Security Flaws in PayWave Technology: When Convenience Doesn't Come Cheap

PayPass is being touted as the most convenient solution for consumer electronic transactions at the point of sale. Consumers benefit directly from a tap n' go feature which means they do not have to enter a PIN number for purchases under $100. The technology to allow the contactless card to work is based on RFID / NFC. The RFID part has to do with the contactless card capability, and the NFC allows the information obtained to be communicated directly by tapping a reader within a proximity of generally no more than 10cm. At present transactions less than $100 can be made without the requirement for authentication. This has meant that some consumers have been defrauded by hackers and fraudsters. A cheap reader unit off ebay could render someone's credentials readable if the card is not protected by some kind of sentinel jacket (in essence a Faraday cage/ aluminium foil wrapping). This can also happen with a more powerful antennae which can conduct passive surveillance, revealing card credentials of say people sipping coffee at Starbucks. In addition, credit card companies have estimated that their risk appetite can sustain the losses due to fraud. The use of a PayWave often means that consumers are seemingly trading off between convenience and security. What next? The very idea of a tap n' go card for shopping means that shoppers are unaware of how much they are spending relative to the amount of money in their bank card or credit card.