The Commonwealth Bank of Australia (CBA), which plans to roll out 15,000 contactless payment terminals this year, has denied the necessity of shielded wallets designed to protect card holders from identity theft.
According to the CBA, standard triple DES encryption featured in MasterCard PayPass and Visa payWave cards provides sufficient protection from theft. To successfully complete a fraudulent transaction, a thief would not only have to get his hands on a reader, but also have access to the bank’s encryption software.
The National Bank of Australia is also anti-shielded wallet, stating that since the encrypted chips in cards are activated only in close proximity of an authorized payment terminal, the added protection of a wallet is superfluous.
Because each transaction is uniquely encrypted, banks are claiming the cards are even invulnerable to “relay attacks,” a scam that involves placing a fake reader next to a real card and a real reader next to a fake card. This way, the real reader is tricked into reacting to the real card. Still, even if the thief gets this far, the data is still encrypted with a secret key only available to the bank.
Read more here.