We'd like to remind Forumites to please avoid political debate on the Forum. This is to keep it a safe and useful space for MoneySaving discussions. Threads that are - or become - political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
MSE News: Banks must take action over contactless card security flaw, says leading MP
Former_MSE_Steve_1
Posts: 79 Forumite
in Credit cards
The chair of the House of Commons' influential Treasury Select Committee has called for banks to do more to protect customers after MoneySavingExpert.com revealed that crooks are able to use contactless credit and debit cards months after they have been cancelled....
Read the full story:
'Banks must take action over contactless card security flaw, says leading MP'
Click reply below to discuss. If you haven’t already, join the forum to reply. If you aren’t sure how it all works, read our New to Forum? Intro Guide.
'Banks must take action over contactless card security flaw, says leading MP'
Click reply below to discuss. If you haven’t already, join the forum to reply. If you aren’t sure how it all works, read our New to Forum? Intro Guide.
0
Comments
-
Contactless decreases the security around your money shocker. Joke that currently it works if you use a cancelled card.0
-
Either banks have been careless, or they need to sort out their IT systems
Isn't the careless part a given?0 -
The banks allow cards to be used off-line whether this be contactless or chip-n-pin, its just less likely to have your card and pin stolen. So I assume if your pin was known, even if a card was cancelled it could be used as c&p months after if offline.
The onus on stopping transactions on cancelled cards from appearing on an account should be with the bank, since you have done your part and got the card cancelled, you shouldn't need to be still checking eight months later. Its convenient for banks to allow off-line transactions and not monitor accounts for such small transactions.
There needs to be either an improvement in their IT systems or a financial penalty. Such as if you find transactions from cancelled cards, not only will they reimburse you but pay an additional £50 per transaction.0 -
Now the TSB demand for PIN after several transactions suddenly make excellent sense.
I find even when blocked this way, you can still use it for Oyster transactions. Otherwise, bus won't let you ride, in the middle of the night, they discover your body next day, raped, robbed, stabbed and then raped again by necrophiliacs. Bad publicity for Contactless.0 -
Now the TSB demand for PIN after several transactions suddenly make excellent sense.
I find even when blocked this way, you can still use it for Oyster transactions. Otherwise, bus won't let you ride, in the middle of the night, they discover your body next day, raped, robbed, stabbed and then raped again by necrophiliacs. Bad publicity for Contactless.0 -
AFAIK TfL use a local "deny list" at each validator so a reported card could not be used for travel (or used in other scenarios where outstanding fares have not been paid, for example, insufficient funds at end of day). In a way, it is probably one of few places where the reported card could not be used.
As mentioned, where transaction value counters are breached (i.e. several contactless transactions have been made without the use of a PIN) travel is permitted (provided the card is not on the deny list).0 -
The onus on stopping transactions on cancelled cards from appearing on an account should be with the bank
This is it in a nutshell really. It's not really a security flaw IMO, it's an implementation flaw (well, from the customers' point of view; I'm sure most banks like the status quo).
From the table in the article, M&S is the only bank to have a "correct" implementation (i.e. customer reports card lost/stolen, no transactions appear and they are not contacted about them).0 -
This is it in a nutshell really. It's not really a security flaw IMO, it's an implementation flaw (well, from the customers' point of view; I'm sure most banks like the status quo).
From the table in the article, M&S is the only bank to have a "correct" implementation (i.e. customer reports card lost/stolen, no transactions appear and they are not contacted about them).
The problem is that banks don't see it as a problem! They would most likely cite that any fraudulent transactions from lost/stolen cards would be reimbursed and completely miss the fact that the consumer has to identify them, when really they should be able to check every transaction, irrespective of amount and irrespective of whether it was done offline/online.0 -
The consumer should ALWAYS check their statements to check all transactions are genuine - that is a given because if they do not they deserve to lose out IMO.
These days it is not rocket science is it to check either their paper statements or onlinr statement or on a mobile device (or even telephone banking).0 -
jonesMUFCforever wrote: »The consumer should ALWAYS check their statements to check all transactions are genuine - that is a given because if they do not they deserve to lose out IMO.
These days it is not rocket science is it to check either their paper statements or onlinr statement or on a mobile device (or even telephone banking).
It's like losing your house keys with address information, and the insurance company saying "don't bother changing your locks, just take inventory every day and if ever there anything missing you can start a claim"0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 347.8K Banking & Borrowing
- 251.9K Reduce Debt & Boost Income
- 452.2K Spending & Discounts
- 240.2K Work, Benefits & Business
- 616.3K Mortgages, Homes & Bills
- 175.4K Life & Family
- 253.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 15.1K Coronavirus Support Boards