The Sufficiency of the “Contactless Cards” Security Features in Preventing Fraud-A Malaysian Study
DOI:
https://doi.org/10.61841/3c8m4c67Keywords:
Contactless cards, Perceived Risk, Relay Attacks, Cloning, Dark WebAbstract
Contactless Cards are a revolutionary innovation in transaction payments. Little is known; however, about what shapes end users' willingness and perception to use this method. The objective of this study is to compare the end-users and banks perception on the sufficiency of contactless cards. This research will use Fraud Diamond Theory, General Deterrence Theory and Technology Acceptance Model (TAM) to meet the objective of this study. This research aims to provide a more in-depth analysis; hence a mixed method has been used. The quantitative data was collected from 192 users via questionnaires in Malaysia to be able to evaluate the end user perspective of contactless cards. The results were then analyzed via the Statistical Package of the Social Sciences (SPSS). This were then used to gauge the perspective of banks using interviews to analyze key security mechanism for the most popular type of fraud including the relay attacks, electronic pickpocketing, theft and cloning through devices readily available on dark web. The findings of this research suggested that almost 80% of end users of contactless cards were unaware of the types of risks and security features of contactless cards. The interviews reflected that relay attacks are the most prominent risk and that the security measures in place were insufficient. Henceforth, this research recommends that banks need to have more effective awareness programs to educate the users of contactless cards of the risks and security features.
Downloads
References
1. Abdullahi, M., 2015. Concomitant Debacle of Fraud Incidences in the Nigeria Public Sector : Understanding
the power of fraud triangle theory. International journal of academic research , 5(5).
2. Abd, Z. E. & Abokabera, E., 2015. Evolution in bank cards security, cardholder verification and its impact on
fraud crimes. The International Arab Forensic Science and Forensic Medicine Conference .
3. Boden, R., 2016. NFO World Plus. [Online] Available
4. Campbell, K., 2018. Police warn WA businesses to reduce ‘tap-and-go’ technology. The West Australian.
5. Caney, R. et al., 2013. Mobile Pickpocketing: Exfiltration of Sensitive Data through NFC-enabled Mobile
Devices. Carnegie Mellon University.
6. Chiou & Shen, 2012. The antecedents of online financial service adoption: the impact of physical banking
services on internet banking acceptance. Behaviour and Information Technology, 31(9), pp. 859-871.
7. Cimpanu, C., 2016. New devices sold on darkweb can clone up to 15 contactless card per second. [Online]
Available at: https://news.softpedia.com/news/new-device-sold-on-the-dark-web-can-clone-up-to-15-
contactless-cards-per-second-505200.shtml
8. Courtois, N., Hulme, D. & Grejak, M., 2013. On Bad Randomness and Cloning of Contactless Payment and
Building Smart Cards. Security and Privacy Workshops.
9. Cristofaro, D., Freudiger, J. & Norcie, G., 2014. Two-Factor or not two factor? A comparative usability study
of two factor authentication. In NDSS Workshop on Usable Security.
10. Cristofaro, E. D., Du, H., Freudiger, J. & Norcie, G., 2014. A Comparative Usability Study of Two-Factor
Authentication. University of College London.
11. Daily Mail, 2018. Daily Mail. [Online]
Available at: https://www.dailymail.co.uk/news/article-5507769/Contactless-boom-fuels-51-surge-tapfraud.html
12. Deloitte, 2008. Contactless Payment Technology- Catching the new wave, United Kingdom: Deloitte Touch
Tohmatsu.
13. Dorfleitner, G., 2017. Fintech in Germany. Germany: Springer International Publishing.
14. Duke, C., 2012. An examination of the barriers Irish businesses face in the adoption of Near Field
Communication technology. Research Gate.
15. Eccles, L., 2016. The Daily Mail. [Online] Available at: https://www.thisismoney.co.uk/money/news/article-
3983972/Police-alert-electronic-pickpocketing-contactless-card-scammers.html
16. Emms, M., Arief, B., Little, N. & Moorsel, A. V., 2013. Risks of Offline Verify Pin on contactless cards.
Financial Cryptography and Data Security.
17. Erenhouse, R., 2018. Dispelling the Myths: The Reality about Contactless Security. Mastercard, 17 January.
18. Eyoboglu, K. & Sevim, U., 2017. Determinants of contactless credit cards acceptance in Turkey.
International Journal of Management Economics and Business, 13(2), pp. 331-346.
19. Fiedler, M., Keppler, T. & Öztüren, A., 2013. Contactless Payment, a RFID domain and its acceptance by its
cardholders. Cyprus International University, Faculty of Economics and Administrative.
20. Fiedler, M., Keppler, T. & Öztüren, A., 2014. Contactless Payment, a RFID domain and its acceptance by
cardholders. Cyprus International University, Faculty of Economics and Administrative.
21. Focus Malaysia, 2018. Mastercard: Contactless payment continue to grow. [Online]
Available at: http://www.focusmalaysia.my/Snippets/mastercard-contactless-payments-continue-to-grow
22. Francis T.Cullen, 2009. Taking stock : the status of criminology theory. UK: s.n.
23. Francis, L., Hancke, G., Mayes, K. & Markantonakis, K., 2005. Practical Relay Attack on Contactless
Transactions by using NFC mobile phones. Information Security Group, Smart Card Centre.
24. Garg, R. & Jain, S., 2015. Requirement Analysis on Paywave. International conference on advances in
computing and communication engineering.
25. Gautam, I. & Ignico, M., 2010. The Early Experience with Branchless Banking. CGAP Focus Note, Issue 46.
26. Gemelto, 2018. [Online] Available at: The benefits of EMV security with the added convenience of
contactless technology
27. Hamspire, C., 2016. A mixed methods empirical exploration of UK consumer perceptions of trust, risk and
usefulness of mobile payments. International Journal of Bank Marketing, 35(3).
28. Harper, A., 2014. Case study of the impact on businesses and society by mobile contactless card technology.
North central University Graduate Faculty of the School of Business and Technology Management.
29. Hermanson, W. &., 2004. The Fraud Diamond: Considering the Four Elements of Fraud. The CPA Journal.
30. Jannati, H., 2015. Analysis of relay,terrorist fraud and distance frauds attacks. International journal of critical
insfrastructure protection.
31. Juniper Research, 2017. Juniper Research. [Online] Available at:
https://www.juniperresearch.com/researchstore/fintech-payments/contactless-payments
32. Karoubi, B., Chenavaz, R. & Paraschiv, C., 2016. Consumer perceived risk and hold of use of payment
instruments. Journal of Applied Economics, 48(4), pp. 1317-1329.
33. Kelly, K., 2015. UK Fast. [Online] Available at: https://www.ukfast.co.uk/blog/2015/07/28/why-two-factorauthentication-is-more-important-than-ever/
34. Killer, C., Tsiaras, C. & Stiller, B., 2015. An Off-the-shelf Relay Attack in a Contactless Payment Solution.
University of Zürich, Communication Systems Group.
35. Kim, C., Tao, W., Shin, N. & Kim, K.-S., 2010. An Empirical Study of customers perceptions of security and
trust in e-payments system. Electronic Commerce Research and Applications.
36. Kranacheret, 2011. The Evolution of fraud theory. American Accounting Association Journal.
37. Krol, K. et al., 2016. An Exploratory Study of User Perceptions of Payment Methods in the UK and the US.
University Paper College London.
38. Lee, I. & Souza, S. d., 2018. The Future of Payments: Contactless Payments. [Online]
Available at: https://www.imoney.my/articles/contactless-cards
39. Liébana-Cabanillas, F., Luna, I. R. d. & Montoro, F., 2017. Intention to use new mobile payment systems: a
comparative analysis of SMS and NFC payments. Economic Research , 30(1), pp. 892-910.
40. Macbean, N., 2014. ABC News. [Online]
Available at: https://www.abc.net.au/news/2014-05-30/electronic-pickpocketing-looms-as-next-credit-cardfraud-threat/5486806
41. Mackevicius, J. &. G. L., 2013. Transformational Research of the Fraud Triangle. EKONOMICA, 92(4).
42. McMillan, J., 2018. Examining the Perceived Risks of contactless card acceptance in the New Zealand
Market. Department of Management, Marketing and Entrepreneurship.
43. Nandikotkur, G., 2018. Bank Info Security. [Online]
Available at: https://www.bankinfosecurity.asia/interviews/securing-contactless-card-payment-transactions-i-
4077
44. Narasimhan, H. & Padmanaban, T., 2013. 2CAuth: A New Two Factor Authentication Scheme Using QRCode. International journal of Engineering and Technology, 5(2), pp. 1087-1094.
45. Nigel, P., 2016. The Truth about contactless payment, Australia: Central for Internet Safety.
46. Olusola, M., Oludele, A., Chibueze, O. & Samuel, O., 2013. CASHLESS SOCIETY: DRIVE’S AND
CHALLENGES IN NIGERIA. International Journal of Information Sciences and Techniques.
47. Paul, C. L. et al., 2011. A field study of user behavior and perceptions in smartcard authentication. HCI.
48. Pillai, D. S. & S.Sathyalakshmi, 2014. Prevention of Relay Attack Using NFC. International Journal of
Innovative Research in Computer and Communication Engineering.
49. Pratt, B. D., 2006. The empirical status of deterence theory: A meta analysis.
50. Quibria, N., 2008. The Contactless Wave: A Case Study in Transit Payments. Federal Reserve Bank of
Boston.
51. Raza, S., 2016. The Henry Fund Investment Thesis On Visa Inc.. VW.
52. Rogers, 2003. Diffusion of Innovation. 5th ed. New York: Free Press.
53. Roland, M. & Langer, J., 2013. Cloning credit cards: a combined pre-play and downgrade attack on EMV
contactless. Proceeding of the 7th Usenix Conference on Offensive Technologies.
54. Sakharova, I. & Kha, L., 2011. Payment Card Fraud: Challenges and Solutions. The University of Texas at
Dallas, Volume 5.
55. Sara, S., 2018. Contactless card fraud overtakes cheque scams for first time. The Telegraph.
56. Shin & Lee, 2014. The effects of technology readiness and technology acceptance on NFC mobile payment
services in Korea.. The Journal of Applied Business Research, 30(6), pp. 1615-1626.
57. Simpson, J., 2016. The Times. [Online] Available at: https://www.thetimes.co.uk/article/gangs-use-the-darkweb-to-trade-contactless-card-data-dzqppsx6k
58. Smith, S. L., 2007. Gone in a Blink: The Overlooked Privacy Problems caused by contactless payment
systems. Smith Articile, 11(1).
59. Storm, D., 2013. ComputerWorld. [Online] Available at:
[Accessed 5 January 2019].
60. Subramayen, R., 2008. Quality of internal control procedures : Antecedents and Moderating effect on
organisational justice and employee fraud. Managerial Auditing Journal.
61. Sullivan, R. J., 2010. The Changing Nature of U.S. Card Payment Fraud: Industry and Public Policy Options.
Federal Reserve Bank of Kansas City.
62. Swartz, D. D. G., 2006. The Move Toward a Cashless Society: Calculating the Costs and Benefits. Review of
Network Economics.
63. Symon, J., 2018. Detecting relay attacks against Bluetooth communication in Android. Research Commons at
the University of Waikato.
64. Trutsch, T., 2017. The Impact of Contactless Payment on Cash Usage. University of St. Gallen.
65. Vejačka, M., 2015. Consumer Acceptance of Contactless Payments in Slovakia. Journal of Applied Economic
Sciences, Issue 35, pp. 760-765.
66. Vogues, D., 2017. A study of the NFC market in Germany in cooperation with Fidesmo AB.. KTH Royal
Institute of Technology School of Insustrial Engineering and Management.
67. Wang, T., 2008. Determinants affecting consumer adoption of contactless credit card: An empirical study.
Cyber Psychology & Behavior, 11(6), pp. 687-689.
68. Wang, Y.-M. & Lin, W.-C., 2019. Understanding consumer intention to pay by contactess credit cards in
Taiwan. International Journal of Mobile Communications,, 17(1), pp. 1-23.
69. Weiber & Pohl, 1996. Leapfrogging-Behavior and adoption of the contactless cards. Journal of business
economics, 66(10), pp. 1203-1222.
70. Widjaja & Ooi, E. P., 2015. Non-Cash Payment Options in Malaysia. Journal of Southeast Asian Economies.
71. Yan Chen, K.-W. W., 2015. Organizations' Information Security Policy Compliance : Stick or Carrot
Approach. Journal of Management Information System.
72. Yilmazer, K., 2006. Adoption of internet banking and consumers payment choices. Working Paper of Purdue
university.
73. Zaharudin, R. Z. A. R., Rashid, U. K. & Nasuredin, J., 2018. Usage Behavior among Paywave Card Users in
Kuala Lumpur. International Journal of Research.
74. Zheng, M, F. & Coat, H. P., 2013. Chinese consumer perceived risk and risk relievers in e-shopping for
clothing. Journal of Electronic Commerce Research, 3(13), pp. 255-274.
Downloads
Published
Issue
Section
License
Copyright (c) 2020 AUTHOR
This work is licensed under a Creative Commons Attribution 4.0 International License.
You are free to:
- Share — copy and redistribute the material in any medium or format for any purpose, even commercially.
- Adapt — remix, transform, and build upon the material for any purpose, even commercially.
- The licensor cannot revoke these freedoms as long as you follow the license terms.
Under the following terms:
- Attribution — You must give appropriate credit , provide a link to the license, and indicate if changes were made . You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
- No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits.
Notices:
You do not have to comply with the license for elements of the material in the public domain or where your use is permitted by an applicable exception or limitation .
No warranties are given. The license may not give you all of the permissions necessary for your intended use. For example, other rights such as publicity, privacy, or moral rights may limit how you use the material.
