As our readers already know, changes are coming to the world of credit cards. Chief among those, as a new article in Wired states, are EMV cards, which “have an embedded microchip that authenticates the card as a legitimate bank card to prevent hackers from embossing stolen card data onto blank cards to use it for fraudulent transactions. The chip contains the same data that traditionally is stored on a card’s magnetic stripe, but also has a certificate used to digitally sign each transaction. Even if a thief steals the card data, he can’t generate the code needed for a transaction without the certificate.”
But this same news article is warning that researchers at Newcastle University found a flaw in the “NFC” aspect of the cards — the “Near Field Communication” that allows “contactless” paying in venues, on transit, etc. The flaw was “in the card system developed by VISA for use in the United Kingdom fails to recognize transactions made in non-UK foreign currencies and can therefore be tricked into approving any transaction up to 999,999.99.
“Consumers need only have the card in the vicinity of a reader without swiping it,” the piece continues, and “a thief carrying a card reader designed to read a card that’s stored in a wallet or purse could conduct fraudulent transactions without the victim ever removing their card.”
To be sure, it’s unclear whether this would apply to other currencies in other countries, or anywhere on the street, as Visa stated that “it would be very difficult to complete a fraudulent payment of this kind outside a laboratory environment.” Further, the company adds that “the flaw appears only in the contactless feature of the cards.”
But that flaw may be a concern for the “payments future” that many see coming, that may not involve cards at all. “Virtual wallets” from Apple and others — confining all your payment and account information with an app that also uses NFC technology, “renders the payment experience nearly invisible,” as industry newsletter Greensheet states. “No more waiting in line to pay for purchases in store, just pick up your purchase and go.” Similarly, in restaurants, you could be ordering your food — with menu preferences relayed to the kitchen — and paying for it, at the same time.
But in the wake of breaches that these new payment methods are supposed to guard against, InfoWorld ran a recent column that wondered aloud if “trouble is brewing in mobile payments.”
The column mentions that large retailers are banding together to create their own version of “virtual wallet” payments, the largest called “CurrentC.”
But, the column continues, “given the amazingly poor data security that large retailers like Target, Home Depot, and others have demonstrated, you might see where this could be a problem. In fact, it’s already problem. CurrentC has already lost data to malicious attackers.”
Such breaches and “failures cause financial harm and distress to millions of people every year, yet they are still not being dealt with at any level that might cause some change in the industry,” the piece says, concluding that “these events need to be handled at a legislative level, but will unfortunately take more time and more data loss events. In the meantime, these same retailers want us to trust them with direct access to our bank accounts and other financial instruments.
“To state it plainly, the same companies that have suffered massive breaches of customer credit card data due to their lax security practices now want even more of our sensitive data, and to provide even more avenues for fraud and identity theft. “
In other words, they times they are a-changin’, when it comes to payments. But the Yellow Brick Road ahead still has plenty of snags and bumps ahead. Yes, we’ve badly mixed metaphors and cultural references in that sentence, but the point is that even though someone might insist they know exactly what the payment landscape of the next few years will be like, there will always be surprises.
Help us help you plan for those surprises, especially in these transitional times where payments will continue to be a “mix” of the old and new — everything from “checks” and eCommerce payments, to increasingly versatile mobile card readers, and more.
The world of payments may not be “Kansas” anymore, but we’re here to help you navigate it.