Skip to content Skip to main navigation

Is NAB Visa pay wave secure?

xcskier 23 October 2012 23

Last week, my NAB visa debit and credit cards were stolen. The thief used the debit card at Woolies in Dickson using the pay wave facility and then proceeded to Hungry Jacks for a nice meal afterwards.

I’ve never used the pay wave facility on the cards, but I have now learned the hard way how easy it is for a thief to quickly drawn down your funds. My particular thief used the paywave facility 4 times, with 2 transactions close to the NAB paywave limit of $100 each, within one hour. According to NAB, even though there is a per pay wave transaction limit of $100, a person can use the facility up to their total daily withdrawal limit (in my case $1000).

When I asked NAB if I could opt out of pay wave they said it was now a standard feature of the cards they issue. I’m not sure if the other banks offer this facility, but I don’t like it. It might be convenient and fast, but the lack of security is troubling.

Has anyone else had a similar experience ?


What's Your Opinion?


Please login to post your comments, or connect with
23 Responses to Is NAB Visa pay wave secure?
Filter
Order
JC 1:02 pm 25 Oct 12

davo101 said :

JC said :

Yes paywave allows people to make unauthorised transactions, however if your card is stolen then Visa will pick up the tab for any unauthorised transactions so YOU are protected.

From the NAB terms and conditions:

15.2 Your liability
You remain liable for any cash advance or purchase made by any other person before you notify NAB of the loss or theft up to a maximum of:
(a) in relation to all the uses of the card through an extra facility – the amount determined under
the terms and conditions for the extra facility (if any);

(b) in relation to all other uses of the card– a total amount of $150.

They are NABs standard conditions. Pay wave is slightly different in that Visa offers the guarantee so you should read their terms and conditions. In fact that is the major difference. Oh you will also find the low value transactions that don’t need a pin or signature are also part of pay wave and the MasterCard equivalent.

c_c™ 10:51 am 24 Oct 12

davo101 said :

c_c™ said :

For over a year now, many retailers including Woolies and Maccas have allowed swiped/chip cards to process transactions below a certain amount without a pin or signature. At Woolies, it was below $75.

Do you know if this is the same thing as the easy payment service? It seems to have only a $35 limit. I did laugh at the security provided:

Visa small ticket transactions are for low value purchases of $35 or less, which makes them an
unattractive target for fraud.

Seems to be, $35 is lower than I recall.

Then again Woolies did claim to disable certain functions on it’s card terminals, even put signs up saying so, but as anyone who continued to use those functions found, they hadn’t really.

Henry82 10:07 am 24 Oct 12

arescarti42 said :

Don’t most credit cards not require a pin for purchases under a certain amount irrespective of whether you swipe/insert/paypass it? If security is your concern then I suspect bank card/eftpos card with a pin might just be your best bet.

That’s true. It seems to be around $30-75 depending on the store/partnerships with visa.

I reckon others are right that the risk is ATM skimming. A low value bank account with only a few hundred, and the rest in another bank account that only allows transfers between linked accounts is your best bet.

davo101 9:13 am 24 Oct 12

c_c™ said :

For over a year now, many retailers including Woolies and Maccas have allowed swiped/chip cards to process transactions below a certain amount without a pin or signature. At Woolies, it was below $75.

Do you know if this is the same thing as the easy payment service? It seems to have only a $35 limit. I did laugh at the security provided:

Visa small ticket transactions are for low value purchases of $35 or less, which makes them an
unattractive target for fraud.

davo101 9:06 am 24 Oct 12

JC said :

Yes paywave allows people to make unauthorised transactions, however if your card is stolen then Visa will pick up the tab for any unauthorised transactions so YOU are protected.

From the NAB terms and conditions:

15.2 Your liability
You remain liable for any cash advance or purchase made by any other person before you notify NAB of the loss or theft up to a maximum of:
(a) in relation to all the uses of the card through an extra facility – the amount determined under
the terms and conditions for the extra facility (if any);

(b) in relation to all other uses of the card– a total amount of $150.

JC 6:39 am 24 Oct 12

Yes paywave allows people to make unauthrosied transactions, however if your card is stolen then Visa will pick up the tab for any unathorised transactions so YOU are protected.

So in ways it is better than having cash stolen because no will will cover the cash but Visa will cover transactions on a stolen card.

So really a good convienant product with enough safeguards to protect your money.

Mr Evil 9:01 pm 23 Oct 12

Deref said :

I got severely finger-wagged here when I suggested the same thing a couple of months back. I was reminded in no uncertain terms how the banks would never do anything that might risk the security of our private information or our money. I was grateful to be corrected. Stop being the ungrateful panic merchant that I was – embrace the technology and remember that they have nothing but our best interests at heart.

Oh shut up – you don’t know what you’re talking about! 🙂

kos 8:34 pm 23 Oct 12

How does the pay wave facility differ to the previous method of securing a credit card with a signature? It doesn’t, as long as you have the card, you can use it as the signature is surprise surprise on the back of the card. Pay wave on credit cards is just as secure as using a card with a swipe and signature. If someone has your card that doesn’t have a pay wave on it, they’ll have access to your signature and can swipe away.

A small metal shield around your card wont stop someone from stealing the information on your card, but thankfully in Australia it is mandated that the data is encrypted and it actually is. With a powerful enough radio you will get the data back from the card. But there is no point in doing this as its cheaper, easier and you get more cards by skimming them at the point of sale or in an ATM.

JonahBologna is on the right track, but there are no losses from fraud from the bank. They make money from consumer fraud, not only do the banks get the money back from the point of sale, they charge the merchant for the investigation and money recovery. Its brilliant.

bd84 8:18 pm 23 Oct 12

The bank bears the risk with the paywave payments, therefore as long as you go through the correct process to report the cards stolen, you shouldn’t have a problem.

Deref 6:54 pm 23 Oct 12

I got severely finger-wagged here when I suggested the same thing a couple of months back. I was reminded in no uncertain terms how the banks would never do anything that might risk the security of our private information or our money. I was grateful to be corrected. Stop being the ungrateful panic merchant that I was – embrace the technology and remember that they have nothing but our best interests at heart.

c_c™ 6:38 pm 23 Oct 12

You should know where your card is at all times. If you don’t, cancel or suspend the card ASAP.
Any fraudulent transactions should be covered by the bank if you follow correct process.

Paywave is safer than cash or cheque.

Paywave is not the only way to use a credit card without a pin or signature.
For over a year now, many retailers including Woolies and Maccas have allowed swiped/chip cards to process transactions below a certain amount without a pin or signature. At Woolies, it was below $75.

arescarti42 6:13 pm 23 Oct 12

Phenomenally insecure. Someone could literally be stealing your credit card details whilst you’re standing next to them in line. I personally don’t care because my bank foots the bill so long as I’ve taken reasonable care not to divulge information, and I love the convenience.

Henry82 said :

dominic_mhd said :

If you want to disable the chip I believe a hammer in the right spot will work.

‘If i try and swipe my card that has the chip. The pad always tells me to use the chip and enter the card

In my experience, if the card reader returns an error, It’ll prompt you to swipe it with the magnetic stripe. So you could smash the chip, but it’d be inconvenient.

Don’t most credit cards not require a pin for purchases under a certain amount irrespective of whether you swipe/insert/paypass it? If security is your concern then I suspect bank card/eftpos card with a pin might just be your best bet.

DUB 1:08 pm 23 Oct 12

I too dislike the idea of transactions under $100 being easily done simply by using PayWave ( I am with NAB as well).
Unfortunately, no bank will issue any Visa|Mastercard debit/credit cards without RFID chip.The least they can do is allow for their customers to be able to set their own limit, before entering PIN is required (say $30-40).

xcskier, I hope that they catch the asshole who stole your cards.They should have CCTV footage.

Henry82 1:06 pm 23 Oct 12

dominic_mhd said :

If you want to disable the chip I believe a hammer in the right spot will work.

‘If i try and swipe my card that has the chip. The pad always tells me to use the chip and enter the card

RandomPoster 12:54 pm 23 Oct 12
jazzamac 12:32 pm 23 Oct 12

Grail said :

I love how the NAB issues their Visa Paywave cards then says, “to protect yourself from unauthorised transactions, press CR when making a payment.”.

Ok… It’s in here some where
http://www.nab.com.au/wps/wcm/connect/nab/nab/home/personal_finance/4/6/3

xcskier 12:23 pm 23 Oct 12

JonahBologna said :

Credit cards have RFID (Radio Frequency Identification) chips implanted in them. These chips are completely INSECURE. People should only be able to read them within 30cm, but with a non-standard reader (higher voltage and better antenna) they can be read across the street. The Mythbusters wanted to show people how insecure they are but were shut down by the credit card companies:
http://www.engadget.com/2008/09/02/mythbusters-rfid-hacking-episode-canned-by-credit-card-company-l

RFID chips are becoming incredibly cheap and found in a lot of places:
MyWay cards (basically the same technology as credit cards)
Passports (only contains a unique code, no plain text identifiers or information)
consumer products (for inventory and tracking)
pets (same technology can be used to identify lost dogs)

The credit card companies have done the sums and they realise that making it incredibly easy to pay with the card (instead of cash) is more profitable than any losses from fraud. I don’t like having the liability, but the choice was made for me.

You can disable the RFID chip on your credit card. There is no consensus, but it seems like a hammer is the best way (but you need to know where in the card it is). Try an internet search for “disable credit card RFID”.

Thanks for that – I might look into it.

xcskier 12:19 pm 23 Oct 12

jazzamac said :

You’ll find most banks either offer PayWave (Visa) or PayPass (MasterCard)

http://www.commbank.com.au/personal/credit-cards/making-payments/paypass/
http://www.anz.com/contactless/
http://info.westpac.com.au/contactless/
http://ingdirect.com.au/everyday/Contactless.htm
http://www.mebank.com.au/personal/transaction_accounts/paypass.html

List goes on…

Will the NAB reinburse your stolen funds?

I don’t have a problem with it. I love it. Quick and easy.

The stolen transactions are subject to dispute proceedings. NAB told me I must wait several weeks for a refund and that I have to pay interest on the transactions in the meantime.

jazzamac 12:02 pm 23 Oct 12

Grail said :

I love how the NAB issues their Visa Paywave cards then says, “to protect yourself from unauthorised transactions, press CR when making a payment.”

Where does it say that?

They do say use credit because it will use the Visa network, which entitles you to things like Purchase Protection Insurance (Bottom of http://www.nab.com.au/wps/wcm/connect/nab/nab/home/Personal_Finance/5/22/).

Pressing Credit is the same thing as using contactless anyway. Both use the Visa/Mastercard network, and not EFTPOS.

JonahBologna 11:54 am 23 Oct 12

Credit cards have RFID (Radio Frequency Identification) chips implanted in them. These chips are completely INSECURE. People should only be able to read them within 30cm, but with a non-standard reader (higher voltage and better antenna) they can be read across the street. The Mythbusters wanted to show people how insecure they are but were shut down by the credit card companies:
http://www.engadget.com/2008/09/02/mythbusters-rfid-hacking-episode-canned-by-credit-card-company-l

RFID chips are becoming incredibly cheap and found in a lot of places:
MyWay cards (basically the same technology as credit cards)
Passports (only contains a unique code, no plain text identifiers or information)
consumer products (for inventory and tracking)
pets (same technology can be used to identify lost dogs)

The credit card companies have done the sums and they realise that making it incredibly easy to pay with the card (instead of cash) is more profitable than any losses from fraud. I don’t like having the liability, but the choice was made for me.

You can disable the RFID chip on your credit card. There is no consensus, but it seems like a hammer is the best way (but you need to know where in the card it is). Try an internet search for “disable credit card RFID”.

CBR Tweets

Sign up to our newsletter

Top
Copyright © 2019 Region Group Pty Ltd. All rights reserved.
the-riotact.com | aboutregional.com.au | b2bmagazine.com.au | thisiscanberra.com

Search across the site