I understand how using something like Apple Pay or whatever the android equivalent is is secure, using things like one-time-codes, but how is having a card that can do tap-to-pay secure? Couldn’t someone just copy the wireless signal it gives off and then use that in place of my card?
In: 5
It’s not. It’s just more convenient.
However, that doesn’t mean your method will work. You’re describing something that would work if it was a magnetic stripe card, but neither chip+pin or contactless chips use this method.
Both chip+pin and contactless have a tiny processor chip inside them that is powered by the card reader. When you use it, the card reader asks the card to calculate a relatively complex math problem, using some numbers that only your card knows, and some numbers sent to the card reader by the bank.
The answer to this calculation is used by your bank (or card issuer) to verify that it’s your real card, and that it’s being read by a legit card reader by a legit business.
When the bank receives this, and it sees that the transaction is below a certain value, it’ll approve of the transaction. If it is above a certain value, it’ll ask for the PIN code for contactless as well.
Some people claim that wireless card attacks are easy to do from a distance, but it’s pretty difficult and the risk to you is low. It’ll be easy for banks to detect a “rogue” modified card terminal, and you’re likely insured against these types of attack if they should happen to you.
Latest Answers