The £20 limit on Visa contactless cards can be bypassed by making transactions using foreign currencies, security experts from Newcastle University have found.
Normally a PIN needs to be entered to authenticate larger transactions, but researchers – and potential thieves – are able to bypass this security step and charge as much as the equivalent of £999,999.99 in dollars, euros or any other foreign currency.
The researchers found that it was possible to rig a mobile phone to act like a scanner, allowing them to trigger transfers of cash from a bank account just by passing the phone over a wallet or purse containing the card, the Daily Mail reported.
“With just a mobile phone we created a point-of-sale terminal that could read a card through a wallet,” lead researcher Martin Emms told the paper.
“By pre-setting the amount you want to transfer, you can bump your mobile against someone’s pocket or swipe your phone over a wallet left on a table and approve a transaction,” he added. “It took less than a second for the transaction to be approved.”
Emms said that his team had not tested how Visa’s systems would react to a rush in foreign currency transactions, and whether this would be flagged as possible fraud. The research, however, had identified a “real vulnerability” in the contactless card payment protocol, he said.
“All a criminal would need to do is set up somewhere like an airport or the London underground where the use of different currencies would appear legitimate.” Emms added.
“We have reviewed Newcastle’s findings as part of our continued focus on security and beating payments fraud,” a spokesman for Visa Europe said.
“The research does not take into account the multiple safeguards put into place throughout the Visa system, each of which must be met in order to make a transaction possible in the real world. For these reasons we do not believe the findings to be a cause for concern, as it would be very difficult to complete a fraudulent payment of this kind outside a laboratory environment.”
Just 31% of Brits know who's on the back of the new £5 polymer banknote, says new research from Barclaycard, which also found that the number of cash users continues to drop as people prefer using more digital methods of payments.
Nine out of ten consumers use their smartphones more than any other device, and consumers would also prefer to use biometrics over PINs - with fingerprints being the preferred method, according to a new Mastercard survey.
It's banks, not government agencies, that the British people trust to deliver biometric authentication payment services, says a new Visa study.
With less than two weeks to go until the US liability shift hits its first anniversary, MasterCard published new data evidencing the positive impact the technology is having on issuing banks, merchants and consumers, as well as saying adoption continues to grow.