Here’s How Your “Wave & Pay” Cards Could Be Swiped Secretly

Pin It

Feb 11 2015
Linked In

With great power comes great responsibility – says Uncle Ben, Spider Man’s uncle. Today, the same quote is true to millions of credit and debit card holders. While many are still using conventional credit or debit cards which require manual swipe at counters, millions have taken the easy (and lazy) way out – the “Wave and Pay” credit cards such as VISA PayWave. Without realising it, with great convenience, “wave and pay” comes with great risks.


As far back as three years ago, it was made known that such “wave and pay” credit or debit cards could be stolen out of thin air. We’re talking about your supposedly private and confidential data stored in the cards, not the physical cards, mind you. You can secure such cards with multiple padlocks in your handbags, but the information still could be robbed by radiowave due to the contactless technology.


Industry experts have warned that the information emitted by the cards can be stolen by fraudsters using handheld receptors that cost as little as US$10 (£7; RM36) on the internet. Sure, it’s super convenient and was designed to reduce queues at stores’ checkout simply because you don’t have to put your signature or input your PIN, but merely “wave” it. But a fraudster could easily collect your data too via RFID skimming.

Wave and Pay - How Skimming Works

To steal your 16-digit credit card number, expiry date and name, what a badass fraudster needs to do is to just walk near to you (with the gadget inside his backpack) – whether you’re standing in line to pay, on an escalator, on the train, in a crowded spot or in the public toilet. In an experiment revealed by ABC7 team, credit cards information were “secretly swiped” using such device, just in a few seconds.


This is how it works – such “wave and pay” card sends data back to the device which capture the information before completing the transaction. This means it’s “wireless”, and since it’s wireless, it can read through clothing. But such gadgets works on cards with this wireless symbol or cards enabled with “Radio Frequency ID (RFID)” , “Near Field Communications (NFC)”, “Blink” or “Paypass” technology.

MasterCard PayPass - Skimming

In short, as long as a fraudster could get his gadget within 6 inches of your “wave and pay” card – BOOM – your data is stolen. But what about the secret 3-digit code at the back of your credit card, which is needed for purchases? MasterCard and VISA claim this code can’t be read by the device because, well, it’s printed on the credit card and not stored in the magnetic or chip in the card.


Guess what, thieves don’t have to worry about the 3-digit CVV code or other pieces of information, for that matter. The stolen 16-digit credit card numbers and expiration dates on a “dummy clone” card are sufficient to create damages at stores that don’t bother about the CVV codes. Some online merchants, such as Amazon, does not require such CVV codes. You can also use such cloned credit cards at petrol stations (*grin*).

NFC Reader Modules

Here’s the workaround to protect your “wave and pay” credit or debit card, if you don’t mind – wrap it in tin foil or keep in special foil-lined wallets. The good news is that most credit card issuers – MasterCard, VISA, banks – have policies that say you’re not liable for fraudulent transactions. Still, it could be troublesome and time consuming to get back your money which has been stolen from your debit card.


Other Articles That May Interest You …


Pin It

FinanceTwitter SignOff
If you enjoyed this post, what shall you do next? Consider:

Like FinanceTwitter Tweet FinanceTwitter Subscribe Newsletter   Leave Comment Share With Others


Add your comment now.

Leave a Reply


(required)(will not be published)