Posted on

Accidental contactless payments – what you should do when it happens

With RFID contactless payment bank cards and travel cards like Oyster cards, accidental contactless payments can easily happen, just by having your purse or wallet within range of a card terminal or access gate, also known as “card clash”.  These type of convenient payment cards do not need the users to input or authorise the transaction with a pin, users are unable to stop this happening without already having bought RFID protection or shielding.

Easy to use contactless payment instructions, just as easy to make accidental contactless payments
Look , Touch, Confirm. It’s easy to use an RFID bank card and just as easy to make accidental contactless payments.

What you should do when  an accidental contactless payments happens

Make a note of date and time and location of the accidental contactless payment/transaction takes place, keep any used tickets and receipts incase the service refuses to refund.

Find your nearest member of staff or information point and ask for information about disputing the contactless transaction error. Not all members of staff may know what to do, if this happens ask for complaints or general enquiries telephone numbers and contact them.

If you are using a travel service in London like the bus, Tube, tram, DLR, London Overground, TfL Rail, Emirates Air Line, River Bus and National Rail and have an online account. Login and check to see if you have been incorrectly charged. Note the transaction and register the dispute with Transport for London online. Or alternatively contact them by telephone 0343 222 1234 (call charges apply)

If you are using Oyster card pay-as-you-go it is harder to prove ownership of the card when the transaction happened, so it is important you dispute the payment as soon as it happens with a member of staff.

If you are unable to resolve the issue with the retailer or travel service, contact your bank with full details of the contactless payment and why you dispute the contactless payment giving full information, the bank can look into accidental payments on your behalf with the retailer/service.

How to prevent accidental contactless payments using RFID bank cards

Most RFID contactless payment terminals work at short ranges, so keep your purse and wallets at least 20cm (8 inches) away from the terminal. Hacked or altered terminals and specialist readers can read up to 1.5m or further.

Banks can send out VISA /Mastercards without contactless payment RFID chip included, contact your bank and ask for one if you really do have concerns, but you will lose the convenience contactless payment brings.

Purchase a good quality RFID protected wallet or purse.
It must protect/shield 13.56 Mhz RF frequency, all contactless payment cards use this international standard, if you have security cards or keyless passes these typically use 125 khz. These are usually premium products and cost a bit more than a normal leather wallet or purse.

It is possible to render you bank card unable to use contactless payments by drilling through the chip inside the card. This is not recommended as you could damage the card so it is completely unusable, if you do this you will have to order another card from your bank and that could take time.

Faraday cage can block accidental contactless payments, and RFID payment cards. Conductive material such as aluminium foil, conductive paint, wire mesh, or any of a number of material can block radio frequencies, different materials are better and worse at blocking different frequencies, and the Faraday cage has to completely enclose the cards. So, no leaks or gaps, will mean no radio waves can get in or out, blocking the RFID signal. This method takes out the convenience out of contactless payment, it can work, but it’s not so easy to use.

How to get your money back

If you believe you have been a victim of card fraud always, contact your bank immediately and to quote the Payment Services Regulations. These say that you must be refunded immediately if you are a victim of fraud.

If the bank can show that you were careless with your card and PIN or password, you will be liable for a maximum of £50, although many banks and building societies will waive this.

If that doesn’t work, then you can complain to the Financial Ombudsman.

Posted on

Criminals Planting Keyloggers On Smartphones

Iphone Lock Screen
Locking screen on Apple iPhone

Smartphones will become the number one target for cyber criminals within five years, according to police and security experts.

Sky News has been shown how hackers are developing viruses to by-pass a phone’s security, including the latest biometric systems.

The malware ‘Trojan horse’ gives cyber-criminals undetected access to a phone’s internal systems, where they can see every key stroke entered by a user.

This has serious implications for those who use their phones to access bank accounts and apps that hold sensitive, personal information.

:: Crime Agency Loses Fight Against Alleged Hacker

Roughly a quarter of the world’s population own smartphones and the United Kingdom is top of the list with six out of 10 people owning a device.

Keiron Shepherd, senior security engineer at the world leading cyber security company F5 Networks, has been monitoring the targeting of mobile devices by hackers.

He told Sky News: “If you just consider the amount of smartphones and the number of people, it’s a great surface area for attackers to go for.

“Windows was the predominate system, it was the path of least resistance for the malware writers. Devices and operating systems which were considered not an issue to be worried about in the past have now become a target for the malware writers.”

:: HSBC Online Banking Hit By Cyber Attack

One virus monitored by F5 Networks imbeds in an innocent-looking advert on a website. When clicked, the virus infiltrates their device and monitors every key stroke, even when the user accesses their bank accounts.

Keiron Shepherd said: “The way this virus can insert itself between the applications you’re using before it accesses the internet gives it a chance to extract critical data such as credit card numbers, bank accounts; anything that’s of high value.

“It really is a numbers game. They’ll throw enough malware out there and hope it returns a good investment.”

Police are monitoring an increase in complaints of fraud committed against smartphone users.

City of London Police Commander Chris Greany, the national police lead for cyber protection, said: “People who carry a mobile phone are actually carrying a mobile computer.

“It’s not a phone with a computer attached. It’s a computer with a phone attached and it is as risky using this as it is using the desktop at home.”