ViaForensics recently discovered that user data can be stolen from NFC chips in Barclays Visa card without users even knowing about it. The investigation was done in conjunction with Channel 4 News.
"All I did was I tapped my phone over your wallet and using the wireless reader on the phone I was able to lift out the details from your card," Thomas Cannon of ViaForensics told Channel 4 News. "That includes the long card number, the expiry date and your name. None of it was encrypted, it was simply a case of the details coming out through the air."
Typically, this would not be enough information to perform "cardholder not present" transactions over the internet or the phone, because most retailers require the three-digit signature (CVV) code from the back of the card and a valid address. However, during the course of the research it was found that there are some major online retailers that do not require this information.
For example, Channel 4 News was able to create a new account on Amazon's website, with a different name and billing and delivery address to the card they scanned, and was able to order and receive products without any link to the cardholder. Amazon does not require the CVV code on the back of the card to process purchases.
For more information, click here to find out more information.
No comments:
Post a Comment