With a Vivotech RFID credit card reader she bought on eBay for $50, Paget wirelessly read a volunteer’s credit card onstage and obtained the card’s number and expiration date, along with the one-time CVV number used by contactless cards to authenticate payments. A second later, she used a $300 card-magnetizing tool to encode that data onto a blank card. And then, with a Square attachment for the iPhone that allows anyone to swipe a card and receive payments, she paid herself $15 of the volunteer’s money with the counterfeit card she’d just created.
Moments later she was taken away by the FBI for committing credit card fraud.
Paget says that rotating one-time CVV only means a fraudster would need to target multiple victims rather than defraud a single victim repeatedly. The scammer could stand in a crowded train station, for instance, reading the card numbers of many passers-by and sending them to an accomplice who carried out the rest of the scheme in real-time.
This would therefore increase the criminal's risk. The equivalent of breaking into 10 houses to steal 10 small items instead of breaking into 1 house.
It should be noted that contactless debit and credit transactions are protected by the same fraud guarantee as standard transactions.
The best piece of advice: Check your credit card transaction history.