Pittsburgh researchers may have developed a solution for consumers concerned about the security of contactless credit cards. According to Pittsburgh radio station WESA-FM, a team from the University of Pittsburgh's Swanson School of Engineering has implemented a physical contact "switch" into the standard EMV specification.
The switch blends into the design of a credit card, breaking the embedded RFID chip's circuit until a user presses both sides of a contact point. In the research team's example, positioning the switch directly underneath the hologram on a Visa or MasterCard offers users an easy way to remember where to squeeze their cards without calling attention to the security feature.
Researchers respond to credit card privacy concerns
Unlike magnetic stripes embedded on most credit cards, contacless EMV chips don't transmit full account details. Instead, waving a card at a "tap and go" payment terminal creates a one-time payment token. Merchants who connect their payment terminals directly to processing networks can transmit tokens and receive transaction authentication in real time. Without that live connection, merchants can only see the "floor limit" set by a bank, or the maximum amount a bank recommends processing under a queued verification.
Critics of contactless credit cards have expressed concern that sophisticated criminals could use long-range scanners to steal account information from patrons in line at airports, coffee shops, or retail stores. Proponents have countered with claims that such scanners are bulky, complex, and prohibitive for fraud rings accustomed to using small magnetic stripe skimmers.
Marketers and retailers have released wallets, handbags, and other accessories designed to block long-range RFID readers. Though the University of Pittsburgh solution renders such measures unnecessary, including the switch as an option for credit card users would require certification from an international standards body. Officials from Visa Inc. have announced a 2015 deadline for merchants to install contactless credit card terminals, in order to avoid absorbing fraud risk previously carried by issuing banks.