|Written by HeavenlyAndroid|
|Thursday, 29 March 2012 06:00|
If you're an Amazon shopper who uses a Barclays contactless credit or debit Visa card it's time to be extra vigilant. You may think that pick-pockets belong in the Oliver Twist era, or at least on the busy high street, but you'd be wrong. A new form of virtual pick-pocketing, via NFC enabled Android phones could be happening to you right now.
It seems that you're no longer safe, even when you ensure your purse or wallet is within a zipped pocket. As reported on Channel 4 news, NFC contactless payment has opened up a new breed of vulnerability, leaving your wallet literally wide open for all and sundry to empty it of money, by simply tapping an NFC enabled phone reader against it, even through clothing, which then reads the details within a split second. Information such as your long card number, expiry date and name are sent through the air, unencrypted, enabling crooks to party at your expense.
Barclays declared that in principal there was nothing wrong with card details being obtained without permission in this way, and it should not present a fraud hazard. Such sensitive information should not in itself allow unscrupulous individuals to enjoy an online shopping spree. However, a loophole has been found that makes you even more vulnerable than when using your local ATM (cashpoint).
Amazon comes into the equation simply because they fail to ask for the CCV (card verification value) / CSC (credit card security code), a three digit number located on the back of the card. As all information that is required to buy on Amazon has been stolen in this opportunist attack, the thief is free to use as many card details as he wishes to pave his fraudulent path with any items he chooses to purchase, courtesy of your Barclays contactless payment card. When questioned about this situation, Amazon declined to comment.
Take a look at Channel 4 news disturbing video report below:
The UK government has requested Barclays Bank recalls up to 13 million credit and debit cards in light of this fraud investigation led by viaForensics, a mobile security company. However, if you have one of these cards you may wish to take a trip to your local branch and hand the card in before a request is made.
|Last Updated ( Friday, 30 March 2012 09:45 )|