Pickpockets targeting contactless payments are set to multiply following the decision by Transport for London to roll out the technology to London Underground stations and BitDefender has outlined a number of precautions to take.
The company has detailed the different types of attacks that could take place including skimming, eavesdropping, hacked terminals, replay attacks, and cross-contamination.
Catalin Cosoi, chief security strategist at Bitdefender, explained that even though contactless payments have the same level of protection as chip and PIN cards they don’t require a PIN number and the RF or NFC technology presents less of a barrier.
“Over the last decade, researchers have shown that fraudsters can pickpocket a victim’s financial data using a dedicated amplifier, an antenna and other low-cost electronics that can fit into a rucksack,” Cosoi stated.
When it comes to skimming attacks, Cosoi recommends that RF-enabled credit cards are kept from being read by using slipcases and wallets to shield them from unwanted scanning.
Eavesdropping attacks, which allow attackers to record information streamed from the credit card tags to another legitimate device from a distance away, can be prevented by using “blocker tags” that trick hackers into thinking there are more tags present.
Hackers also use counterfeit terminals to steal data and although Cosoi admitted these are hard to detect, he urged vigilance. Replay attacks, meanwhile, can be prevented by using session tokens to log-in with random, one-time passwords that aren’t able to be reused.
Relay attacks, which involve receiving data from a malicious terminals, can be prevented by using services with better cryptography to decrease the chances that data can be deciphered by unauthorised readers.
Cross-contamination uses various techniques to find a victim’s address and issue a new bank card, and Cosoi’s only advice once again is to be vigilant and inform the bank as soon as suspicious activity is uncovered.
Lastly, Cosoi’s biggest piece of advice is to never let anyone else walk away with your payment card.Porthole Ad