Flaw Found in Barclays Contactless Card

ViaForensics recently discovered that user data can be stolen from NFC chips in Barclays Visa card without users even knowing about it. The investigation was done in conjunction with Channel 4 News. 

"All I did was I tapped my phone over your wallet and using the wireless reader on the phone I was able to lift out the details from your card," Thomas Cannon of ViaForensics told Channel 4 News. "That includes the long card number, the expiry date and your name. None of it was encrypted, it was simply a case of the details coming out through the air." 

Typically, this would not be enough information to perform "cardholder not present" transactions over the internet or the phone, because most retailers require the three-digit signature (CVV) code from the back of the card and a valid address. However, during the course of the research it was found that there are some major online retailers that do not require this information. 

For example, Channel 4 News was able to create a new account on Amazon's website, with a different name and billing and delivery address to the card they scanned, and was able to order and receive products without any link to the cardholder. Amazon does not require the CVV code on the back of the card to process purchases.

For more information, click here to find out more information. 

NFC Used in Hospital?

There is an interesting usage of NFC in hospital. According to California based Identive Group, the company has partnered with WPG Americas to provide NFC solution to transfer data from high-end medical imaging devices to multiple exam room monitors throughout a provider's office, without cables, wires or additional network investment. Here is how it works: 

The innovative new solution utilizes NFC tags and readers from Identive with software from WPG Americas that associates the images from a digital x-ray camera with the patient records. An NFC tag is affixed to the digital radiography camera. The tag is simply tapped on one of Identive's SCL3711 NFC readers that are attached to the computer in each exam room. The associated software then reconfigures the wireless communication between the camera and local computer to transmit the x-ray images from the camera and associate them with the appropriate patient record.

"NFC technology makes it possible to move much of what we do in the physical world to the virtual world, in a way that is easier and more convenient. In the healthcare market there are dozens of areas that will benefit from the use of NFC, from making treatment information available to managing patient records. Partnering with WPG Americas on this NFC transfer solution allowed us to benefit from their extensive understanding of the medical office environment and their strong engineering expertise," said Dr. Manfred Mueller, Executive Vice President and Managing Director of Identive's ID Infrastructure division.

"By making it easier to transfer x-ray images from digital sensors to computer viewing monitors in multiple exam rooms, we can help doctors, dentists and other healthcare providers extend the value of this expensive equipment while ensuring the images are associated with the correct patient," explained Dave Bowers, VP Supplier Marketing for WPG Americas. "With their growing portfolio of NFC readers and tags, Identive is becoming known as the go-to company for NFC solutions. We are excited to continue our successful collaboration as we work together to extend this NFC pairing solution to other applications."