Up to 13 million users of Barclays’ contactless debit and credit cards could be defrauded using smartphones, a Channel 4 investigation has revealed.
Phones integrated with near field communication (NFC) technology can be adapted to collect sensitive data from cards with just a quick swipe.
Though ViaForensics could only access card details of Barclays’ Visa cards, The UK Card Association’s guidelines note that cardholder names should not be transmitted in contactless transactions.
“We are compliant with scheme rules for contactless cards and our fraud guarantee refunds any fraudulent losses to customers in full,” Barclays said in a statement. “The only information which can be obtained from a chip is the same as that which is printed on the front of the card – this does not include secure information such as PIN or signature (CVV) code.”
The bank went on to say that retailers using contactless payments had been contacted to make checks to the system, though it claimed that the details obtained via smartphone should not be enough to commit fraud.
However, Channel 4 found that Amazon did not require the three-digit CVV code to purchase products. Despite being one of the biggest UK online retailers, it lacked this commonplace security measure and could therefore allow a fraudster to use credit/debit card details to set up an Amazon account without a card-registered address or name.
“We call on the card issuers to act quickly to address this issue and to cancel and replace cards if necessary,” a Department for Business, Innovation and Skill spokesperson told Channel 4. “We are contacting the Payments Council, UK Cards and Barclays to get more details on the extent of the problem and to understand what urgent action is being taken to address it.”
Barclays and Visa have pioneered contactless payments in the UK, having already installed terminals in 56,000 locations. The pair has also announced plans to issue smartphones with NFC technology to Olympic athletes as part of the pair’s contactless payments push in the UK. Further large-scale plans may need to be put on hold now as security concerns are dealt with.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
View Comments
Great article and research Jiten – it’s a story that’s been waiting to be told. We’ve spent the past three years trying to raise awareness of the potential vulnerabilities associated with this new technology; although here in the UK some will argue we’re in denial. Our findings have been collated into a suit of (free to download) PDFs, which can be found at our main website: browser search for ‘RFID PROTECT RESOURCES’
Hope this information proves helpful in some way, and once again well done for breaking this story here in the UK.
We've had a tip off that Channel 4 will be bringing more news on this story later today. Watch this space!