---

@iv wrote:

---

@Anonymous wrote:

This has the NFC Contactless chip inside of it.  Essentially what Apple Pay and the other mobile wallet apps allow you to do, but it is embedded in the card, instead of having to link it to a phone. You can just tap your card on the NFC reader and it will accept it as payment

---

Yeah but.... Apple Pay requires fingerprint unlock - these just require.... proximity.

 

I really don't understand why anybody would think that's a good idea, sorry.

 

---

The card has to be within 1-2 inches of the terminal to actually work, so I don't really think it's all that big of a deal--especially since we don't have to sign for <$50 anyway. Unfortunately this sentiment does seem to be common enough that most issuers aren't bothering.

---

@Anonymous wrote:

---

@iv wrote:

---

@Anonymous wrote:

This has the NFC Contactless chip inside of it.  Essentially what Apple Pay and the other mobile wallet apps allow you to do, but it is embedded in the card, instead of having to link it to a phone. You can just tap your card on the NFC reader and it will accept it as payment

---

Yeah but.... Apple Pay requires fingerprint unlock - these just require.... proximity.

 

I really don't understand why anybody would think that's a good idea, sorry.

 

---

The card has to be within 1-2 inches of the terminal to actually work, so I don't really think it's all that big of a deal--especially since we don't have to sign for <$50 anyway. Unfortunately this sentiment does seem to be common enough that most issuers aren't bothering.

---

I agree, its just as easy to tap the card as it is to swipe it, so theres not difference in fraud there.  I never understood why people thought these things were so unsafe, its just as prone to fraud as a regular magnetic strip only card.  I can honestly say Ive never seen anyone going around with RFID readers trying to scann peoples back pockets before.  You have to be really close to these things for them to read.  I wish more issuers would get on board with it.  I dont like paying with my phone

---

@iv wrote:

---

---

Sure, a standard terminal has a 5cm range.  That's great for avoiding accidental taps of cards in the wallet of the guy behind you in line.

 

Not so great for avoiding purpose-built devices... which are fairly easy/cheap to build (it's just 13.56MHz NFC), and can work at a range of several feet.

 

I'll grant you that most of the sentiment opposing NFC cards is ill-informed (see the massive numbers of "NFC-blocking" wallets, most of which don't work well or at all).  But having cards that blindly transmit on interrogation is a terrible idea. Card tapping with MSD-over-NFC is the least-secure payment method available.

 

With NFC on smartphones, requiring user interaction (and not passing actual card numbers) makes it safer than swiping (and on-par with or better than dipping).

 

Now, if any US issuers have started shipping EMV-over-NFC cards... those are less of an issue than the more common (in the US) MSD-over-NFC.  At least with EMV-over-NFC, the only real attack option in a MitM repeater attack.  But all the cards I've previously seen in the US are MSD-over-NFC, and replay attacks were quite possible.

---

How often is that even happening? I'm going to bet not much because the cards are pretty rare anyway. It's also probably the case that whatever cards do exist use EMV contactless since it started disappearing from cards around the time EMV started being a thing. Again, probably nothing to worry about.

BTW, AmEx's contactless cards are EMV contactless--tapping them at Walgreens makes the chip's application identifier (AID) show up on the receipt. Ironically, Apple Pay with AmEx is not.

Another point to stress, wouldnt the card issuers still be held responsible for any fraud that came from any kind of NFC thieving?

---

@Anonymous wrote:

Another point to stress, wouldnt the card issuers still be held responsible for any fraud that came from any kind of NFC thieving?

---

This too. They even say so when talking about Apple Pay.