![\"MoS2](\"https:\/\/www.flubu.com\/blog\/wp-content\/uploads\/2014\/11\/nfc-fraud.jpg\")
<\/center><\/p>\nAccording to researchers at Newcastle University in the UK, the card system developed by VISA for use in the United Kingdom fails to recognize transactions made in non-UK foreign currencies and can therefore be tricked into approving any transaction up to 999,999.99.<\/p>\n
What\u2019s more, because the cards allow for contactless transactions, wherein consumers need only to have the card in the vicinity of a reader without swiping it, a thief carrying a card reader designed to read a card that\u2019s stored in a wallet or purse could conduct fraudulent transactions without the victim ever removing their card.<\/p>\n
Since the transaction is done offline without going through a retailer\u2019s point-of-sale system, no other security checks are done.<\/p>\n
\u201cWith just a mobile phone we created a POS terminal that could read a card through a wallet,\u201d Martin Emms, lead researcher of the project that uncovered the flaw, noted in a statement about the findings. \u201cAll the checks are carried out on the card rather than the terminal so at the point of transaction, there is nothing to raise suspicions. By pre-setting the amount you want to transfer, you can bump your mobile against someone\u2019s pocket or swipe your phone over a wallet left on a table and approve a transaction.\u201d<\/p><\/blockquote>\n
In tests the researchers conducted, transactions took less than a second to be approved. In the UK, contactless payments are limited to a maximum value of \u00a320, requiring a PIN for anything more than this. But the researchers found that the system doesn\u2019t recognize foreign currency transactions and therefore doesn\u2019t require a PIN for these.<\/p>\n
\u201cThis lends itself to multiple attackers across the world collecting small transactions of perhaps \u20ac200 at a time for a central rogue merchant who could be located anywhere in the world,\u201d Emms notes. \u201cThis previously undocumented flaw around foreign currency, combined with the lack of POS terminal authentication and the ease of skimming contactless credit cards, makes the system more vulnerable to high-value attacks.<\/p>\n
It is not clear from reading the payment protocol how banks would deal with the inconsistencies we have found through our research, hence we believe the vulnerability poses a potential threat,\u201d he said. \u201cThe fact that we can by-pass the \u00a320 limit makes this new hack potentially very scalable and lucrative. All a criminal would need to do is set up somewhere like an airport or the London underground where the use of different currencies would appear legitimate.\u201d<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"
According to researchers at Newcastle University in the UK, the card system developed by VISA for use in the United Kingdom fails to recognize transactions made in non-UK foreign currencies and can therefore be tricked into approving any transaction up to 999,999.99. What\u2019s more, because the cards allow for contactless transactions, wherein consumers need only…<\/p>\n