Fake Ticket Inspectors Could Take Much More Than £30 From Contactless Cards

Those who use contactless bank cards as a train ticket may wish to check for ID before making their card available to a “ticket inspector”.  A fraudster posing as a ticket inspector could steal card details and use them to buy goods worth a lot more than the £30 contactless limit.

How the Fraud Works

Contactless cards contain a Near-Field Communication Chip (NFC).  It is this chip that allows you to make a contactless payment in shops by tapping your card on the payment terminal – or even just waving your card over it.

An episode of Rip-Off Britain last year demonstrated how if you are in a crowded place someone may manage to get a device near enough to your purse or wallet to be able to read the 16-digit number and expiry date from the chip – but not the name or CVV number on the back of the card.

The card number & expiry date are all that is needed to add a card as a payment method to some websites such as Amazon, as they do not prompt for the CVV as part of their security.

When used online the £30 contactless payment limit no longer applies and fraudsters could potentially buy goods up to the spending limit on the card.

The programme is worth watching, as it shows this fraud in much more detail and also suggests ways to protect yourself.

Contactless Cards for Travel

One place people are getting used to giving strangers access to their contactless cards is on public transport. The yellow Oyster card readers that are familiar to anyone who uses London’s transport system use the same NFC chip to read contactless cards.

Since autumn 2014 passengers have been able to use their contactless card to travel on all forms of public transport within the London border.  In time this payment method is likely to extend to transport systems across the country.

Many people find this very convenient, so they do not have to carry both a bank card and an Oyster card.  Visitors to our country also welcome being able to use contactless instead of having to buy an Oyster card.

Fraudsters Posing as Ticket Inspectors

Anyone who uses public transport regularly is familiar with the sight of the ticket inspector making their way through the carriage to check passengers have paid for their journey.

Most people willingly place their contactless card on the reader without stopping to question whether they are dealing with a genuine staff member.

It has been known for well over a year that criminals can easily adapt card readers to read card details off the chip.  And you can pick up a card reader for under £80.

So, the “ticket inspector” could make their way down the carriage apparently checking tickets whilst in reality they are skimming details off all the contactless cards they encounter.  Passengers would not be any the wiser that their card had been compromised until those stolen details were later used to fraudulently purchase goods.

Protecting Yourself From This Crime

There is a simple step to protect yourself from this kind of fraud: Check the ticket inspector has ID before giving them access to your contactless card.

Anyone inspecting tickets on public transport is obliged by law to produce identification on request.   You would expect ID to have:

  • The name of the company they work for.
  • A photo from which they can clearly be identified.
  • A means of identifying which employee you are dealing with, i.e. either a unique employee ID or first name + last name.

If a “ticket inspector” refuses to show you ID – or tries to pass a uniform or name badge off as ID – then it is not a good idea to give them access to your contactless card, make any kind of payment or give them any personal data.

Instead call British Transport Police for assistance on 0800 40 50 40.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s