Academic claims contactless payments pose data security risk
By Guy Matthews,
The rise of contactless payment systems, which use RFID technology to transmit customer credit card information to a retailer's reading device, is posing a substantial risk of fraud and the theft of personal data, experts have warned.
Visa, MasterCard and other card companies are claiming that systems used by retailers will generally be secure enough to make contactless payment work safely. They have begun trialling a number of uses of the technology in the UK and around the world.
The technology is designed to allow quick and easy payments or around £10 or £20 to be made by cards with no signature required.
But security researcher Professor Kevin Fu of the University of Massachusetts says a lot of today's contactless systems are transmitting credit card account numbers 'in the clear', without any encryption.
"Without more robust systems, current RFID credit cards are vulnerable to personal information disclosure and cross-contamination of information," he said. "Financial companies must not only think about fraud, but also about other consumer rights and concerns. Mechanisms for fixing most of these vulnerabilities already exist."
"The much vaunted 'cashless society' is rapidly approaching," commented Ian White, EMEA compliance practice leader at security vendor Cybertrust. "Contactless payments technology offers retailers and consumers alike significant benefits in ease of use and reduced costs, but raises significant information security issues that retailers of all sizes must be prepared to address if the market is to be driven forward."
He says the new technology will make a growing band of retailers suddenly subject to the demands of the Payment Card Industry Data Security Standard (PCI DSS).
"This mandate applies tight guidelines on the management and storage of customer information and credit details - such as PIN numbers - to reduce the risks of identity theft and fraud," he says.
"In a climate of growing consumer data security awareness, retailers need to be aware of the requirements of the PCI DSS and potential changes they will need to make to their policies, processes and technologies if they are to securely exploit the rapidly emerging contactless payment technology," he adds.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
What is your password worth?
Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.
- Macs under attack?
- Intel: security inside
- Are you spending too much on IT security?
- Does the government want to snoop on your data?
- Eurocrats versus the cyber criminals
- The truth about spam
- Google and privacy: What’s the problem?
- Q&A: Symantec’s CISO on the source code hack
- RSA: Back from the breach?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- IBM bans use of Siri on iPhones
- Apple iPad 3 vs iPad 2 head-to-head review
- Lenovo ThinkPad X1 Carbon Ultrabook review : First look
- Chromebooks: What's gone wrong?
- HP plans massive job cuts
- Google: Government controls are the internet's biggest threat
- Macs and Android under malware threat
- Sony Vaio T13 Ultrabook review: First look
- RIM loses its head of sales
- ARM-based Windows 8 tablets facing delays
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
