Visa’s Contactless Cards Vulnerable: Attackers Can Steal up to 999,999.999 in Foreign Currency

Stealing just got a whole lot easier for criminals. Experts at the Newcastle University in the UK discovered a glitch within Visa’s system, that renders their contactless cards vulnerable to drive-by theft of up to 999,999.999 in any foreign currency. The card never even has to leave the victim’s wallet/pocket.

To pull this off, all the criminal needs is an NFC-enabled smartphone (all mid-range devices generally have this). “With just a mobile phone we created a POS terminal that could read a card through a wallet,” informs Martin Emms, the lead researcher of this project. “All the checks are carried out on the card rather than the terminal so at the point of transaction, there is nothing to raise suspicions.  By pre-setting the amount you want to transfer, you can bump your mobile against someone’s pocket or swipe your phone over a wallet left on a table and approve a transaction.  In our tests, it took less than a second for the transaction to be approved,” he adds.

Visa responded in a statement for BBC and claims that the research did not take into account “multiple safeguards put into place throughout the Visa system. For these reasons we do not believe the findings to be a cause for concern, as it would be very difficult to complete a fraudulent payment of this kind outside a laboratory environment.”

Time will tell whether this type of attack is indeed executable.

Enjoyed this post? Subscribe to our newsletter and don’t miss a thing!