Are Cybercriminals Getting in on the Act?
Obviously, the somewhat loose nature of pay-and-go transactions — which don’t require a PIN, signature, or any other type of authentication — make physical theft of contactless credit and debit cards more lucrative for criminals. And contactless fraud is on the rise; nearly £7M was lost in 2016, more than double than in 2015.
Still, you may be thinking that, in the grand scheme, £7M is not that much. And you’d be right. Contactless fraud represented just over 1% of overall card fraud in the UK in 2016. But gains are gains — and cybercriminals are bound to follow the money trail, particularly as more and more consumers opt for the convenience of pay-and-go transactions. Paymentsense, a European merchant service provider, recently reported that 48% of shoppers want the ability to customize the single-transaction limit on their cards, and the top reason stated was because they believe the £30 ceiling is too low. (Note that, in some cases, device-based contactless transactions — like those made through Apple Pay or Android Pay — already support higher limits.)
Right now, cybercriminals need proximity to commit contactless card fraud. That means getting their hands on your credit or debit card or getting close enough to you to use a radio frequency identification (RFID) scanner to lift your credentials. Though the Independent article indicated that “digital pickpocketing” is an unlikely turn of events, the Mirror had something else to say. Regardless, it doesn’t hurt to switch over to an RFID-blocking wallet and to ensure that you always keep your contactless card within your eyesight (if not within your own hands).
The simple reality is that cash is no longer king; according to the British Retail Consortium, card payments exceeded cash payments in 2016 for the first time. And retailers are even likely to lose business if they don’t offer a card option; recent Paymentsense research revealed that nearly half (45%) of UK shoppers — and 54% of Londoners — will leave a small business or independent outlet if they cannot pay with a credit or debit card, and 25% of those say they are unlikely to ever return.
While the numbers show that cybercriminals may not be focusing on contactless fraud now, they are likely to follow the money in the future. As this technology continues to become more widely adopted, look for the industrious to develop their own tools to fatten their wallets by exploiting terminals, banks, and unsuspecting consumers.
Subscribe to the Proofpoint Blog