Banks storing too much data in credit cards: Expert criticises Hong Kong banks over security flaw
Speaking one day after Monetary Authority orders seven banks to recall contactless credit cards, IT expert says they store too much information
Banks are to blame for a potential security breach because they store too much information about customers on contactless credit cards, an IT expert says.
He was speaking a day after the Hong Kong Monetary Authority asked seven banks to recall or replace credit cards it said contained a security flaw that allows holders' names to be read by unauthorised sources using a mobile phone app when they make contactless payments.
The authority named the seven banks as Bank of China (Hong Kong), Bank of Communications Hong Kong branch, China Citic Bank International, Dah Sing Bank, DBS Hong Kong, OCBC Wing Hang Bank and ICBC Asia. It did not say how many cards were involved.
Francis Fong Po-kiu, honorary president of the Information Technology Federation, said the near field communication (NFC) chip in older versions of contactless credit cards often contained all three pieces of information needed for making online purchases - the cardholder's name, card number and expiry date.
"If you did not have all three, you couldn't make any online transaction," said Fong.
READ MORE: Crazy for credit cards: Hongkongers aged 18-35 spend over 46 per cent of monthly income on credit purchases
In most contactless credit cards issued recently, the cardholder's name has been removed from the NFC chip, which explains why not all banks in Hong Kong that issue contactless credit cards have the security flaw.