Barclays contactless cardholders exposed to security flaws

barclays contactless card being used to pay for coffee

"Simply a case of the details coming out through the air”

A recent investigation from Channel 4 has found that sensitive data from the front of a Barclays contactless Visa card can be easily lifted using a smartphone with a wireless reader. The PIN and CVV code embedded in the chip were secure. Many retailers, such as Amazon, however, do not require the secure 3 digit number on the back in order to make transactions.

Thomas Canon from security company ViaForensics said he was able to lift out sensitive card details including the long number, expiry date and name by tapping a smartphone against the wallet with the wireless reader enabled.  “None of it was encrypted, it was simply a case of the details coming out through the air,” he said.

Barclays told Channel 4 News that “the details obtained should not be sufficient to undertake any fraudulent activity but we do depend on retailers upholding the same high standards of security when verifying payment details. To be clear, this is not an issue with contactless but with the checks undertaken for ‘card not present’ payments by some retailers.”

In a statement, the government Department for Business Innovation and Skills said they were “contacting the Payments Council, UK Cards and Barclays to get more details on the extent of the problem and to understand what urgent action is being taken to address it.”  

13 million Barclays customers currently use a contactless Visa card to make contactless payment for small transactions, usually of up to £15.

Related reading

Leave a comment