Fears over Contactless Card Fraud

Radbound Univeristy in the Netherlands has this week published worrying research, claiming to have found a way of cloning the Oyster Card, issued to travellers in London using the TFL network for tubes, trains and buses. Oyster cards are currently the most popular Radio Frequency Identification payment cards in circulation.

Researchers were able to scan Oyster card readers to collect the cryptographic key which is then stored on computer. The fraudster can then brush past an Oyster card holder and collect their card details; commonly known as “sniffing”. Using the key and the 'sniffed' details, fraudsters are then able to create false payment cards with any amount of fraudulently obtained credit.

Thankfully for Oyster card holders, fraudulent cards could only be used for a period of 24 hours. This is because TFL deducts the amount of credit from a person’s live card, and every 24 hours the cards are synchronised with the main database to ensure that the commuter has paid the right fare for their journey, and that the payments system is correct.  This means that a fraudster would only be able to claim one day or £12 worth of free travel, however there would be few limitations as to the amount of cards a fraudster could create.

It is estimated that there are 10 million Oyster cards in circulation, not to mention numerous other contactless card systems that can be used for minor purchases such as coffee and newspapers. TFL has issued a statement assuring customers they can be confident in the Oyster system, meanwhile the Dutch government has postponed its implementation of a similar payment system based on the same technology.