Chanel 4 News and ViaForensics continued their investigation into Visa contactless credit cards and as it turns out, not only Barclays customers are exposed to malicious operations.Further analysis made on contactless credit cards revealed that all Visa cards are susceptible to the attack method presented a few days ago.
“Contactless payment cards can be read with the NFC feature built into some Android phones such as the Samsung Nexus S, and the amount of information they give up depends on the card type and issuer,” viaForensic experts wrote.
ViaForensics demonstrated that Lloyds credit cards also reveal cardholder names, card numbers and expiry dates to anyone that holds a special reader over them. Furthermore, Chanel 4 News sources claim that all Visa cards work in the same way, not just the ones from the two banks.
Financial institutions blame retailers for allowing purchases to be made without the card’s CVV and unfortunately, there are hundreds of websites that fail to implement this security measure.
The Department for Business, Innovation and Skills announced that it would start its own investigation into the matter and if necessary, banks may be forced to cancel and replace all the affected cards.
In the meantime, many financial institutions don’t offer other alternatives to contactless credit cards. Barclays, for instance, can provide its customers only with non-contactless debit cards.
This means that the 19 million cardholders that rely on these types of cards have no alternative but to buy specially shielded wallets. These wallets can protect the unencrypted information from being leaked by a potential crook which relies on a reader application stored on a smartphone.
“Although not a new issue or exploit, this demonstration illustrates the continuing security issues faced by the payment card and mobile industries as they seek to advance convenient payment technology while providing security for the consumer,” researchers from viaForensics concluded.
Note. My Twitter account has been erroneously suspended. While this is sorted out, you can contact me via my author profile.