No, Criminals Can't Use Free Apps To Clone Your Cards With 'PayWave' Feature
Social media postings claimed that fraudsters have found a new way to steal information from contactless cards.
There has been a lot of fuss about the usage of contactless cards in the last few days as a rumour about 'electronic pick-pocketing' has surfaced, making people to have doubts about security
An infographic that has been circulating on social media claimed that smartphone applications - which can be easily downloaded for free - can be used to "scan" a card and to steal the card's information.
It was alleged that criminals can use the stolen information to make clone cards or unauthorised transactions.
According to the infographic, this was made possible due to the contactless card's 'wave' feature that is supposedly vulnerable to electronic pick-pocketing.
To prove a point, someone even made a video to demonstrate how it can be done.
It's good to note that the various financial services corporations are currently providing contactless payment solutions and transactions, even when they have different names such as PayWave – Visa; PayPass – MasterCard; ExpressPay – American Express; and QuickPass – UnionPay.
The latest discovery suggests that there is a cause for concern, but should all Malaysians get paranoid?
Quite a number of people testified that speculations about the applications being able to "steal" card information are somewhat true.
It was revealed that these smartphone applications were able to retrieve data such as card number, the card's expiry date and the card's transaction history.
However, many have since pointed out that the information obtained is not sufficient to make clone cards or unauthorised transactions.
There is no opportunity for fraud because the thieves simply do not have access to enough information
According to Bank Negara Malaysia (BNM), all payment cards in Malaysia have adopted Europay, Mastercard and Visa (EMV) chip card technology with advanced cryptographic security which prevents the cloning of cards since 2005. It added that no cases of cloned EMV chip cards have been reported so far.
A criminal's attempt to make unauthorised transactions is also foiled with added security measure such as CVV2 (Card Verification Value) code which is the last three digits that could be found at the back of your card.
Bank Negara Malaysia (BNM) has also dismissed reports about this 'electronic pick-pocketing', saying that the rumours are untrue
BNM stressed that contactless cards are equipped with the following safety features:
1. Advanced cryptography where a unique code is generated for every single card-present transaction, which is used to authenticate the transaction.
2. TAC (transaction authorisation code) that will be sent directly to a cardholder's mobile phone and must be entered when conducting any online transaction. Without the TAC number, the transaction will not be approved.
3. Important information on the card cannot be e-pickpocketed.
"With these safety features, cards cannot be cloned or used for unauthorised transactions by fraudsters," it said in an official statement on its Facebook page yesterday, 18 January.
Additionally, major financial services corporations have introduced liability shift rules that protect Malaysian cardholders. What this simply means is that cardholders are protected against unauthorised transactions.
"In the event card details are misused at an overseas merchant’s website that has yet to implement a stronger authentication method, the said merchant will bear the liability of any fraudulent transaction," BNM reportedly said, adding that reports should be made immediately to the respective institutions to have those transactions corrected quickly.