Skip to content Skip to main navigation

Business

Australia's tier 4 data centre. Micron21 mission critical hosting services.

Is NAB Visa pay wave secure?

By xcskier - 23 October 2012 23

Last week, my NAB visa debit and credit cards were stolen. The thief used the debit card at Woolies in Dickson using the pay wave facility and then proceeded to Hungry Jacks for a nice meal afterwards.

I’ve never used the pay wave facility on the cards, but I have now learned the hard way how easy it is for a thief to quickly drawn down your funds. My particular thief used the paywave facility 4 times, with 2 transactions close to the NAB paywave limit of $100 each, within one hour. According to NAB, even though there is a per pay wave transaction limit of $100, a person can use the facility up to their total daily withdrawal limit (in my case $1000).

When I asked NAB if I could opt out of pay wave they said it was now a standard feature of the cards they issue. I’m not sure if the other banks offer this facility, but I don’t like it. It might be convenient and fast, but the lack of security is troubling.

Has anyone else had a similar experience ?

What’s Your opinion?


Post a comment
Please login to post your comments, or connect with
23 Responses to
Is NAB Visa pay wave secure?
bd84 8:18 pm 23 Oct 12

The bank bears the risk with the paywave payments, therefore as long as you go through the correct process to report the cards stolen, you shouldn’t have a problem.

Deref 6:54 pm 23 Oct 12

I got severely finger-wagged here when I suggested the same thing a couple of months back. I was reminded in no uncertain terms how the banks would never do anything that might risk the security of our private information or our money. I was grateful to be corrected. Stop being the ungrateful panic merchant that I was – embrace the technology and remember that they have nothing but our best interests at heart.

c_c™ 6:38 pm 23 Oct 12

You should know where your card is at all times. If you don’t, cancel or suspend the card ASAP.
Any fraudulent transactions should be covered by the bank if you follow correct process.

Paywave is safer than cash or cheque.

Paywave is not the only way to use a credit card without a pin or signature.
For over a year now, many retailers including Woolies and Maccas have allowed swiped/chip cards to process transactions below a certain amount without a pin or signature. At Woolies, it was below $75.

arescarti42 6:13 pm 23 Oct 12

Phenomenally insecure. Someone could literally be stealing your credit card details whilst you’re standing next to them in line. I personally don’t care because my bank foots the bill so long as I’ve taken reasonable care not to divulge information, and I love the convenience.

Henry82 said :

dominic_mhd said :

If you want to disable the chip I believe a hammer in the right spot will work.

‘If i try and swipe my card that has the chip. The pad always tells me to use the chip and enter the card

In my experience, if the card reader returns an error, It’ll prompt you to swipe it with the magnetic stripe. So you could smash the chip, but it’d be inconvenient.

Don’t most credit cards not require a pin for purchases under a certain amount irrespective of whether you swipe/insert/paypass it? If security is your concern then I suspect bank card/eftpos card with a pin might just be your best bet.

DUB 1:08 pm 23 Oct 12

I too dislike the idea of transactions under $100 being easily done simply by using PayWave ( I am with NAB as well).
Unfortunately, no bank will issue any Visa|Mastercard debit/credit cards without RFID chip.The least they can do is allow for their customers to be able to set their own limit, before entering PIN is required (say $30-40).

xcskier, I hope that they catch the asshole who stole your cards.They should have CCTV footage.

Henry82 1:06 pm 23 Oct 12

dominic_mhd said :

If you want to disable the chip I believe a hammer in the right spot will work.

‘If i try and swipe my card that has the chip. The pad always tells me to use the chip and enter the card

RandomPoster 12:54 pm 23 Oct 12
jazzamac 12:32 pm 23 Oct 12

Grail said :

I love how the NAB issues their Visa Paywave cards then says, “to protect yourself from unauthorised transactions, press CR when making a payment.”.

Ok… It’s in here some where
http://www.nab.com.au/wps/wcm/connect/nab/nab/home/personal_finance/4/6/3

xcskier 12:23 pm 23 Oct 12

JonahBologna said :

Credit cards have RFID (Radio Frequency Identification) chips implanted in them. These chips are completely INSECURE. People should only be able to read them within 30cm, but with a non-standard reader (higher voltage and better antenna) they can be read across the street. The Mythbusters wanted to show people how insecure they are but were shut down by the credit card companies:
http://www.engadget.com/2008/09/02/mythbusters-rfid-hacking-episode-canned-by-credit-card-company-l

RFID chips are becoming incredibly cheap and found in a lot of places:
MyWay cards (basically the same technology as credit cards)
Passports (only contains a unique code, no plain text identifiers or information)
consumer products (for inventory and tracking)
pets (same technology can be used to identify lost dogs)

The credit card companies have done the sums and they realise that making it incredibly easy to pay with the card (instead of cash) is more profitable than any losses from fraud. I don’t like having the liability, but the choice was made for me.

You can disable the RFID chip on your credit card. There is no consensus, but it seems like a hammer is the best way (but you need to know where in the card it is). Try an internet search for “disable credit card RFID”.

Thanks for that – I might look into it.

xcskier 12:19 pm 23 Oct 12

jazzamac said :

You’ll find most banks either offer PayWave (Visa) or PayPass (MasterCard)

http://www.commbank.com.au/personal/credit-cards/making-payments/paypass/
http://www.anz.com/contactless/
http://info.westpac.com.au/contactless/
http://ingdirect.com.au/everyday/Contactless.htm
http://www.mebank.com.au/personal/transaction_accounts/paypass.html

List goes on…

Will the NAB reinburse your stolen funds?

I don’t have a problem with it. I love it. Quick and easy.

The stolen transactions are subject to dispute proceedings. NAB told me I must wait several weeks for a refund and that I have to pay interest on the transactions in the meantime.

jazzamac 12:02 pm 23 Oct 12

Grail said :

I love how the NAB issues their Visa Paywave cards then says, “to protect yourself from unauthorised transactions, press CR when making a payment.”

Where does it say that?

They do say use credit because it will use the Visa network, which entitles you to things like Purchase Protection Insurance (Bottom of http://www.nab.com.au/wps/wcm/connect/nab/nab/home/Personal_Finance/5/22/).

Pressing Credit is the same thing as using contactless anyway. Both use the Visa/Mastercard network, and not EFTPOS.

JonahBologna 11:54 am 23 Oct 12

Credit cards have RFID (Radio Frequency Identification) chips implanted in them. These chips are completely INSECURE. People should only be able to read them within 30cm, but with a non-standard reader (higher voltage and better antenna) they can be read across the street. The Mythbusters wanted to show people how insecure they are but were shut down by the credit card companies:
http://www.engadget.com/2008/09/02/mythbusters-rfid-hacking-episode-canned-by-credit-card-company-l

RFID chips are becoming incredibly cheap and found in a lot of places:
MyWay cards (basically the same technology as credit cards)
Passports (only contains a unique code, no plain text identifiers or information)
consumer products (for inventory and tracking)
pets (same technology can be used to identify lost dogs)

The credit card companies have done the sums and they realise that making it incredibly easy to pay with the card (instead of cash) is more profitable than any losses from fraud. I don’t like having the liability, but the choice was made for me.

You can disable the RFID chip on your credit card. There is no consensus, but it seems like a hammer is the best way (but you need to know where in the card it is). Try an internet search for “disable credit card RFID”.

dominic_mhd 11:44 am 23 Oct 12

I think the banks consider the convenience of spending worth the risk of a stolen card, you should be able to retrieve your money easily from them. They have insurance to be able to wear a certain amount of losses.

If you want to disable the chip I believe a hammer in the right spot will work.

Grail 11:34 am 23 Oct 12

I love how the NAB issues their Visa Paywave cards then says, “to protect yourself from unauthorised transactions, press CR when making a payment.”

Paywave cards are not secure from an information security perspective. They are less safe than cash, since when your card gets stolen the thief has access to all your money, not just the cash you happened to have in your wallet at the time.

FWIW you can protect your Paywave card from snooping with a metal gift card tin like Bunnings used to use for their gift cards.

jazzamac 11:18 am 23 Oct 12

You’ll find most banks either offer PayWave (Visa) or PayPass (MasterCard)

http://www.commbank.com.au/personal/credit-cards/making-payments/paypass/
http://www.anz.com/contactless/
http://info.westpac.com.au/contactless/
http://ingdirect.com.au/everyday/Contactless.htm
http://www.mebank.com.au/personal/transaction_accounts/paypass.html

List goes on…

Will the NAB reinburse your stolen funds?

I don’t have a problem with it. I love it. Quick and easy.

Related Articles

CBR Tweets

Sign up to our newsletter

Top
Copyright © 2017 Riot ACT Holdings Pty Ltd. All rights reserved.
www.the-riotact.com | www.b2bmagazine.com.au | www.thisiscanberra.com

Search across the site