Do “Tap n Go” bank cards make you more susceptible to fraud?
Do you need to get a “radio frequency ID” (RFID) blocking wallet or handbag to stop criminals from stealing your bank card details by using “radio waves” while standing next to you?
There are many scary videos on YouTube showing a man stealing someone’s credit card details by getting close to them in a shopping centre.
These videos are staged, says consumer journalist Wendy Knowler.
You needn’t fear – handsfree pickpocketing is a myth and RFID wallet makers have yet to produce evidence of a single RFID crime.
Holding a point-of-sale device near a bank card only produces a card number and expiry date.
The CVV and PIN stay hidden.
South African banks have used RFID credit and debit cards for some time. You can identify them by the Wi-Fi-type symbol on them.
Consumers in South Africa cannot insist on using PIN-enabled cards only.
The South African Banking Risk Information Centre (Sabric) says that contactless payment cards are as secure as traditional cards and that it hasn’t received any reported crime incidents where “tap and go” cards have been exploited.
You can only “tap” a pre-determined number of low-value transactions on any specific day, after which you need to enter a PIN to complete the transaction.
The limit imposed by the Payments Association of South Africa is R500 per “tap”, meaning the financial reward associated with “tap” transactions is low.
A case study:
A thief stole Veronica McGregor’s (she’s from Durban) handbag with her card from her boot and tapped away to the tune of R5800.
The criminal bought alcohol at a series of bottle stores - all part of the same supermarket chain.
At a limit of R500 per tap, that’s about 12 purchases and a lot of driving around to different bottle stores.
I was not even aware that my card had that tap functionality.
Standard Bank investigated and offered her a refund of 50% of her R5800 loss.
The bank gave her five days before they would withdraw the offer.
Unsurprisingly, she didn’t think that was fair.
Knowler took up the case with Standard Bank, arguing that the fraud would not have taken place had a PIN been requested.
It is fair to say, according to Knowler, that the functionality – which she didn’t request, consent to or ever use herself - was the direct cause of her losses.
How then did Standard Bank justify an offer of 50% as opposed to the full amount of her losses, Knowler asked.
Standard Bank’s response:
We have assessed this matter carefully and found that the decision that was made to offer Ms McGregor 50% only was not made taking into account all the facts. We should have offered a 100% refund as the transactions were performed offline without the use of a PIN using Tap and Go. We apologise for the inconvenience and obvious distress that this matter has caused. Ms McGregor will be refunded in full.
All our credit cards are issued with the contactless capability and this has been very well received by customers and merchants due to the increased convenience and security associated with cards not leaving customer’s hands anymore. Adoption rates have ramped up significantly during 2019 with merchants driving adoption by not taking customer’s cards anymore to complete transactions. In more mature markets like Australia, more than 90% of transactions have migrated to contactless and they have experienced a very significant reduction in counterfeit card fraud. Our cards have a variety of security parameters embedded on the chip like cryptograms which protects customers against fraudsters.
For more detail, listen to the Knowler in the audio below.