New "secure" credit cards... have a serious vulnerability

Posted by Rurik Bradbury on November 5, 2014


Just when you thought it was safe to go back into the water... a new vulnerability appears in credit cards. This one is UK-only, and affects the latest "contactless" cards from Visa, which are designed to allow transactions by tapping on payment terminals, even through a wallet.

The vulnerability was discovered by some Newcastle University researchers and reported by Wired. The academics found that Visa's Paywave system failed to recognize transactions in non-UK currencies, and could approve transactions -- without validation or fraud checks -- up to 999,999.99 currency units, such as dollars or euros (ie, a lot!).

And because the payment system is contactless, these million-dollar thefts could take place by brushing against an unsuspecting person's wallet at busy locations like airports or train stations, where foreign transactions are likely to take place.

Visa told The Register that "we are confident that our contactless system remains a safe, convenient way to pay." So that's reassuring.


Topics: fraud, credit card