To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://www.silicon.com/financialservices/0,3800010322,39160043,00.htm

RFID credit card 'not a skimming risk'
Just don't carry more than one contactless card in your wallet...

By Steven Deare

Published: Monday 03 July 2006

MasterCard has dismissed criticism its RFID-based PayPass credit card may be susceptible to skimming and interference amid retailer trials of the technology.

Around 35,000 Commonwealth Bank customers in Australia are currently trialling the cards with selected retail outlets such as 7-Eleven. A scanned PayPass card can make a "contactless" transaction to the value of AU$35 (£14), meaning a signature or identification number is not required.

The speed of PayPass transactions has seen it already widely used in Asia and the US, with seven million cards/devices deployed. In the US, PayPass is accepted by grocery stores, parking stations, pharmacists, retailers, theatres, petrol stations and fast food restaurants.

However, the company is still fighting concerns over the security of the technology.

MasterCard consultant Robert White told a smartcard conference in Sydney this week: "There's been some talk in the market of accidental payment and reading cards in your pocket, and these are perceptions.

"In actual fact, the security is in the application. We don't rely on channel security, we don't rely on protocol security to secure a payment that's in the application."

One conference attendee claimed digital interference could present challenges for the PayPass card if it was carried with other cards.

However the PayPass cards use an anti-collision technology which can detect other signals, according to White.

He said: "If you've got multiple cards in your wallet, or even worse multiple technologies, then when you put it up to the reader, the reader can actually support many different types of contactless payments. So what would happen is you could actually wake up more than one card.

"So at this point the reader basically doesn't know what to do, it can see two cards for instance. However what we actually do is, on the reader, we know there's more than one card. So unfortunately as MasterCard I can't make a payment decision for you. I can't just select your MasterCard. So what I have to do is I have to go back to you, the cardholder, and ask you what would you like to do...

"It does mean if you have multiple contactless cards in your wallet, you would have to select a card to use."

There were no security concerns from participating retailer 7-Eleven though.

Channel development manager of the convenience chain, David Anstee, said he had not fielded any complaints from franchisees so far in the trial.

Anstee said: "One of the nice things about that is we didn't have to do very much. We didn't have to alter our systems, we didn't have to buy new hardware or do any of that kind of stuff... So we don't want to have to deploy a heap of hardware, we don't have to train a heap of people, we don't want to have to alter our backend systems significantly."

While happy with the trial, he did hope transaction speed could be improved.

He said: "We would like to see something that improves transaction speed. It's particularly important for 7-Eleven... we're focused very closely on queue times and that type of thing. So we want it to be fast, reliable, and certainly not more expensive than the payment methods we're getting at the moment.

"So it's important for us that it's convenient and easy to use and that it's a widely accepted thing."

Steven Deare writes for ZDNet Australia