HSBC Contactless Card

greenorange

I have a student account with HSBC that I haven't used much in the last year (haven't got around to switching all my direct debits/payments to them from first direct).

I've finally started switching over, however HSBC have said I am not eligible for a contactless card, which is quite a pain as I use my FD one a lot.

Any idea how I can become eligible, or is it simply because I haven't used the account much?

Jamie_Carter

Don't get a contactless card, there have been loads of security issues with them.

One was where someone with the right app on their smart phone can stand close to you and clone your card.

The other was on Watchdog recently, where people had an oyster card in the same wallet as their contactless card, and the payment was taken from the contactless card on busses.

reclusive46

Jamie_Carter wrote: »

Don't get a contactless card, there have been loads of security issues with them.

One was where someone with the right app on their smart phone can stand close to you and clone your card.

The other was on Watchdog recently, where people had an oyster card in the same wallet as their contactless card, and the payment was taken from the contactless card on busses.

You must really despise contactless cards.

Smartphones can't read the latest version of contactless EMV. At least not enough information, as the name is not even available now.

Oyster people have brought it upon themselves really. The TFL has had several posters telling customers to remove their card or oyster card that they wish to pay with. Also if OP doesn't live in London, then its not really an issue.

greenorange

Jamie_Carter wrote: »

Don't get a contactless card, there have been loads of security issues with them.

One was where someone with the right app on their smart phone can stand close to you and clone your card.

The other was on Watchdog recently, where people had an oyster card in the same wallet as their contactless card, and the payment was taken from the contactless card on busses.

I believe contactless is quite secure and they have implemented more security so the cloning with a mobile is not a problem anymore. I live in London, but remove my Oyster card from my wallet when I want to use it, so that's not a problem.

TBH I'd rather have the ease of paying with contactless and accept that if someone unlikely skims my card or some problem happens as a result of contactless, the bank will deal with it and I wont be at a loss.

Jamie_Carter

reclusive46 wrote: »

You must really despise contactless cards.

Smartphones can't read the latest version of contactless EMV. At least not enough information, as the name is not even available now.

Oyster people have brought it upon themselves really. The TFL has had several posters telling customers to remove their card or oyster card that they wish to pay with. Also if OP doesn't live in London, then its not really an issue.

I haven't got one, and I don't want one.

They haven't been out long, so if what you say is correct, then loads of people still have the ones that can be read by smartphones

JuicyJesus

Jamie_Carter wrote: »

I haven't got one, and I don't want one.

They haven't been out long, so if what you say is correct, then loads of people still have the ones that can be read by smartphones

But any you get now will not be readable by smartphones.

And they've been out for at least five years.

Jamie_Carter

JuicyJesus wrote: »

But any you get now will not be readable by smartphones.

And they've been out for at least five years.

Are you sure they have been out that long? I only remember the adverts for the last couple of years. And not all banks have them yet.

I have seen many different methods of credit card fraud over the years. But it always used to be a case that if you kept hold of your card, rather than giving it to someone else to swipe, then there was little chance of your card being skimmed. And with ATMs they have come up with various methods to prevent skimmers being inserted. However with contactless cards it is possible to skim them whilst the card is still in your possession.

The banks will try to convince you that they are safe now. But nothing that gives out information via a signal will remain 100% secure for long.

Don't believe everything the banks tell you.

Cycrow

They've been out at least 4 years, as thats when i got a contactless barclaycard.

just checking online, it appears the first ones released were in 2008, by barclaycard

JuicyJesus

Jamie_Carter wrote: »

Are you sure they have been out that long? I only remember the adverts for the last couple of years. And not all banks have them yet.

Yes. Contactless has been around for yonks.

I have seen many different methods of credit card fraud over the years. But it always used to be a case that if you kept hold of your card, rather than giving it to someone else to swipe, then there was little chance of your card being skimmed. And with ATMs they have come up with various methods to prevent skimmers being inserted. However with contactless cards it is possible to skim them whilst the card is still in your possession.

This has not yet happened and is currently as of now a fantasy made up by people who dislike contactless cards. It is also a lot harder to actually do that most people who put this forward say it is - especially given that output from contactless cards is encrypted, so even if you did manage to get close enough to trigger someone's contactless card, all you'd get is meaningless burble.

The banks will try to convince you that they are safe now. But nothing that gives out information via a signal will remain 100% secure for long.

Having a magnetic strip on your card is far more insecure. Easily read, easily copied, the card is easily duplicated, everything is held in plain text. If banks wanted to cut fraud they could do so far more readily by getting rid of the magstripe than they would by getting rid of contactless.

Don't believe everything the banks tell you.

I'd rather believe everything the banks tell me than a load of paranoid b*llocks. Honestly it gets tiresome having to say the same things in every contactless thread, since the same sh*t gets spread around by the media and naturally if it's between the Daily Mail and the "banks", the Mail wins.

Jamie_Carter

JuicyJesus wrote: »

Yes. Contactless has been around for yonks.

It has only been used for credit/debit cards in the UK since 2008. It has been used for transport tickets for longer.

JuicyJesus wrote: »

This has not yet happened and is currently as of now a fantasy made up by people who dislike contactless cards. It is also a lot harder to actually do that most people who put this forward say it is - especially given that output from contactless cards is encrypted, so even if you did manage to get close enough to trigger someone's contactless card, all you'd get is meaningless burble.

Why would people dislike contactless cards, they would be far more convenient if they could just be made 100% secure.

I can't go into details for obvious reasons. But there are some huge holes in credit card security that the banks need to close up before they bring out gimmicks.


These reports are from 2012, so some people will still be using these cards.

http://www.telegraph.co.uk/technology/news/9163969/Barclays-contactless-cards-exposed-to-fraud.html

http://www.thisismoney.co.uk/money/cardsloans/article-2119697/Electronic-pickpockets-targeting-contactless-credit-debit-card-holders-smartphones.html

http://www.channel4.com/news/fraud-fears-grow-over-contactless-bank-card-technology

http://www.mendeley.com/research/practical-attack-contactless-payment-cards-1/

JuicyJesus wrote: »

Having a magnetic strip on your card is far more insecure. Easily read, easily copied, the card is easily duplicated, everything is held in plain text. If banks wanted to cut fraud they could do so far more readily by getting rid of the magstripe than they would by getting rid of contactless.

I'm not arguing that magnetic strips aren't secure, as I'm fully aware of that. However you can't read a magnetic strip by just being in the proximity. With contactless cards this is what they are designed to do.

Encryption is just a challenge for many hackers. And most encryption is broken eventually.

JuicyJesus wrote: »

I'd rather believe everything the banks tell me than a load of paranoid b*llocks. Honestly it gets tiresome having to say the same things in every contactless thread, since the same sh*t gets spread around by the media and naturally if it's between the Daily Mail and the "banks", the Mail wins.

I'm not paranoid, or a conspiracy theorist, but I do obviously know more than you about credit card security.

reclusive46

Jamie_Carter wrote: »

It has only been used for credit/debit cards in the UK since 2008. It has been used for transport tickets for longer.




Why would people dislike contactless cards, they would be far more convenient if they could just be made 100% secure.

I can't go into details for obvious reasons. But there are some huge holes in credit card security that the banks need to close up before they bring out gimmicks.


These reports are from 2012, so some people will still be using these cards.

http://www.telegraph.co.uk/technology/news/9163969/Barclays-contactless-cards-exposed-to-fraud.html

http://www.thisismoney.co.uk/money/cardsloans/article-2119697/Electronic-pickpockets-targeting-contactless-credit-debit-card-holders-smartphones.html

http://www.channel4.com/news/fraud-fears-grow-over-contactless-bank-card-technology

http://www.mendeley.com/research/practical-attack-contactless-payment-cards-1/




I'm not arguing that magnetic strips aren't secure, as I'm fully aware of that. However you can't read a magnetic strip by just being in the proximity. With contactless cards this is what they are designed to do.

Encryption is just a challenge for many hackers. And most encryption is broken eventually.



I'm not paranoid, or a conspiracy theorist, but I do obviously know more than you about credit card security.

If your really that fussed, have two contactless cards and put them next to each other in your wallet. Problem solved.