Bank Negara Malaysia (BNM) went on record today to debunk claims that contactless cards can be electronically “pick-pocketed.” Recent media postings have raised concerns with people over the security of their smart chip-enabled credit and debit cards.
The central bank said contactless cards are secure, and incorporate numerous safety features.
Since 2005, Malaysia has adopted Europay, MasterCard and Visa (EMV) chip card technology that prevents cloning of physical cards. It said that details such as card number and expiry date (that can be scanned) are inadequate for cards to be cloned. This includes both magnetic stripe cards and EMV chip cards.
BNM said that to date there are no reported cases of cloned EMV chip cards.
As mentioned, EMV cards employ several security measures that make them almost clone or counterfeit-proof.
Firstly, the EMV chip uses advanced cryptographic security that generates a dynamic code for each transaction. Typical card duplication methods as used on older magnetic stripe type cards cannot be used on EMV. This is because every transaction is unique, and once used, cannot be re-used. If a thief attempts to re-use the generated code, the transaction will simply be denied.
The central bank also reiterated that Malaysia has adopted a stronger authentication method for online card transactions. Purchasers need to enter a transaction authorization code (TAC), which is sent to their mobile phones or devices for verification.
Another level of security is the PIN. Without knowing your PIN at time of purchase at a merchant, the transaction will never go through.
Concerns over electronic pick-pocketing, however, doesn’t go unwarranted. Although EMV is almost impossible to clone, there are concerns that it isn’t impervious to what’s called RFID skimming. And thus you’ve probably seen those RFID-blocking wallets and sleeves being sold in the market. This can be attempted using specialised RFID scanners, or even a malicious app used together with an NFC-enabled Android device.
Experts, however, say it is highly unlikely for wireless thieves (using special RFID scanners) to steal information via this method. It would be far more efficient to try and access your data from your online purchases.
Another concern is the security of online shopping sites. BNM said that in the event of card details being misused at overseas merchant’s website, the merchant will have to bear the liability of the fraudulent transaction.
Do you have concerns with security of your debit or credit cards? Do you think your card data can be “snooped” by wireless thieves? Post your comments below.