CC Image courtesy of Ricardo Moctezuma.
Theft opportunities exist from contactless cards via mobile phones, a recently published report has revealed.
Five-year-old contactless payment solutions are used by customers to pay for small purchases via card without a PIN.
The system’s security is under question following experiments by the Newcastle University’s Centre for Cybercrime and Computer Security, which proved fraud a relevant concern.
It has been established essential details can easily be stolen through mobile phone detection by anyone standing within reachable proximity of a contactless card user, the report stated.
Victims would only discover their losses of large amounts of missing money when checking bank balances, as no other notification would alert robbed users.
Apart from money detraction, further damage is incurred by using the stolen details to make account purchases on online stores such as Amazon, for which no three digit code is required.
Martin Emms, who worked on the publication, said: “It is alarming because the information provides the basis that, with a little more research, could see thieves strip a bank account.”
Emms explained the production of a phone which can interact in the same language as the cards, aiding in information acquisition.
The mobile-based experiment proved successful extraction of account holders’ names, 16-digit numbers and expiry dates from contactless cards.
Information regarding the last 10 purchases is also accessible, leading to the enablement of further purchases.
