A flaw in the security provisions for contactless payment cards could allow thieves to steal large amounts of foreign currency just by touching a smartphone against a victim’s wallet, scientists have said.
The glitch could allow thieves to withdraw sums of up to 999,999.99 in foreign currency denominations, The Independent reports. If done in Euros this could come to more than £780,000.
Contactless payment cards are meant to have a spending cap of £20, but security experts from Newcastle University found that those limits are not imposed when payments are made in foreign currency.
The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
Researchers said that thieves could potentially exploit the flaw by rigging smartphones to act as card scanners, allowing them to steal huge sums of money from unwitting victims.
Lead researcher Martin Emms said: "With just a mobile phone we created a point-of-sale terminal that could read a card through a wallet. By pre-setting the amount you want to transfer, you can bump your mobile against someone’s pocket or swipe your phone over a wallet left on a table and approve a transaction. It took less than a second for the transaction to be approved."
After reviewing Newcastle University’s findings, Visa Europe responded that the study failed to take into account the "multiple safeguards throughout the Visa system", adding: "It would be very difficult to complete a fraudulent payment of this kind outside a laboratory environment."
The UK Cards Association trade body told the Daily Mail: "While this complex fraud may be theoretically feasible in a laboratory, it hasn’t been attempted in the real world and absolutely no money has ever been lost as a result. There are robust security checks in place at every single stage of a payment – by the retailer’s bank, the card scheme and the customer’s bank – which monitor, and stop, suspicious transactions. Consumers can be assured they are legally protected from any fraud losses and will never be out of pocket."
It added: "Contactless cards are extremely safe – borne out by the negligible fraud losses of less than 1p for every £100 spent over the first half of 2014."
-
6 homes with incredible balconiesFeature Featuring a graceful terrace above the trees in Utah and a posh wraparound in New York City
-
Did Alex Pretti’s killing open a GOP rift on guns?Talking Points Second Amendment groups push back on the White House narrative
-
The 8 best hospital dramas of all timethe week recommends From wartime period pieces to of-the-moment procedurals, audiences never tire of watching doctors and nurses do their lifesaving thing
-
Israel retrieves final hostage’s body from GazaSpeed Read The 24-year-old police officer was killed during the initial Hamas attack
-
China’s Xi targets top general in growing purgeSpeed Read Zhang Youxia is being investigated over ‘grave violations’ of the law
-
Panama and Canada are negotiating over a crucial copper mineIn the Spotlight Panama is set to make a final decision on the mine this summer
-
Why Greenland’s natural resources are nearly impossible to mineThe Explainer The country’s natural landscape makes the task extremely difficult
-
Iran cuts internet as protests escalateSpeed Reada Government buildings across the country have been set on fire
-
US nabs ‘shadow’ tanker claimed by RussiaSpeed Read The ship was one of two vessels seized by the US military
-
How Bulgaria’s government fell amid mass protestsThe Explainer The country’s prime minister resigned as part of the fallout
-
Femicide: Italy’s newest crimeThe Explainer Landmark law to criminalise murder of a woman as an ‘act of hatred’ or ‘subjugation’ but critics say Italy is still deeply patriarchal
