Skip to main content

How to prevent contactless pickpockets

Pickpockets targeting contactless payments are set to multiply following the decision by Transport for London to roll out the technology to London Underground stations and BitDefender has outlined a number of precautions to take.

Related: Contactless cards blamed for rise in all crime rates Down Under

The company has detailed the different types of attacks that could take place including skimming, eavesdropping, hacked terminals, replay attacks, and cross-contamination.

Catalin Cosoi, chief security strategist at Bitdefender, explained that even though contactless payments have the same level of protection as chip and PIN cards they don’t require a PIN number and the RF or NFC technology presents less of a barrier.

“Over the last decade, researchers have shown that fraudsters can pickpocket a victim’s financial data using a dedicated amplifier, an antenna and other low-cost electronics that can fit into a rucksack,” Cosoi stated.

When it comes to skimming attacks, Cosoi recommends that RF-enabled credit cards are kept from being read by using slipcases and wallets to shield them from unwanted scanning.

Eavesdropping attacks, which allow attackers to record information streamed from the credit card tags to another legitimate device from a distance away, can be prevented by using “blocker tags” that trick hackers into thinking there are more tags present.

Hackers also use counterfeit terminals to steal data and although Cosoi admitted these are hard to detect, he urged vigilance. Replay attacks, meanwhile, can be prevented by using session tokens to log-in with random, one-time passwords that aren’t able to be reused.

Relay attacks, which involve receiving data from a malicious terminals, can be prevented by using services with better cryptography to decrease the chances that data can be deciphered by unauthorised readers.

Cross-contamination uses various techniques to find a victim’s address and issue a new bank card, and Cosoi’s only advice once again is to be vigilant and inform the bank as soon as suspicious activity is uncovered.

Related: Bye-bye Oyster Card? Contactless payments rolled out on London tube network (a year late)

Lastly, Cosoi’s biggest piece of advice is to never let anyone else walk away with your payment card.Porthole Ad

Jamie is a freelance writer with over eight years experience writing for online audiences about technology and other topics. In his time writing for ITProPortal he wrote daily news stories covering the IT industry and the worldwide technology market, as well as features that covered every part of the IT market, from the latest start ups to multinational companies and everything encompassed by the IT sector. He has also written tech content for our sister publication, TechRadar Pro. Jamie has since moved into sports betting content and is Content Manager at Betbull.