up too! According to UK Finance, £8.4 million was lost through contactless fraud in the first half of 2018 alone!
It appears they are not as safe as we first thought.
Plus, that £30 limit that protects us – nah, that doesn’t seem to matter as they can break through it!
Stealing money without taking your card
It’s an assumption that criminals need to physically take your bank card, and get hold of your precious PIN number, if they want to steal your money, like with general bank card and ATM fraud.
Research has shown that hackers don’t even need to steal your bank card anymore.
If they are close enough to you, they can hack through your contactless card and take what they want.
The £30 limit there to stop overspending doesn’t seem to be an issue either.
Tests were done by cybersecurity company Positive Technologies on behalf of Forbes. Using themselves as guinea pigs, they managed to take three Visa payments for £31 and far bypassed the £30 contactless limit to skim £101 from an account with just a tap!
For every test they did, they managed to skim money from 100% of the accounts, which goes to show how easy this will be for proper criminals.
How the contactless hack works
This isn’t the kind of thing everyone will do, so it’s a very organised crime.
Criminals use specialist hardware to read and add messages between a payment card and the reader.
They can tell it that a PIN isn’t needed, verification has been made (when it hasn’t) and are even able to request more than the £30 limit.
Usually, if a payment goes over £30, the machine knows it’s not able to take the payment. Then, it will need additional verification (like a PIN).
And it’s this that they can hack, change what the machine thinks, and then steal money without even touching your bank card.
The experts commented, “This attack is possible because Visa does not require issuers and acquirers to have checks in place that block payments without presenting the minimum verification.”
However, Visa told Forbes that they aren’t “planning on updating its systems to deal with the hack.”
How to prevent contactless fraud
Obviously, there are criminals out there who are going to be trying this, over and over again as the years go on.
And, it appears there’s going to be no overnight fix to stop it potentially happening.
But, there are things you can do to help prevent getting scammed out of money.
- Firstly, if you’re worried, you could ask if your bank will issue a card without contactless. This may also help if you struggle with overspending money.
- You can even pick up special wallets, purses and protectors to keep them safe (but I’ve managed to make a much cheaper version (obvs) to protect your bank card from contactless fraud).
- I’ve found that keeping bank cards together stops them from being read by the machines (try it next time you shop). The machine can’t decide which card is making the payment so simply won’t do anything.
- Look to see if you can set up payment limits as well as get text message notifications so you can track payments on the go.
- Be sure to check your bank statements regularly. Watch out for unexpected card payments and report them to your bank to check if you’re unsure.
Instead of being able to spend willy-nilly, from September 2019, banks will make sure you have to give a PIN if you pay more than £130 in contactless payments, or when five transactions have been made in one day.
Yes, you may think that it’ll never happen to you and I really hope it doesn’t.
It’s best to be a little wary but if you do have fraud to your account report it to Action Fraud.