On 1/08/2013 3:02 PM, Kim Holburn wrote: > Whatever info they contain and however it is encrypted, it is enough to make > purchases. All you need is that data. 'purchase', not 'purchases' - the newer versions of the technology transmit a one-time-use code that changes with each transaction - so in the case of someone using a rogue scanner to 'clone' your card, they can only get one transaction to work.
Those purchases are limited to under $100, and the bank has systems that cut in fairly quickly to block the card if they see a significantly higher number of purchases than normal in a short time period. Mainly to protect you against physical theft of the card, or having it found in the wallet you accidentally left on the train and going on a shopping spree, but the same protections work against cloning as well. I seriously doubt that a contactless card, physically stolen or cloned, could rack up a significant value of $99 transactions before the card was locked and you received a call from the bank to verify if the last few transactions were kosher - and under the contactless card terms and conditions, those rogue transactions are reimbursable by the bank no questions asked. In this respect the technology is safer than the contact-chip-and-pin, which if cloned allows the crook to get up to your credit limit in only a handful of transactions, and if stolen is open to claims you might have written your PIN down or allowed them to see it in use. P. _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
