Home > Government, World of the Strange – Weird Science > How 30million ‘wi-fi’ credit cards can be plundered by cyber identity thieves exploiting contactless payment technology.

How 30million ‘wi-fi’ credit cards can be plundered by cyber identity thieves exploiting contactless payment technology.

By Ben Ellery  1st June 2013.                  Find Full Article Here:-

Millions of debit and credit card holders are at risk of having their personal data mined by thieves exploiting a loophole in the latest ‘contactless’ payment technology.

Card numbers and personal details can be read almost instantly by a remote device such as a mobile phone, according to cyber-crime experts.

Contactless cards have been in use for five years and are becomingly increasingly popular as they save time for retailers and customers by speeding up transactions.

Customers use them to pay for less costly items (£20 or under) without having to key in a PIN number or scrabble around for cash. Instead, they simply scan their plastic over an electronic reader at the till.

Criminals can easily adapt phones using products sold online to strip the details from contactless cards without card-owners knowingCriminals can easily adapt phones using products sold online to strip the details from contactless cards without card-owners knowing (picture posed by models)

But the new technology is vulnerable to thieves and conmen. Any stranger who found or stole one of the cards could go on a small-scale spending spree of up to £100 – as the reader requires a PIN only after five transactions in one day.

And this week The Mail on Sunday witnessed how details from the cards can be wirelessly copied by a touch screen phone – modified with parts bought on the internet for as little as £30.

The phone – which was adjusted by security expert Martin Emms and his team of researchers at Newcastle University’s Centre for Cybercrime and Computer Security – also accessed the last ten transactions made on the account.

By simply holding the phone near a wallet, our reporter was able to download the details within two seconds, fuelling fears that the technology could be exploited by thieves in a crowd or by brushing past someone.

The unsuspecting victim would be unaware their data had been stolen until they received their bank statement, but the stolen information could be used to make purchases online from retailers such as Amazon, who do not require a security code or further checks for most purchases.

Mr Emms, who has published a report into contactless card flaws, said: ‘We have produced a phone which speaks the same language as the cards and used this to obtain data from them.

Contactless cards are also being accidentally charged when users swipe their Oyster cards on London busesContactless cards are also being accidentally charged when users swipe their Oyster cards on London buses

‘With it, we have been able to strip contactless cards of the account-holder’s name, 16-digit number, and expiry date. In some cases, we have even been able to obtain the last ten purchases, which is one of the security questions asked by banks.

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: