"Simply a case of the details coming out through the air”
A recent investigation from Channel 4 has found that sensitive data from the front of a Barclays contactless Visa card can be easily lifted using a smartphone with a wireless reader. The PIN and CVV code embedded in the chip were secure. Many retailers, such as Amazon, however, do not require the secure 3 digit number on the back in order to make transactions.
Thomas Canon from security company ViaForensics said he was able to lift out sensitive card details including the long number, expiry date and name by tapping a smartphone against the wallet with the wireless reader enabled. “None of it was encrypted, it was simply a case of the details coming out through the air,” he said.
Barclays told Channel 4 News that “the details obtained should not be sufficient to undertake any fraudulent activity but we do depend on retailers upholding the same high standards of security when verifying payment details. To be clear, this is not an issue with contactless but with the checks undertaken for ‘card not present’ payments by some retailers.”
In a statement, the government Department for Business Innovation and Skills said they were “contacting the Payments Council, UK Cards and Barclays to get more details on the extent of the problem and to understand what urgent action is being taken to address it.”
13 million Barclays customers currently use a contactless Visa card to make contactless payment for small transactions, usually of up to £15.
Whitepapers
Related reading
Central banks best suited to issue digital currencies
By Aaran Fronda A recent report by the Official Monetary and Financial Institutions Forum (OMFIF) said that central banks rather than private ... read more
Instant payments: innovations inbound for corporates
In 2020, instant payments look set to continue their current trajectory to become the biggest trend in payments. While these schemes already offer numerous benefits to corporates, leveraging innovations such as APIs and request to pay will go some way to unlocking their full potential, argues Michael Knetsch
Obstacles exist for banks to meet ECB’s instant payments goal
The cost of joining instant payment platforms will be one of many hurdles banks and payment services providers must overcome to meet ... read more
Banks must be aware of “biases” in data used to train ML models
Financial institutions need to be conscious of biases in the historical data that is being used to train machine learning (ML) models, ... read more
