I'm surprised there's been no thread about this.
Fraud fears grow over contactless bank card technology
Quote:
|
Originally Posted by Channel 4 News
Millions more British bank customers have been exposed to fraud through the latest credit and debit card technology, writes Channel 4 News technology producer Geoff White.
Millions more British bank customers have been exposed to fraud through the latest credit and debit card technology.
On Friday Channel 4 News reported that Barclays Visa contactless cards (ones which bear the symbol pictured) can be read using an off-the-shelf mobile phone running a special app.
ViaForensics, the company which carried out the research for Channel 4 News, has now shown the same technique works on a Visa debit card issued by Lloyds. And banking industry insiders have told us that all Visa contactless cards can potentially be read in this way.
The app reads the full name, number and expiry date from the card. Channel 4 News was able to use just these three details to order goods through Amazon; setting up an account under a dummy email address and having the goods shipped to an address which does not match that of the cardholder.
There are around 19 million contactless cards in circulation in the UK - Barclays accounts for around 13 million of those.
Visa, which provides credit facilities for Barclays, Lloyds and other banks, said it takes cardholder security very seriously. It acknowledges that the details are transmitted by the cards without encryption, but said these details can be gained "by a number of methods" and should not be usable without the three-digit CVV number on the back of the card.
(snip)
|
... unfortunately Amazon and some other online retailers don't use the three-digit CVV number...
This reminds me of all the talk a while back about being able to
remotely read someone's RFID-chipped passport using a laptop and special scanner.
Original C4 News story on this from last week:
http://www.channel4.com/news/million...posed-to-fraud