the Google Pay system or the NFC card reader at the checkout counter, it’s an active device. If it’s like your NFC-enabled bank card and just broadcasts limited information about your account, it’s a passive device.
The three major ingredients to this Rob crime scenario do exist: NFC cards, cheap NFC readers, and increasing NFC transmission distances.
The security world is full of threats that just don’t quite turn into reality. At first glance, NFC fraud is one of them. The internet is full of articles that describe it as the next big fraud vector. With this wave of criminality not arriving, The Register described reading the NFC card info as “easy and pointless.”
But then, strange things are happening. According to Financial Fraud Action UK, both fraud and spending with contactless cards increased in 2016. Almost £7 million was taken in 2016—up from £2.8 million the previous year—spending rose to £25.2 billion from £7.75 billion. A quick glance at the UK data shows that the fraud ratio is virtually unchanged—but that there is some improper activity going on.
There seems to be two main reasons why this contactless account crime wave has not yet materialized:
If either condition changes, a wave could start. Hackers could learn how to collect NFC payments from the bank as easily as they once got payments for premium text messages. Or, bankers might decide that a 20-Euro limit is way too restrictive and raise the limit to 150 Euros. When either of these changes happen, consider buying a RFID blocker or RFID blocking card holder case.