So, I have just received my new Visa cards, and they have this Paywave activated on them.

Now, being in the security industry for the last 20+ years, my first thoughts cannot be reproduced here, but suffice to say, it was along the lines of, "You have got to be kidding..." :o

Ever since debit or credit cards have become commonplace, we have been told to sign it ASAP, and to protect & cover your pin when entering it. All good advice.

Then along comes Visa and introduces a way that you don't even have to take your card out of your wallet to pay for your goods. This has got to be the single biggest breach of security short of leaving the doors open to the vault in the Reserve Bank.

Now, I understand that there are limits to the amount that can be paid for using this Paywave, however, those limits are set by the merchants themselves. I understand that Bunnings, for instance, has a $100 limit per transaction, while Woolies are looking at $30 or similar.

One of my biggest beefs is that there is no opt out or opt in system to this. You get a new card, it is on there, and that is that. The judges decision is final, no correspondence will be entered into, thank-you for calling.

My scenario is this...

I drop, loose, or misplace my card without knowing, and without my permission.

Bad guy finds card, goes to the local Bunnings, and makes a $99 transaction. No ID, nothing.

On his way to the next Bunnings, he stops past Repco, Supercheap & Autobarn to grab some stuff for his car, into Woollies for a pack of smokes, and then into the next Bunnings.

By the end of the day, I have lost $1000 (if I am lucky to have that much in the account), and now must prove & fight with the bank to get my money back.


Now, both Visa & the bank say they have policies where if there are unauthorised transactions on my account, they will refund me the money. This is fine in theory, however, even if I get a statement once a month, I have to recall every single transaction. Yes, I know I can look it up on line, but this is more time that I am spending doing their job. Ie: looking after my money.

The fortunate thing is, I understand how these contact-less cards work, and I know how to disable it. But, before I do, the question is, am I being paranoid? Sure, it would be good to be able to give the kids my card to get a bottle of milk from Woolies or wherever, but isnt that what cash is for?

What worries me is that a pocket size scanner can read your card even if in wallet in pocket. I was encouraged to make a metal shield to cover the card when not in use.

You need to add another option to the poll - Would you disable it if you could

I don't have it yet on any of my cards and I doubt I would want it if I had an option. Your scenario is spot on from my point of view.

Ivan

Good point, Ivan.

I know how to disable the Paywave, while leaving the smart-chip intact, but others may not...

If I could workout how to modify the poll, I would.


And, as for cloning a card, it actually isn't THAT easy. However, if you were in a crowded place, and the skimmer could be close to you for a couple of mins, it is possible.

We need to keep in mind too, that as fast as these things are rolled out, the bad guys are working just as fast to find ways to use them to their advantage.

Not a matter of being paranoid...just prudently knowledgeable :p

just because "they" can, then it appears "they" do so as to have a point of difference... I admit to still signing my credit card vouchers!

Reminds me of the cartoon where the two blokes arrive at someone's door with a package and the dialogue goes something like this

"You have been identified from our database as a member of the age/income demographic for this product now owned by 97% of that demographic. We have therefore taken the liberty of delivering this product to you and debiting the credit card attached to your savings account thereby saving you 0.5% for the immediate payment which was successful....":eek:

Watch out... it's only a matter of time...

Its easy, works and I've had no problems so far. If the crooks want your money there is easier ways to get it that trying to 'hack' into your credit card using paywave... I would imagine the stats on stick-ups or pick-pocketing is much higher than the high-tech stuff we constantly get told by ACA/TT to be afraid of.

Anyone know of any real-life examples of someone getting fleeced through paywave?

ME!
dropped my card at a servo...... $742.82 racked up on it within the 4 hours it took me to notice it was gone (when i went to buy food for dinner).
Having hells own job with westpac for the money, they say they accept responsibility "from the second they are notified the card is lost/stolen".
I have a lawyer doing my bidding atm:twisted:
Fortunately it's a debit card and that was all there was in the account!

ME!
dropped my card at a servo...... $742.82 racked up on it within the 4 hours it took me to notice it was gone (when i went to buy food for dinner).
Having hells own job with westpac for the money, they say they accept responsibility "from the second they are notified the card is lost/stolen".
I have a lawyer doing my bidding atm:twisted:
Fortunately it's a debit card and that was all there was in the account!

And THIS is exactly my point.

Sorry to hear about your woes, Wardy.

The big issue I have is the statement "from the second they are notified..." I have been know to go to the servo at 10 or 11pm. If you drop your card then, you may not notice until well into the next day...

Why is it so hard for them to offer an opt-out provision?

Been a victim of fraud ( via my iTunes account!) and got my money back....eventually.

I tried to use this paywave gismo and wouldn't work in Bunnings, so I haven't bothered with it since. I find myself using cash much more than 10 years ago. Keeps things real!

ME!
dropped my card at a servo...... $742.82 racked up on it within the 4 hours it took me to notice it was gone (when i went to buy food for dinner).
Having hells own job with westpac for the money, they say they accept responsibility "from the second they are notified the card is lost/stolen".
I have a lawyer doing my bidding atm:twisted:
Fortunately it's a debit card and that was all there was in the account!

****ty thing to happen, but that's not really a paywave issue - they could do the same by copying your signature. I was talking more about the 'hack' issue where someone gets your card info remotely and somehow uses it to fleece your account.

Why is it so hard for them to offer an opt-out provision?

You can disable paywave by not having a PIN attached to the card. If you only sign dockets then paywave wont work.

Its pretty clear that a PIN and paywave are just as safe (more so in fact) as your signature though - so why the gnashing of teeth?

Good point, Ivan.

I know how to disable the Paywave, while leaving the smart-chip intact, but others may not...

.........We need to keep in mind too, that as fast as these things are rolled out, the bad guys are working just as fast to find ways to use them to their advantage.

Would love to know how to disable that nasty little function...so that if/when my family receive cards with this..... :mad:

I stand in awe of your restraint..... I also, could'nt believe it when this was rolled out.

- No point in asking "What were they thinking" , 'cos "they" were'nt. At all.

Quite bluntly, these things are foisted on us because the average punter is stupid, and/or too lazy to think things through.

Want an example ? - Torches of Freedom - Cigarettes and Women's Rights - YouTube

Interestingly, at the same time he was rabidly against his own family smoking....

This is the man who is regarded as the Father of Public Relations (Propaganda) and amongst other things, originated 'Bacon & Eggs' as THE hearty, appropriate breakfast for everyone.

His methodology is religiously used by modern day advertisers.

Food for thought.:eek:

You can disable paywave by not having a PIN attached to the card. If you only sign dockets then paywave wont work.

Its pretty clear that a PIN and paywave are just as safe (more so in fact) as your signature though - so why the gnashing of teeth?

Paywave requires no ID as to who is using the card. No pin, no signature. You dont even have to take it out of your wallet.

There is NO WAY that Paywave can be MORE secure than a pin or signature.

And, according to my Credit Union, Paywave is active on your card as soon as you get it.

Where is the option "Scammers delight"?

I have trouble using Visa. Usually in any store that is part of the Woolworths group. Many a tim I have left hundreds o dollars worth of stock at the checkouts of Dan Murphy's, Masters and Woolworths because they will not accept my Visa card. The problem is a Woolworths group policy made by a bean counter.

I have had my VISA details stolen electronically twice in the last five years.
Once wassuspected Thailand telecom personnel intercepting data flows through an exchange.
The other was suspected to be from a UK site ( Paddocks).I think their site had been hacked and redirected to a bogus site.

In both cases it was discovered by "Falcon" and I was not billed, however I had to submit a stat dec. It was a pain in the neck because on each occasion the card number was cancelled, and I had to remember periodic transactions, one of which was RTA and I eneded up paying penalties for tolls when my card bounced.

I would think if I still had my card in my safekeeping, and had non approved transactions the same would occur.
Regards Philip A

I get even more shirty when I drop a $50 note and someone spends it :wasntme:

It's the way of the future...cashless society...treat it like cash with the benefit, if you notice it missing...cancel it. Can't do that if you lose cash!
Get used to it.

Merry Xmas all.

Im surprised to see so many people dislike paywave.
Although, I was in a fuel store yesterday,
shop attended says to the person in front of me "is it okay to use paywave?" and by the time the customer says "whats that" and agrees and it takes longer than doing it the ol' fashioned way :p

Any unauthorised transactions are refunded, VISA and the banks know exactly what the fraud risks are and are happy to absorb it so dont be paranoid and get on with life.

Where is the option "Scammers delight"?

I have trouble using Visa. Usually in any store that is part of the Woolworths group. Many a tim I have left hundreds o dollars worth of stock at the checkouts of Dan Murphy's, Masters and Woolworths because they will not accept my Visa card. The problem is a Woolworths group policy made by a bean counter.

I thought it was only visa debit they wouldn't accept, don't blame them as it costs them a fee every time you use it, and you could just use your normal debit card instead. It's easier for them to just say no then charge you a surcharge or increase prices across the board to cover the costs.

My wife is a bank manager and Im in a line of work that draws my attention to obvious risks... and all Im saying is, we wont be having them....
at all....


...ever....



cheers

I had to remember periodic transactions, one of which was RTA and I eneded up paying penalties for tolls when my card bounced.


Regards Philip A

Same thing happened to me after wallet stolen ( cards were cancelled within about 5 minutes) I completely forgot about renewing RTA periodic transactions and it took a year for my RTA toll account to run out of credit. Then I started receiving penalty notices. When I explained what had happened to the RTA toll people they just debited the tolls with no penalty from the account with the new CC details. Renewed my faith in some parts of the Australian government.

I had a Paywave card and after a stuffup with a transfer of funds handed it in and went back to a conventional access card.
Simpler and easier to use. Discussion with a person at the bank that there had been a lot of these cards handed back for either the same or similar problems.

It's the way of the future...cashless society...treat it like cash with the benefit, if you notice it missing...cancel it. Can't do that if you lose cash!
Get used to it.

Merry Xmas all.

Is that the same future that John Howard predicted about cashies going the way of the dodo after the GST was introduced...:angel::wasntme:

Cash rules - always... doesn't matter if your being paid it, or spending it - I'd like to see what sort of a discount you get buying a TV or other decent purchase if you opened your wallet and showed them your 'Pay Wave' card - I seem to get a fair amount of interest from Sales reps when shopping when they see my wallet stuffed with $100 notes....

I don't see a cashless society in my future, or in anyones - I think too many people (Including me) that don't trust the banks or the technology enough to not carry cash - what happens when a computer system fails - it seems to be happening with the banks a bit lately - and you need to buy something - how far will your little piece of plastic get you then...

I for one would always like a back up to that, and I make sure I do...

I have recently received new mastercards and it seems paywave is automatic on these as I did this at the local Bunnings. I did not have to request it nor do I think I can have it disabled. Jim

Just the mindless sheeple in the add not knowing how to cope with cash put me off. Beyond that it goes against the whole concept of verification. I sign the rare times I use my card and I will and do complain if they don't check the signature.

I'm one of those annoying folk who don't sign my card.... only have "Verify Photo ID" on it... and is'nt it amazing the number of shop assistants etc who check my signature without reading the words.....:p

I had a Paywave card and after a stuffup with a transfer of funds handed it in and went back to a conventional access card.
Simpler and easier to use. Discussion with a person at the bank that there had been a lot of these cards handed back for either the same or similar problems.

That's not a paywave issue though is it?

Just looking at the Poll results....

The 'real' figures IMHO, are the 15 who reckon its only for the benefit of the Customer, and the 21 who see it as the work of Satan. - 42% and 58%.

The other two categories are irrelevant.:o

The size of the Yes vote shows that the heirs of Ed Bernay are doing their job well...

But that's just the opinion of a white-haired CYNIC...;)

Where is the option "Scammers delight"?

I have trouble using Visa. Usually in any store that is part of the Woolworths group. Many a tim I have left hundreds o dollars worth of stock at the checkouts of Dan Murphy's, Masters and Woolworths because they will not accept my Visa card. The problem is a Woolworths group policy made by a bean counter.
remember reading some where with woolies it depends which acc you press , credit or savings or cheque ask next time you go to woolies

Look, at the end of the day...

I have a MasterCard... It was never used... Ever...

It sat in my wallet which was never left anywhere - even in my house it goes in my bedroom draw when not in my pocket.

I had an issue on the way to Brisbane (Tombies Trip thread!) and needed to splash on accommodation for a night.

In the Novatel, I swiped said card - watched the woman swipe it... And took it back... It never left my sight, or disappeared under a bench top etc...

2 weeks later - $9000.00 worth of Camera gear purchased online... :eek:

Card issuer rang me straight away...

Question I asked was - "What about the CVV and Expiry dates?"

They aren't needed to process transactions I was told :mad:

Signed a declaration and all funds were back within 48 hours...

A friend of mine was recently in the USA. He received his new credit card just before going to the USA. He had NEVER used the card to make a transaction either on line, by phone or in person. None.
He didn't use the card in the USA either as he had another one which he used. This new card stayed in his wallet the ENTIRE time.

While he was there some mysterious charges appeared on his account from US merchants he'd never heard of and impossible to identify from the transaction detail.

As far as I can see in this case the ONLY way for crooks to have obtained his car details is via a proximity reader which would be pretty easy to do really just need to brush it past someone's jeans wallet pocket to gather whatever is there !

I personally think its an example of convenience at the expense of security and I hate the idea.

Care to share how to "disable" an RFID without destroying it?

There's this way but its destructive
RFID Credit Card Hacking: How to disable the RFID chip on your card and protect your information - YouTube

This is good for a laugh -
http://forum.prisonplanet.com/index.php'topic=87255.0
paranoid fellas telling you how to disable the embedded chips in your body that the government puts there....

[QUOTE=VladTepes;1603565]A friend of mine was recently in the USA. He received his new credit card just before going to the USA. He had NEVER used the card to make a transaction either on line, by phone or in person. None.
He didn't use the card in the USA either as he had another one which he used. This new card stayed in his wallet the ENTIRE time.

While he was there some mysterious charges appeared on his account from US merchants he'd never heard of and impossible to identify from the transaction detail.

As far as I can see in this case the ONLY way for crooks to have obtained his car details is via a proximity reader which would be pretty easy to do really just need to brush it past someone's jeans wallet pocket to gather whatever is there !

I personally think its an example of convenience at the expense of security and I hate the idea.

Care to share how to "disable" an RFID without destroying it?

QUOTE]



The only real way to disable RFID is to "destroy" it.

The best method I have seen is to hold your card up to a bright light, and you will see the antenna embedded inside the card, between the layers of plastic.

Mark 2 spots with a fine tip marker, and then with a very sharp knife like a scalpel, cut thru the first layer of plastic & the antenna wire. This will mean the chip cant receive and will stop it being read.


The thing with RFID chips, is that they are passive, requiring no power of thier own. The reader is powered, and "agitates", for want of a better word, the chip, therefore passing on its info. We have readers installed at gates for large trucking companies, and the cards attached to the windscreen. As the truck approaches, the gates open allowing the truck to pass thru.

These things have a range of up to 25m, or thereabouts...

Just for interest's sake, here is a story run by Inside Edition in the US on just how easy it is to swipe your card details...


News - INSIDE EDITION Investigates Electronic Pickpocketing - InsideEdition.com (http://insideedition.com/news/5844/inside-edition-investigates-electronic-pickpocketing.aspx)

I have a Visa card and an Amex (for frequent flyer points) attached to the same account. The Visa has Paywave the Amex doesn't. If I swipe the Amex at a retailer that uses Paywave it doesn't even ask for a PIN, just 'transaction approved', just like that. Amounts to the same thing. Wouldn't mind except it can be very hard to get money back from a bank for fraudulent transactions.

Care to share how to "disable" an RFID without destroying it?



A few seconds in the microwave should do it. ;) not sure if the rest of the card would survive though... :)

I have a Visa card and an Amex (for frequent flyer points) attached to the same account. The Visa has Paywave the Amex doesn't. If I swipe the Amex at a retailer that uses Paywave it doesn't even ask for a PIN, just 'transaction approved', just like that. Amounts to the same thing. Wouldn't mind except it can be very hard to get money back from a bank for fraudulent transactions.

You dont need paywave for that function...

A lot of places have a "pin free" limit... Just swipe the card and its approved.

Maccas for example is up to $40.00