Pay with a touch
Credit cards and debit cards have now entered a new era, in line with the speed of electronic payments and the ease of online payments. If at its appearance, a few decades ago, the credit card was read with a mechanical reader that copied the number to be used for the transaction onto a sort of carbon paper of the receipt, today credit and debit cards are read exclusively electronically.
It is the famous POS (acronym for Point Of Sale, i.e. "point of sale") where we all insert our card to pay for groceries, clothes or even just a beer. The aim is to reduce and discourage the use of cash and many countries, especially in Northern Europe, are already virtually "cash free": it is also possible to use the cards to get on the metro (actually this is also possible in Rome and Milan) or pay for a coffee.
From the POS where the card is inserted, we quickly moved on to the POS based on RFID or NFC technology, which essentially recognizes a particular electronic device from a distance without the need for physical contact. It is the same technology which, for example, is used to prevent thefts in shops by affixing particular labels which are detected at the exit.
The use of the contactless card speeds up payment operations and allows the rapid use of dedicated readers even in situations of heavy traffic of people, such as in stations, subways, etc. Just place (or "plug" according to an ugly neologism borrowed from English) the card on the reader or touch it for the payment to be debited instantly. Generally under €25 in expenses, no code is required and the charge is instantaneous.
Can they steal my personal data?
Contactless use has raised questions about the security of such a fast payment that does not require any authorization. Also accomplices some urban legends, yes there is a certain fear on the use of these cards. Let's try to clarify. The fear is that the credit card could be read remotely in order to use the data to make purchases, perhaps online, or to create physical clones of the card itself.
A few years ago there were reports on TV and in the newspapers, with a photo, which went viral, of a guy who on a bus had a portable reader to steal cards simply by passing close to unsuspecting passengers. This story has been greatly exaggerated and enlarged, but in theory the danger is there.
Ever since credit and debit cards have existed, malicious people have learned to have “skimmers” or cloners, who, by passing the card over it, detect the data on it, allowing it to be cloned. Today, i Portable POS, small and discreet, to be used also in connection with a mobile phone to request payment. They are used by consultants and professionals who may travel a lot to get their bills paid on the spot. In theory, it is enough for an attacker to use a portable POS to read the cards of people identified at random on public transport or even to have amounts credited to their current account without their knowledge.
Even today there are apps that, if used on phones that include RFID technology, allow you to read the data of your own or other people's cards equipped with contactless technology, but in reality the theft of data is not so immediate.
How to defend yourself?
There are various ways to avoid abuse and fraudulent use of one's means of electronic payment, but it is also necessary to distinguish the real alarm from the hoaxes. In general there are two risks; the first is the immediate debiting of expenses not made, the second is the interception of card numbers to be able to use them perhaps on e-commerce sites.
The use of portable readers is primarily limited by the proximity of the card to be read, which must be there within a couple of centimetres away from the reader: therefore it is difficult for a card to be read if kept in a bag or in an internal pocket, more likely that a reading can be done by keeping the wallet in the back pocket of the trousers.
Fraudulent devices capable of "reading" cards 80 cm away have been created, but they are certainly not within the reach of petty thieves. Even if the thief wanted to use a portable POS reader commonly on the market, assuming no one sees it, it must be considered that he would have to debit the stolen cards from some current account and which would therefore still be easily traceable. Unless you use virtual current accounts, perhaps based in foreign countries with little control over these procedures, such a procedure would be risky for the thief.
There are also encryption systems used by cards to "talk" to POS terminals which protect them from interceptions made with devices that are not regularly reported.
Finally there are the low spending limits for the use of contactless cards without authorization, thanks to which it is possible to avoid fraudulent debits. The system is therefore intrinsically safe, according to Kaspersky Lab which already years ago defined the risk of theft as very low, but there is still the possibility of stealing some information (but fortunately not all) from credit cards, as anyone can prove using one of the many apps for read contactless systems.
Cases and easy shielding methods
For those who do not want to live in anxiety, however, there are easy methods to defend the privacy of their credit cards. First of all, credit card cases can be purchased (also on Amazon) for a few euros, they are able to shield the card against RFID interceptions, someone recommends wrapping the card in foil, but there are no guarantees that it will work and it is in any case an impractical method.
Some go as far as to recommend using a very fine drill bit to destroy the credit card's RFID antenna, but it's a decidedly paranoid method which will most likely only lead to the destruction of the card itself.
Prudence rules always valid
In any case, the rules of prudence to be adopted with any physical card apply to contactless cards to prevent the name and card number from being easily copied and therefore reusable. The same rules apply when using the mobile phone as a contactless means of payment, although in this case it is easier disable the function on the mobile phone and a preventive pin is always required before payment.
There is no need for sophisticated equipment if you have paper, even if only for a brief moment: just copy all the data shown with a pen to cause considerable damage by buying online fraudulently.
The physical passage of the card must therefore be limited as much as possible, therefore it is better to "plug" or swipe the card in person at the POS without entrusting it to shop assistants or waiters and it is worth covering part of the number and control codes printed on the back of the card with a piece of tape. Better still would be to erase the codes on the back with a cutter and memorize them.
Be careful even when you personally use a POS: always enter the PIN away from prying eyes and possibly covering with one hand to avoid the cameras of the room where you are. Many banks or credit card circuits allow you to disable the contactless function from the web and it is therefore advisable to inquire in order to have total security in this sense.
The functions that banks make available to control their electronic transactions must then be enabled: SMS alerts for each expense and daily account statements on the mobile phone, in order to always have control over the expenses made and promptly notify the bank in the event of fraudulent use.
