Michael Kyritsis - ACI - London 15 January, 2013, 00:22 0 likes

In the same way that there's no security on contactless transactions, there is no security on cash. If I leave my wallet lying around in order for someone to have a chance of taking one of my cards, I'm sure they would take any cash I have in my wallet too. There are limits on what can be spent - a per-transaction limit (in the UK it's £20) and also a limit on the number of consecutive contactless transactions the card will allow before it forces fall-forward (I think it's typically 5) but most consumers would never be forced to fall-forward because they use their cards for both contactless and contact- payments (which resets that counter).

A Finextra member 15 January, 2013, 08:53 0 likes

Hi Michael,

I agree with some of your comments, but shouldn't technology improve security rather than be as bad as a very old alternative?

Also, most customersdon't run up against the offline transaction limit, because they don't use contactless - the take up statistics prove this out.

The original blog is very true, there is a lot of hype around some very dubious technology much of which is poorly thought through from a security perspective. Take mobile banking and payments. How many organisations offering these facilities are actively pushing you to make  your mobile as secure as your PC?

Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune 16 January, 2013, 13:11 0 likes

If a leading bank like US BANK chooses to introduce such an NFC solution, maybe it suggests that there's a strong consumer demand for mobile payments that the bank is trying to capitalize upon instead of missing the bus by waiting for Apple to include NFC on the iPhone. I've myself highlighted the clear and present danger with NFC in this Finextra post, so there's no denying that US BANK's solution is not so secure. But, the real question here is, does the average John / Jane Doe care about security when they get convenience? This question is especially relevant in the USA where the following predominantly American practices suggest that convenience trumps security in this market: (a) There are payment methods such as ACH TEL which permit one person to pull out money from another person's bank account without any written mandate from the latter (b) Millions of people have shared their Internet Banking credentials with BillGuard, Mint and other financial services startups (c) Few, if any, ecommerce companies have implemented 2FA for online payments, fearing - rightly, if I might add - that the resultant friction might result in shopping cart abandonment and loss of revenues.