Back to blog

Can credit cards really be copied from a distance?

Feb 19th 2016 / Programming

Last month yet again a piece of news arose regarding a device sold online that can copy credit card data at a distance of 8 centimeters.

Even though this distance doesn't seem a great one, the device could by all means serve its purpose if you're traveling in a packed subway. Regarding the subject, we have contacted Vania Manova as an expert and manager for MasterCard in Bulgaria and Macedonia. 

Can you please provide your opinion regarding the piece of news for a device that can copy banking card data from a distance?

The matter has come to our knowledge and we've been following the publications that question the security of no-contact cards. We ensure you that the built-in technical safety measures decrease the possibility of an incident of that sort to occur, as well as the following consequences from it. The type of information that can be 'read' from a no-contact card in this mode of operation is limited to only a few elements. The cardholder's name, the codes for additional verification, or keys can not be read. Card data could be read-only at a distance of approximately 5 centimeters from a standard reader and only when the transaction is activated by the cashier so it's guaranteed that it's being initialized with the cardholder's knowledge and approval. MasterCard keeps on screening and developing the security of all products to provide safe, easy, and intelligent solutions for transactions. 


What safety measures can cardholders count on while initializing no-contact transactions? 

At MasterCard, we take security extremely seriously and we integrate safety technical measures that guarantee that the card won't be put at risk. 

In addition, all transactions going above the amount of 25 levs inquire PIN code or signature. When paying small amounts in a no-contact manner the card providers limit the number of the allowed transactions without additional identification. 

Can a fraud be made using a mobile POS terminal and how can this be restricted? 

We've witnessed scenarios like this but only in 'lab conditions', not in real life. Behind each merchant there is a financial institution that provides the POS terminal and guarantees the security and safety of the procedure - it goes both for the merchants, as well as for the customers. 

What other types of security risks have you witnessed and how do you fight them?

For several years an ongoing issue was the so-called card skimming. In Bulgaria, almost 100% of the cards have migrated to the EMV technology and 100% of the terminals are using this technology. Technologies do upgrade and MasterCard is keeping its position as a leader in innovations and security being always one step ahead of the criminals. Each and every transaction is secured by technology at several levels. All cards in Bulgaria have the CVC2 code - that's the 3-digit code printed on the back of the card that the customer enters while shopping online; its main goal is to validate purchases. Other providers offer MasterCard SecureCode® for transactions while shopping online. MasterCard Security Code is a code that is known only to the cardholder (given to him/her by the card provider) and makes the online transactions more secure. The next level of upgrading technologies is implementing biometric data which gives the customer the opportunity to identify himself/herself by using strictly personal characteristics.