NFC contactless payments aren’t secure…this is news?

Near Field Communication (NFC) contactless payment cardEMV (Europay-MasterCard-Visa) payment cards are a tried-and-true solution for combatting card present or point of sale fraud.  The embedded microprocessor chip encrypts transaction data differently for each purchase.  Optional use of a PIN code to complete transactions offers even more security, combining Something You Have with Something You Know to achieve two-factor authentication.

So what’s the drawback with EMV payment cards?  They’re contact cards which must be put into an EMV card reader for each transaction.  That can be a bottleneck in use case scenarios like mass transit, where a contactless “swipe” is faster.  Consumers also prefer the convenience of swipe-and-go.  So do merchants eager to speed up purchasing and process more transactions per hour.

Enter the contactless payment card, which uses Near Field Communication (NFC) technology to achieve the swipe-and-go transaction experience.  Ta dah!

Just one little problem – NFC contactless payments aren’t secure.

To remind us of that, a University of Surrey researcher eavesdropped on contactless payments at distances up to 90 centimeters – that’s 9X the 10 centimeter requirement, for those unfamiliar with the payment card industry’s rules.  And because contactless payment cards do not dynamically encrypt data, transaction data like the cardholder’s name and card expiration date is exposed.  Skimmers of the world, have at it.

Have a contactless payment card in your wallet?  Think twice the next time you swipe-and-go…