Visa’s Contact-less Pay Flaw Opens Opportunity for Money Theft
UK researchers have found a major flaw in Visa’s contact-less pay that allows criminals to transfer up to $999,999 of funds to a card without the victim knowing. Contact-less cards have a set a spending limit (£20 in the UK) that allows users to make purchases without having to enter a PIN. According to Gizmodo, transactions like this are made without having to swipe the actual card, which also happens to be offline and bypasses the initial bank security that checks a cards authentication. Martin Emms, Newcastle’s lead researcher, presented the new found flaw at the CCS 2014.
“With just a mobile phone we created a POS terminal that could read a card through a wallet,” explained Emms while at the conference. Hackers can create and pre-set a certain amount to be transferred by swiping a phone by the contact-less card. The researchers advise that hackers will most likely not steal large amounts to remain undetected, but rather set up several small accounts to steal miniscule funds without notice.
Video Via Visa YouTube Channel