NAB issues contactless cards

NAB issues contactless cards

Summary: After announcing the roll-out of 2500 contactless card readers to merchants in Sydney and Melbourne, National Australia Bank will now be issuing cards capable of contactless payments.

TOPICS: Banking, Hardware

After announcing the roll-out of 2500 contactless card readers to merchants in Sydney and Melbourne, National Australia Bank will now be issuing cards capable of contactless payments.

A contactless reader

One of the new readers
(Credit: NAB)

At first, only the bank's low rate Visa card will be issued with the contactless Visa payWave technology, but other card products will also start to be issued with it throughout next year. A spokesperson for NAB would not say how many cards it intends to issue in the immediate term. They said that users could request the new cards, but that certain customers would receive them without a request.

The contactless payments allow customers to just hold their cards near a reader to pay for purchases less than $100, without entering a PIN or signing.

"Contactless technology can significantly reduce transaction times, helping to speed up customer service and shorten those Christmas queues during the festive season," NAB Personal Banking's general manager cards and personal loans John Busselmaier said in a statement. "Studies have shown transactions can be up to three times faster with contactless technology than cash, which gives some valuable time back to our customers during this hectic end-of-year period."

The Commonwealth Bank has also been rolling out contactless terminals. It intends to have 2000 by the end of the year. It is, however, much further in its contactless card roll-out, based on MasterCard instead of Visa technology. It has issued over three million cards.

Topics: Banking, Hardware

Suzanne Tindal

About Suzanne Tindal

Suzanne Tindal cut her teeth at as the site's telecommunications reporter, a role that saw her break some of the biggest stories associated with the National Broadband Network process. She then turned her attention to all matters in government and corporate ICT circles. Now she's taking on the whole gamut as news editor for the site.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • And so the era of petty card theft begins

    If this thing can be used for purchases up to $100 with no authentication, what's to stop me mugging some old granny for her card and going through a few dozen <$100 transactions to empty it out? BAD MOVE NAB.

    Also, I don't like this RFID business. Very soon we'll see "skimmers" set up, say at railway stations where crooks could set up a hidden reader that skims people's cards as they walk past the entry point.

    This contactless no-PIN crap is opening the door to a massive wave of scams and skimming. This obviously hasn't been thought through very well, and I hope that banks retain the option to refuse this technology. Otherwise - I'm going back to dealing purely in cash, because there's no bloody way I'll ever be carrying one of these cards around on me.
  • More information needed

    I agree with Mystikan that the opportunity for unauthorised card reading exists with this technology. Users have no indication when their card is read or by whom.

    Transactions must require a physical authorisation by the user. Whilst some may claim this isn't dissimilar to vehicle eTags, eTags have the advantage (in most cases) of fixed transaction points which subsequent photo verification (if challenged).
  • Contactless technology is safe

    Mystikan - I suggest you research the technology your commenting on prior to making a foolish comment.
  • Ad hominem

    If my comment is foolish perhaps you could enlighten everyone as to what aspects of the technology minimise the dangers I discussed.

    Or is anything beyond a simple ad-hominem attack too much for you to manage?
  • More security, not less

    Well for one thing there is nothing stopping a person mugging the old granny to take her cash, which once taken could not be refunded by the bank or traced.

    From an article on americanbanker

    "The Smart Card Alliance says payment industry execs should consider contactless chip cards along with dynamic cryptograms as a fraud fighting tool over end-to-end data encryption, partly because contactless' underlying technology removes opportunities for fraudsters to nab data.

    Vanderhoof says contactless chip cards are effective because they create unique transactions which can't be cloned by crooks. The dynamic cryptogram feature creates what is essentially a one-time password sent with each transaction that can only be created by that card.

    "What contactless payments do for security is eliminate the problem end-to-end encryption is trying to solve, which is the static bank card data that's vulnerable to theft and the creation of clone cards."
  • Thank you

    Ok, fair enough, the cards can't be copied. But that's not what I'm talking about.

    When I buy something with a contactless card, the checkout chick rings up my purchases, I wave my card at her, and a reader hidden in the desk detects my card and deducts the right amount of money, right?

    So - what's to prevent someone from setting up a similar reader at say the entry point to a railway station, or in a bus stop shelter, that whenever a readable card comes within scanning distance, skims off a few dollars?

    The point I'm making is that ANY ability to conduct a transaction without some form of independent (of the card) user authentication (such as entering a PIN, fingerprint, retina scan etc) creates this kind of opportunity. No matter how secure and encrypted the system is, if you cut the user out of the authentication loop, you allow crooks to skim cards by a variety of ways.

    If I mug a granny and steal her card, it's currently useless to me because I don't have the PIN. If she has a contactless card, I can now steal it and use it no problem at any EFTPOS terminal, because no authentication is required.

    With the current system, a user has to deliberately swipe a card through a slot to initiate a transaction. With contactless, a reader can scan a card even if it's still in the owner's pocket, if he passes close to say a wall where a reader is hidden, without him even realising it.

    Do you see the point I'm making here? It's not that the cards can't be copied, it's that a transaction can be processed *secretly* *without the card being swiped* and *WITHOUT AUTHENTICATION* that concerns me here. No amount of encryption or security is going to overcome the inherent flaws of such a system.
  • One more thing

    I would like to add that I have no problem with having a contactless card in itself, as long as you're still required to enter a PIN or otherwise authenticate yourself as the rightful card holder, to complete a transaction.

    If that is granted, even the fact that the card can be scanned while still in your pocket becomes a moot point as without that deliberate act of authentication on the part of the user, the transaction cannot be processed.
  • off switch?

    Perhaps the card could have some sort of on/off switch? So skimming could be averted.
  • Unsafe for sure

    Contact chip cards are not that safe to start with (Google Serge Humpich and see how much credit card companies care about security).

    Why can't contact chip cards use that "dynamic cryptogram" tool?

    How allowing (remote) access to my card without my knowledge can be safer than not would have to be explained to me in much detail. After all, it is not like hacking is a sci-fi fantasy.

    If on top of that, transactions don't have to be authorised or signed off, someone must have lost their common sense somewhere.

    What does "Display all details" mean?
  • contactless security

    I must disagree with the comment stating that the contactless card can not be cloned due to encryption as it has been proved with the correct software protocol the card can be decrypted and skimmed in the postal service whilst inside the envelope and with the name and address details on the front of the envelope the card can be cloned. The card may be inactive however the fraudsters just waits a week or so for the card to become active and can start to spend on the card.This can and will be done in the future unless the relevant security is put in place whilst in the postal service to the Card holder.