'

MasterCard dispels RFID payment security fears

MasterCard has dismissed criticism its radio frequency identification-based (RFID) PayPass credit card may be susceptible to skimming and interference amid retailer trials of the technology. Around 35,000 Commonwealth Bank customers in New South Wales (NSW) are currently trialling the cards with selected retail outlets such as 7-Eleven.

MasterCard has dismissed criticism its radio frequency identification-based (RFID) PayPass credit card may be susceptible to skimming and interference amid retailer trials of the technology.

Around 35,000 Commonwealth Bank customers in New South Wales (NSW) are currently trialling the cards with selected retail outlets such as 7-Eleven. A scanned PayPass card can make a "contactless" transaction to the value of AU$35, meaning a signature or identification number is not required.

The speed of PayPass transactions has seen it already widely used in the US and Asia, with seven million cards/devices deployed. In the US, PayPass is accepted by grocery stores, parking stations, pharmacists, retailers, theatres, petrol stations and fast food restaurants.

However, the company is still fighting concerns over the security of the technology.

"There's been some talk in the market of accidental payment and reading cards in your pocket, and these are perceptions," MasterCard consultant Robert White told a smartcard conference in Sydney this week.

"In actual fact, the security is in the application. We don't rely on channel security, we don't rely on protocol security to secure a payment that's in the application."

One conference attendee claimed digital interference could present challenges for the PayPass card if it was carried with other cards.

However the PayPass cards use an anti-collision technology which can detect other signals, according to White.

"If you've got multiple cards in your wallet, or even worse multiple technologies, then when you put it up to the reader, the reader can actually support many different types of contactless payments. So what would happen is you could actually wake up more than one card.

"So at this point the reader basically doesn't know what to do, it can see two cards for instance. However what we actually do is, on the reader, we know there's more than one card. So unfortunately as MasterCard I can't make a payment decision for you. I can't just select your MasterCard. So what I have to do is I have to go back to you, the cardholder, and ask you what would you like to do...

"It does mean if you have multiple contactless cards in your wallet, you would have to select a card to use," said White.

There were no security concerns from participating retailer 7-Eleven though.

Channel development manager of the convenience chain, David Anstee, said he had not fielded any complaints from franchisees so far in the trial.

"One of the nice things about that is we didn't have to do very much. We didn't have to alter our systems, we didn't have to buy new hardware or do any of that kind of stuff ... So we don't want to have to deploy a heap of hardware, we don't have to train a heap of people, we don't want to have to alter our backend systems significantly," he said.

While happy with the trial, he did hope transaction speed could be improved.

"We would like to see something that improves transaction speed. It's particularly important for 7-Eleven ... we're focused very closely on queue times and that type of thing. So we want it to be fast, reliable, and certainly not more expensive than the payment methods we're getting at the moment.

"So it's important for us that it's convenient and easy to use and that it's a widely accepted thing."