You've probably tapped your card to pay for a coffee without thinking twice. That little wave over the reader feels almost magical: no PIN, no swipe, no waiting. That same convenience is what a team of Irish cybersecurity researchers decided to test. What they found suggests a roll of aluminum foil may be useful.
The peer-reviewed study, ‘An ISO/IEC 7816-4 Application Layer Approach to Mitigate Relay Attacks on Near Field Communication,’ published in IEEE Access by researchers at Technological University Dublin and University College Dublin, found that contactless cards can be relayed to a payment terminal from well outside their normal few-centimeter range, using two Android smartphones and a Wi-Fi connection.
So, is a tap-to-pay card actually vulnerable?
Contactless cards run on Near Field Communication, or NFC, the short-range wireless tech also used by Apple Pay and Google Pay. According to the study, NFC is built to work within roughly 4 centimeters, and this short range has long been treated as a built-in safety feature, the assumption being that if a card is that close to a reader, you meant for it to happen.