Do stories like these have any effect on the general public? If the story was reported as “magnetic stripe-based payment cards are utterly insecure but contactless cards are better” it might have got a different response from newspapers and legislators. The critical issue here is not the security of the contactless transaction (although transmitting meaningless ID numbers instead of card numbers would be a good idea) but the insecurity of magnetic stripe cards. Once you obtain a credit card number, by whatever means (whether eavesdropping on contactless transactions or generating them randomly) it’s trivial to use it fraudulently.
There’s no doubt that consumers who are unfamiliar with contactless technology might be hesitant to use it because they perceive that contactless payment may not be secure. In fact a recent sruvey indicates that half of both current users and potential adopters rated security as their main concern with using contactless payment options. In addition, 61% of those who indicated that they were unwilling to adopt contactless payment selected “I do not think it is a safe form of payment” as the most critical reason for that decision.
But what to do? It’s probably pointless trying to explain risk analysis to the general public, but perhaps we (ie, the industry) could prepare a simple five point crib sheet to send to journalists when they are working on stories in this area?
My opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public. [posted with ecto]