11/04/2014

the easy contactless jackpotrobbing of contactless creditcards

read this, this is really a jackpot 

don't ask people for money, steal sitting on the ground (with a groundstation in your backpack)

"because the cards allow for contactless transactions, wherein consumers need only to have the card in the vicinity of a reader without swiping it, a thief carrying a card reader designed to read a card that’s stored in a wallet or purse could conduct fraudulent transactions without the victim ever removing their card.

 

Since the transaction is done offline without going through a retailer’s point-of-sale system, no other security checks are done.

 

“With just a mobile phone we created a POS terminal that could read a card through a wallet,” Martin Emms, lead researcher of the project that uncovered the flaw, noted in a statement about the findings. “All the checks are carried out on the card rather than the terminal so at the point of transaction, there is nothing to raise suspicions. By pre-setting the amount you want to transfer, you can bump your mobile against someone’s pocket or swipe your phone over a wallet left on a table and approve a transaction.”

 

In tests the researchers conducted, transactions took less than a second to be approved.

http://www.wired.com/2014/11/chip-n-pin-foreign-currency-...

one million people have signed in to contactless Apple pay for their iphone and some banks are promoting contactless payment by phone 

in a few years from there the percentage of loss because of contactless robbery will be that high that the cost of securing it will become worthwhile and urgent (while it should have been considered in the first place) 

Permalink | |  Print |  Facebook | | | | Pin it! |

The comments are closed.