Up to 13 million users of Barclays’ contactless debit and credit cards could be defrauded using smartphones, a Channel 4 investigation has revealed.
Phones integrated with near field communication (NFC) technology can be adapted to collect sensitive data from cards with just a quick swipe.
Though ViaForensics could only access card details of Barclays’ Visa cards, The UK Card Association’s guidelines note that cardholder names should not be transmitted in contactless transactions.
“We are compliant with scheme rules for contactless cards and our fraud guarantee refunds any fraudulent losses to customers in full,” Barclays said in a statement. “The only information which can be obtained from a chip is the same as that which is printed on the front of the card – this does not include secure information such as PIN or signature (CVV) code.”
The bank went on to say that retailers using contactless payments had been contacted to make checks to the system, though it claimed that the details obtained via smartphone should not be enough to commit fraud.
However, Channel 4 found that Amazon did not require the three-digit CVV code to purchase products. Despite being one of the biggest UK online retailers, it lacked this commonplace security measure and could therefore allow a fraudster to use credit/debit card details to set up an Amazon account without a card-registered address or name.
“We call on the card issuers to act quickly to address this issue and to cancel and replace cards if necessary,” a Department for Business, Innovation and Skill spokesperson told Channel 4. “We are contacting the Payments Council, UK Cards and Barclays to get more details on the extent of the problem and to understand what urgent action is being taken to address it.”
Barclays and Visa have pioneered contactless payments in the UK, having already installed terminals in 56,000 locations. The pair has also announced plans to issue smartphones with NFC technology to Olympic athletes as part of the pair’s contactless payments push in the UK. Further large-scale plans may need to be put on hold now as security concerns are dealt with.
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…
View Comments
Great article and research Jiten – it’s a story that’s been waiting to be told. We’ve spent the past three years trying to raise awareness of the potential vulnerabilities associated with this new technology; although here in the UK some will argue we’re in denial. Our findings have been collated into a suit of (free to download) PDFs, which can be found at our main website: browser search for ‘RFID PROTECT RESOURCES’
Hope this information proves helpful in some way, and once again well done for breaking this story here in the UK.
We've had a tip off that Channel 4 will be bringing more news on this story later today. Watch this space!