Security of proximity payments truths and myths

  • By David Molnar
  • February 17, 2018
  • Comments Off

PayPass and PayWave, these two terms have become very popular in recent months. All this is due to the so-called contactless payments, or as anyone who prefers contactless payments. PayPass and PayWave are the names under which VISA (PayWave) and MasterCard (PayPass) payment organisations provided their bank customers with proximity technology used in card payments.

In short, it is based on the fact that when paying with a contactless card, we do not have to give it to the seller, who then puts it in the terminal. It is enough to bring the card close to the terminal, which will read the data needed for the transaction from it. Moreover, payments of up to PLN 50 are made without the need to enter a PIN code. This therefore reduces payment times.

The two systems are almost identical. However, there is no shortage of signals that, although they should work where contactless payments are available, this is not always possible.

All through the so-called terminal compatibility. There are situations when one point accepts both types of cards, but already with PayWave card we may encounter difficulties with payment in PayPass terminal.

Poles already have over 6 million such cards in their wallets. Banks make their customers happy with them, whether they want it or not. Non-contact cards replace previous cards issued to customers, hence the process of increasing the number of users of these cards is very fast. In 2 years there will be a dozen or so million proximity cards on the market.

Payments are quick and easy, but are they secure?

Whenever there is talk of card payments or Internet transfers, the issue of the security of such transactions arises. The banks are trying to educate their customers and remind them of the basic principles of safe banking. And what about contactless payments?

Does the fashion for this form of payment not overshadow the very important issue of the security of our money?

Are proximity cards safe? What is the awareness of all market participants (banks, points of sale, customers)?

And in the case of proximity cards, is it worth mentioning the risk at all?

Someone may ask the question: if there are only up to 50 transactions, is there anything to worry about?

Seemingly not, but only on the surface. After all, it is not difficult to imagine a situation in which our card in foreign hands can be used for several transactions out of 50. Then the amount of our losses may increase to several hundred zlotys.

An expert from the company providing relevant solutions in this field, Mr. Wojciech Bazyly, speaks on the subject of security. For more information about the company, please visit

We need to be aware that when contactless technology is used, we do not know when others are trying to connect to our card and get the information stored on it. Contactless communication uses popular RFID technology. RFID is a technology that uses radio waves to communicate and transfer the data needed for identification and tracking between a reader and a special tag on the device (e.g. a credit card). The thief can try to connect to our PayPass when we are on the tram or shopping mall. There are many examples on the Internet where uninformed citizens have been hooked up by a substituted person who has read the data from their contactless cards. The data, in the form of the card number, name and surname of the holder, were then presented to the surprise of the holder on a laptop screen. It is not difficult to imagine what a hacker and a thief can do with this data. Simply duplicate the card.

Not only cardholders but also card supply banks are exposed to danger. Most financial institutions provide their customers with cards via post. You do not need to be familiar with the post office in order to scan data from the card, which is in the envelope and addressed to the customer, with a properly programmed reader.

In addition to the problem of theft of money from a citizen’s account, contactless communication creates a wide field for identity thefters to show off. Whether it is a credit card or any other device equipped with RFID contactless technology, it contains or gives access to personal data. Copying them, e.g. from a passport or identity card (it is probable that the new ID cards and passports will be equipped with RFID) creates unlimited possibilities for forgery, extortion, blackmail with the use of their data. An example is the fact that in the US, a person cloned Elvis Presley’s passport (fortunately only for demonstration purposes).

Contactless communication also offers many possibilities for surveillance of the society. Imagine that if you have a PayPass card in your pocket, you move around the city. Hypothetically, the authorities or other stakeholders may be interested in deploying RFID readers in the city, country, or world. When a cardholder is in contact with a reader at all times, the right people know that g

5/5 - (1 vote)
Previous «
Next »