PLEASE READ BEFORE POSTING

Hello Forumites! In order to help keep the Forum a useful, safe and friendly place for our users, discussions around non-MoneySaving matters are not permitted per the Forum rules. While we understand that mentioning house prices may sometimes be relevant to a user's specific MoneySaving situation, we ask that you please avoid veering into broad, general debates about the market, the economy and politics, as these can unfortunately lead to abusive or hateful behaviour. Threads that are found to have derailed into wider discussions may be removed. Users who repeatedly disregard this may have their Forum account banned. Please also avoid posting personally identifiable information, including links to your own online property listing which may reveal your address. Thank you for your understanding.

We'd like to remind Forumites to please avoid political debate on the Forum. This is to keep it a safe and useful space for MoneySaving discussions. Threads that are - or become - political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

MSE News: Regulator to tackle contactless card security flaw after MSE investigation

Former_MSE_Faye
Former_MSE_Faye Posts: 147 Forumite
edited 7 April 2017 at 4:02PM in House buying, renting & selling
Bank customers who have cancelled a contactless card may no longer have to check statements for signs of fraud....
Read the full story:
'Regulator to tackle contactless card security flaw after MSE investigation'
OfficialStamp.gif
Click reply below to discuss. If you haven’t already, join the forum to reply. If you aren’t sure how it all works, read our New to Forum? Intro Guide.
See the latest news from MoneySavingExpertNews
Follow the MSE on Twitter: @MoneySavingExp
Get Martin's Money Tips
Join the MSE Forum
«13

Comments

  • bigadaj
    bigadaj Posts: 11,531 Forumite
    Ninth Anniversary 10,000 Posts Name Dropper
    Surely you'd be a fool not to check your statements, for contactless fraud or any other sign of misuse or issue.
  • gavrc
    gavrc Posts: 8,226 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    Not much good if the stolen card is being used to buy low value items every now and then. Are you going to remember you didn't spend £2.48 in Tesco four weeks ago? The bank knows when the payment hit it if the card used is valid or not, ie if the payment is fraud or not. The money shouldn't be taken from your account if you've cancelled the card. You did your bit , anything after that is the bank's problem. Full stop.

    gav
  • muhandis
    muhandis Posts: 994 Forumite
    Eighth Anniversary 500 Posts Name Dropper Combo Breaker
    Exactly. The customer's responsibility ends when they inform the bank. It's good to see that the FCA is acting to make that crystal clear.
    gavrc wrote: »
    Not much good if the stolen card is being used to buy low value items every now and then. Are you going to remember you didn't spend £2.48 in Tesco four weeks ago? The bank knows when the payment hit it if the card used is valid or not, ie if the payment is fraud or not. The money shouldn't be taken from your account if you've cancelled the card. You did your bit , anything after that is the bank's problem. Full stop.

    gav
  • StopIt
    StopIt Posts: 1,470 Forumite
    This must be the easiest flaw to solve I have ever seen.


    Just make contactless transactions online. Yes it'll take a few seconds longer (God forbid!) but means it'll then check the live hot files.


    The other steps become completely un-needed. Visa have the right idea.

    In debt and looking for help? Look here for the MSE Debt Help Guide.
    Also, If you need any free and impartial debt advice, the National Debtline, Stepchange, and the CAB can help.
  • eddddy
    eddddy Posts: 17,391 Forumite
    Part of the Furniture 10,000 Posts Name Dropper
    edited 30 March 2017 at 10:12AM
    StopIt wrote: »
    This must be the easiest flaw to solve I have ever seen.

    Just make contactless transactions online. Yes it'll take a few seconds longer (God forbid!) but means it'll then check the live hot files.

    The other steps become completely un-needed. Visa have the right idea.

    Not in all circumstances.

    London Underground entrance gates accept credit/debit contactless cards - they allow 40 passengers a minute through. And there are still queues at rush hour.

    Adding 2 seconds per passenger might cut throughput by half, and therefore double the queue lengths.

    All London busses accept contactless - online checking over a wireless data connection might take even longer than 2 seconds, and might be impossible if a bus stop is under a bridge etc.

    All London Black Cabs accept contactless - they maybe dropping off a passenger in a place with no data signal.

    Many toll roads and bridges accept contactless - adding 2 seconds per vehicle would increase queuing times.



    On a broader level, the card networks, card issuers and the merchants have taken the decision that they will take the hit on fraud losses, because of the reduced costs and increased revenues generated by offline contactless transactions - which is fine.

    But the card issuers should be highlighting potentially fraudulent transactions to their customers, instead of just quietly slipping them on to their statements.
  • StopIt
    StopIt Posts: 1,470 Forumite
    eddddy wrote: »
    Not in all circumstances.

    London Underground entrance gates accept credit/debit contactless cards - they allow 40 passengers a minute through. And there are still queues at rush hour.

    Adding 2 seconds per passenger might cut throughput by half, and therefore double the queue lengths.

    All London busses accept contactless - online checking over a wireless data connection might take even longer than 2 seconds, and might be impossible if a bus stop is under a bridge etc.

    All London Black Cabs accept contactless - they maybe dropping off a passenger in a place with no data signal.

    Many toll roads and bridges accept contactless - adding 2 seconds per vehicle would increase queuing times.



    On a broader level, the card networks, card issuers and the merchants have taken the decision that they will take the hit on fraud losses, because of the reduced costs and increased revenues generated by offline contactless transactions - which is fine.

    But the card issuers should be highlighting potentially fraudulent transactions to their customers, instead of just quietly slipping them on to their statements.


    Ah, London. Forgot about that.


    Edge case though. And easily identified too especially if you lose your card and suddenly someone decides to go on a binge of TFL related fun at your expense.

    In debt and looking for help? Look here for the MSE Debt Help Guide.
    Also, If you need any free and impartial debt advice, the National Debtline, Stepchange, and the CAB can help.
  • King_Of_Fools
    King_Of_Fools Posts: 1,597 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    edited 30 March 2017 at 10:59AM
    StopIt wrote: »
    Just make contactless transactions online. Yes it'll take a few seconds longer (God forbid!) but means it'll then check the live hot files.
    The work canteen uses contactless and offline transactions are instant. However, every so often it decides to do an online transaction and this takes about 30 seconds. I have no idea why it takes so long but the cashier always groans when it happens and says, "Not another one!"

    I hate to think what would happen if they all start taking 30 seconds.

    The obvious solution is to do the check before applying the charge to the bill, when you have the time and computing power to do it overnight.
  • VT82
    VT82 Posts: 1,081 Forumite
    Part of the Furniture 1,000 Posts Name Dropper Combo Breaker
    Seems like a very good result. An easy answer would have been to force banks to take the hit when offline payments are made on a stolen contactless card, by having them cross-reference against the list of cancelled cards and refunding them to the customer automatically.

    The whole raft of measures coming out of the investigation sounds like the FCA are going above and beyond to improve best practice across the board, out of what was really only a relatively minor issue. Good stuff MSE.
  • rtho782
    rtho782 Posts: 1,189 Forumite
    Part of the Furniture 1,000 Posts
    To me, if the transaction is online or offline is an irrelevance. If a retailer wishes to process offline it should be down to their risk if they process a lost/stolen card. When the transaction is eventually processed, it should be blocked.

    Whoever takes the hit - retailer, bank, etc - it shouldn't be the customer.
  • James
    James Posts: 2,059 Forumite
    Part of the Furniture 1,000 Posts Combo Breaker
    If YOU don’t want a conctactless card then can I suggest the following:

    Speak to your card issuer and ask them to furnish you with a non-contactless card. Some card issuers do this, others don’t.

    If you card issuer can’t issue you with a non-contactless card then have them record on your account that you will not be carrying out any contactless transactions. If a contactless transaction is recorded on your account then they should treat it as fraudulent. The ball is now in their court.

    I’ve done both the above. It’s my choice, not necessarily everyone’s, but it suits me. Just a suggestion.
This discussion has been closed.
Meet your Ambassadors

Categories

  • All Categories
  • 347.8K Banking & Borrowing
  • 251.9K Reduce Debt & Boost Income
  • 452.2K Spending & Discounts
  • 240.1K Work, Benefits & Business
  • 616.2K Mortgages, Homes & Bills
  • 175.3K Life & Family
  • 253.4K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 15.1K Coronavirus Support Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.