Thursday, January 14, 2010

Contactless card breach

Finextra reports a contactless card breach in Queensland, Australia. Somehow cash from one card was transferred to another card held by a person with the same name as the holder of the first card. It's not clear how the transfer happened, although it is being blamed on staff failing to follow longstanding security procedures.

It may not seem like a big deal, but its important to know how the switch happened. It's unlikely that the switch was caused by the cards. I've never liked RFID enhanced cards, be they ID's or credit cards. But this time I'm fairly certain the card is not the culprit. It is most likely either human error - which seems to be the official line - or a computer error. I'm sure the hope is that human error really is to blame. Then the solution is training or replacement. If it's computer error, it might not be fixable until the next system upgrade - and that could be bad news. System upgrades might be years down the road. Meanwhile, your metaphorical tail is left swingin in the breeze.

As we see more of these stories, will we come to realize that we would have been wiser to slow down and make sure things work the way we think they will before becoming very dependent on them for our wellbeing?

1 comment:

  1. I agree, human error is the probably cause. That some of the cards have been recalled due to issues with the "inactive state" doesn't seem a plausible explanation for the switch to happen. You have to have a (compatible) reader for this to happen.

    ReplyDelete