Glitch in Contactless Bank Cards Could Cost €999,999,999

Subscribe
Research shows Visa card can be defrauded of up to €999,999,99 in a foreign currency.

MOSCOW, November 5 (RIA Novosti) — Researchers at a UK university have discovered a flaw in Visa’s contactless card system: the £20 transaction limit can be bypassed and large payments made in a foreign currency, all while the card remains in the victim’s pocket.

“By pre-setting the amount you want to transfer, you can bump your mobile against someone’s pocket or swipe your phone over a wallet left on a table and approve a transaction,” explained researchers from Newcastle University in a press release. “The fact that we can by-pass the £20 limit makes this new hack potentially very scalable and lucrative.  All a criminal would need to do is set up somewhere like an airport or the London underground where the use of different currencies would appear legitimate.”

Transactions using contactless cards currently have a limit of £20, to make the method less attractive to criminals. However, the possibility of sidestepping this limit increases the appeal to fraudsters. The glitch discovered by the team at Newcastle allows transactions of up to 999,999,99 in any foreign currency, representing a “real vulnerability in the payment protocol.”

Those responsible for the study added that despite banks having security systems to stop fraud, it is unclear how they would “deal with the inconsistencies” identified in the research. The researchers were able to create a merchant POS terminal using just a mobile phone, with which the fraud could be committed.

The testing also showed that MasterCard cashless payments also feature the underlying flaw, but that Mastercard’s security measures prevented such an attack from taking place. Visa Europe defended its card in a statement to the Daily Mail, saying that outside the laboratory such an attack would not be possible. “The research does not take into account the multiple safeguards put into place throughout the Visa system, each of which must be met in order to make a transaction possible in the real world.”

UK Cards Association, the leading trade association for the UK card industry also sought to downplay the threat, telling the Telegraph: “Problems are exceptionally rare, with only a handful of cases reported where the wrong card has been debited when accidentally placed very close to a contactless card reader.”

Contactless cards are an increasingly popular way of making small payments in the UK, in which the customer holds their card at a distance of 5-10cm from the payment terminal to complete the transaction. First launched by Barclaycard in 2007, this year has seen a big rise in the number of contactless payments. According to data from the UK Cards Association, in June £158.5 mln was spent using contactless cards in the UK, an increase of 7.8% on such payments made the previous month and 238.3% over the year.

Newsfeed
0
To participate in the discussion
log in or register
loader
Chats
Заголовок открываемого материала