Tech

Tap and Go Fraud – A problem? Or an Excuse to sell scam protecting wallets?

It’s a pretty common topic of conversation now and then – the security or lack thereof around our money when tap and go makes things so easy.  Can a scammer “skim” my back pocket?

Which is why this video took my interest.

Here’s a video, posted on twitter by a bloke with under 200 followers, which was then retweeted almost 800 times in less than twelve hours.  That’s going viral if you ever wanted an example.

The reason people share it, the reason it’s compelling is because it plays on your very simple fear that someone else will steal your money.

So here’s the drum. It’s not that simple.

Can a “skimming device” read my tap and go enabled bank cards?

Yes. You can get a device on eBay that when connected to a computer will read data from a tap and go card.

What information will that skimming device obtain?

At best your name.  But more likely some sort of number – not your card number, it’s what’s called a token.  Problem for the scammer story is that token is utterly useless in the hands of thieves.

Back in the day, maybe two or three years ago, and a bit today still – the scam was to “skim” your credit card.  This was a process of reading the magnetic stripe on your phone, copying it, and then creating duplicate cards for use in online shopping or other transactions.

You can’t make a new card with the data that is “skimmed” from a credit card.  Even if it shares the card number, it is at worst used to create a card with that number, but lacking a CVV it’s going to be of little use anywhere.

How close would the scammer need to be to skim a tap and go card?

Touching you.  Or at least a couple of centimeters. There are demonstrations of longer range, but these are expensive and touch and go technologies.

Is there a risk of being “skimmed” directly for money?

Like in the video?  Nope.  That terminal used in the video is linked to a merchant account, which is with a bank, which set it up with an authorised account holder.

If you’ve got such a terminal and walk around tapping people’s bums, your bank will know, and you’re looking at jailtime for Fraud at the very least.

Have there been reports of widespread tap and go “skimming”.

Nope.  I can’t think of one.  Worry all you like, but crims just aren’t doing this, they either cant’ work out how to make the information they get valuable, or they can’t work out how to do it full stop.

Is tap and go more risky than the old swipe cards?

Absolutely not. A swipe card can be copied with ease and duplicated. Plus they can be used for large transactions.  Even if someone did somehow duplicate your card, they are limited to $100 per transaction so it’s a slow road to a big payday.

This is essentially why the banks pushed so hard for tap and go.  The risk they absorb from any tap and go crime/fraud is much much lower than with swipe cards, so it’s in their interests for us to use it.  Less crime means less staff to monitor and keep on top of crime.

So there is some tap and go fraud going on?

Yep.  When people steal your wallet, and use your card to pay for things up to $100.  And then again, and again until the bank or you step in.  That’s how crims are using this to their advantage, not by tapping your bum with an EFTPOS machine.

Is my wallet likely to be “skimmable”?

Almost certainly not.  Because most people have more than one card with RFID built in.  Ever tried tapping just your wallet on the payment terminal at the servo?  Doesn’t work does it?  Because there’s multiple cards – that’s why your other cards themsevels are the protection?

Do I need an RFID Skim protecting card in my wallet?

Nope.  I’m not saying they are a scam – they will legitimately block any RFID reader from scanning the cards in your wallet.

What I’m saying is, it’s not happening, so you’re protecting from a crime that simply is not being committed.

So what do you recommend?

Use a mobile wallet.  ApplePay, SamsungPay, GooglePay.  These mobile based wallets are entirely secure because they send out a unique token per transaction, unhackable.

If you can’t do that, just keep doing what you’re doing and enjoy the utter and total convenience of Tap and Go.  As always, keep an eye on your bank account, if you notice unusual activity report it to your bank.

Most likely it’s from some online shopping you did, not from some weirdo tapping your bum with a machine to scam you.  There’s a reason tap and go adoption and usage in Australia is ahead of the rest of the world – we’re smart cookies.  In the US they are still using signatures – we stopped that crazy practice years ago.

Bottom line – use Tap and Go, it’s great.

Trev is a Technology Commentator, Dad, Speaker and Rev Head.

He produces and hosts two popular podcasts, EFTM and Two Blokes Talking Tech. He also appears on over 50 radio stations across Australia weekly, and is the resident Tech Expert on Channel 9’s Today Show each day and appears regularly on A Current Affair.

Father of three, he is often found down in his Man Cave.

Like this post? Buy Trev a drink!

Tap and Go Fraud – A problem? Or an Excuse to sell scam protecting wallets?
3 Comments

3 Comments

  1. Capt Obvious

    July 27, 2018 at 11:19 am

    It would seem Trevor is ignorant of what actually happens in the real world and how easy this is to do.
    I have seen loads of complaints about cards being charged for stuff the owner did not buy, and these of course are just the people who noticed.
    Trevor is claiming that criminals cannot get a setup to do this, which is simply wrong, I could do it and I am not a criminal.
    A criminal can go and setup a paypal account using a false identity (something criminals have been doing for a long time) then purchase a paypal card reader, and your done. You can now scan people’s cards.

    The other major issue is that anyone can go on a spending spree with your card as long as they stay under £30
    If you have kids, they can also borrow your card without your knowledge, buy stuff, and put it back.

    • Trevor Long

      August 1, 2018 at 9:17 am

      You’ve clearly never setup a PayPal merchant account. And you clearly can’t read.

      My recommendation is to use a MOBILE WALLET – like Apple Pay – kids can’t take that From you.

      Take a chill pill

      • woss

        November 3, 2018 at 11:55 am

        i cant see the problem punching in a pin number

Leave a Reply

Your email address will not be published. Required fields are marked *

To Top