Disclaimer: The statements and articles listed here, and any opinions, are those of the writers alone, and neither are opinions of nor reflect the views of this Blog. Aggregated content created by others is the sole responsibility of the writers and its accuracy and completeness are not endorsed or guaranteed. This goes for all those links, too: Blogs have no control over the information you access via such links, does not endorse that information, cannot guarantee the accuracy of the information provided or any analysis based thereon, and shall not be responsible for it or for the consequences of your use of that information.
FINANCIAL ARRESTS WORLDWIDE

Monday 26 March 2012

Contactless cards expose Barclays users to fraud

 

A Channel 4 investigation has found that personal banking details can be swiped from a card via a mobile device Millions of users of Barclays Bank's contactless payment cards are at risk of fraud as their personal details can be stolen via a mobile phone, an investigation has found. The investigation, carried out by Channel 4, revealed that mobile phones containing a standard card-reading app can be modified to steal details from contactless payment cards. This can be done simply by swiping the mobile phone over the card, even if it is in a wallet. Contactless payment cards are fitted with a chip that contains all the important data needed to buy something, with the exception of the CVV code, and they work when held up to special readers in shops. Channel 4 alleges that these details can easily be transmitted to a mobile phone. Thomas Cannon of ViaForensics, who helped with the investigation, said: "All I did was I tap my phone over your wallet and using the wireless reader on the phone I was able to lift out the details from your card, that includes the long card number, the expiry date and your name. None of it was encrypted, it was simply a case of the details coming out through the air." Using details acquired this way, Channel 4 claims it was able to order and receive a number of goods purchased through online retailer Amazon. The show said that Amazon does not required the use of the CVV code - the three-digit number on the back on a user's card - to complete purchases, which is where users will be exposed to potential fraud. Normally a 'card not present' transaction requires the CVV, but evidently not in Amazon's case. The retail giant is not alone in this matter, meaning several other online shopping sites are potentially exposed to this kind of fraud. During the investigation Channel 4 found that just Visa cards issues by Barclays were at risk; other banking and card combinations did not transmit the data. A statement issued by Barclays denied that their contactless payment system is inherently flawed. Instead the issue lies with the retailers, they said. "We are compliant with scheme rules for contactless cards and our fraud guarantee refunds any fraudulent losses to customers in full. The only information which can be obtained from a chip is the same as that which is printed on the front of the card - this does not include secure information such as PIN or signature (CVV) code," a Barclays statement read. "The details obtained should not be sufficient to undertake any fraudulent activity but we do depend on retailers upholding the same high standards of security when verifying payment details," the statement added. "As a matter of urgency we are now engaging with retailers to ensure they are undertaking adequate and robust checks. We remain committed to contactless and firmly believe that it continues to be a safe and viable payment system." It is thought there are around 13 million users of Barclays' contactless payment cards. Contactless payment is a booming business at the moment, with near-field communications (NFC) chips being included as standard on many smartphones. A recent report by Informa said that mobile phone-based payments are expected to top $37bn a year by 2016.

Related Posts Plugin for WordPress, Blogger...

ann croft

Disclaimer: The statements and articles listed here, and any opinions, are those of the writers alone, and neither are opinions of nor reflect the views of this Blog. Aggregated content created by others is the sole responsibility of the writers and its accuracy and completeness are not endorsed or guaranteed. This goes for all those links, too: Blogs have no control over the information you access via such links, does not endorse that information, cannot guarantee the accuracy of the information provided or any analysis based thereon, and shall not be responsible for it or for the consequences of your use of that information.
Disclaimer: The statements and articles listed here, and any opinions, are those of the writers alone, and neither are opinions of nor reflect the views of ProLifeBlogs. Aggregated content created by others is the sole responsibility of the writers and its accuracy and completeness are not endorsed or guaranteed. This goes for all those links, too: ProLifeBlogs has no control over the information you access via such links, does not endorse that information, cannot guarantee the accuracy of the information provided or any analysis based thereon, and shall not be responsible for it or for the consequences of your use of that information.
Site Specific Privacy Policy run in accordance with http://www.google.com/privacy.html
We can be reached via e-mail at
copsandbloggers@googlemail.com
For each visitor to our Web page, our Web server automatically recognizes information of your browser, IP address, City/State/Country.
We collect only the domain name, but not the e-mail address of visitors to our Web page, the e-mail addresses of those who communicate with us via e-mail.
The information we collect is used for internal review and is then discarded, used to improve the content of our Web page, used to customize the content and/or layout of our page for each individual visitor.
With respect to cookies: We use cookies to store visitors preferences, record user-specific information on what pages users access or visit, customize Web page content based on visitors' browser type or other information that the visitor sends.
With respect to Ad Servers: To try and bring you offers that are of interest to you, we have relationships with other companies like Google (www.google.com/adsense) that we allow to place ads on our Web pages. As a result of your visit to our site, ad server companies may collect information such as your domain type, your IP address and clickstream information. For further information, consult the privacy policy of:
http://www.google.com/privacy.html
copsandbloggers@googlemail.com
If you feel that this site is not following its stated information policy, you may contact us at the above email address.

Privacy Policy (site specific)

Privacy Policy (site specific)
Privacy Policy :This blog may from time to time collect names and/or details of website visitors. This may include the mailing list, blog comments sections and in various sections of the Connected Internet site.These details will not be passed onto any other third party or other organisation unless we are required to by government or other law enforcement authority.If you contribute content, such as discussion comments, to the site, your contribution may be publicly displayed including personally identifiable information.Subscribers to the mailing list can unsubscribe at any time by writing to info (at) copsandbloggers@googlemail.com. This site links to independently run web sites outside of this domain. We take no responsibility for the privacy practices or content of such web sites.This site uses cookies to save login details and to collect statistical information about the numbers of visitors to the site.We use third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and would like to know your options in relation to·not having this information used by these companies, click hereThis site is suitable for all ages, but not knowingly collect personal information from children under 13 years old.This policy will be updated from time to time. If we make significant changes to this policy after that time a notice will be posted on the main pages of the website.

Stats

  © Blogger template Newspaper III by Ourblogtemplates.com 2008

Back to TOP