Barclays card details can be stolen with NFC-enabled phones

26 March 2012

barclays_bank_limitedBarclays may be flaring their nostrils today, aware that they're being followed by the smell of the brown pants of trouble.

They could be looking at a situation that sees them recalling a toweringly huge number of credit and debit cards - 13 million of them. What has happened is that vulnerabilities have been found in its contactless payment system which allows NFC-enabled phones to steal your card details with a simple bump.

Security firm ViaForensics found the flaw and have said that they managed to steal card numbers, expiry dates and user names by simply tapping an NFC phone to a contactless-enabled Barclays card.

It appears that none of the data was encrypted, which means that some nefarious swine could nick your credit card details by simply bumping an NFC smartphone at your pocket. Very worrying indeed.

Barclays and Visa claim it’s not a problem with the software, because that’s how NFC payments are supposed to work, and indeed, they have said that there are safeguards to stop thieves using the stolen data. Alas, Channel 4 - who are also investigating this - have said that they were able to set up an Amazon account and use the stolen information to make purchases.

Are you a Barclays customer who has had someone bump into their pocket recently? Start worrying now.

[gizmodo]

TOPICS:   Technology   Scams   Privacy   Banking

10 comments

  • Wonkey H.
    It's because of things like this that ... I don't subscribe to Sky TV ...
  • bushbrother
    I read about this and the CCV number was never taken, what websites allow payments with no CCV or address?
  • Mike H.
    ViaForensics also added, 'We have also been able to sleep with the wives of many of Barclays top managment, and remain undetected.'
  • Wonkey H.
    ...If we had been detected our cocks would have been fed into meat grinders....
  • Michael S.
    (1) No need to bump, proximity is enough. (2) @bushbrother plenty of sites out there don't require CVV, and not required for "customer not present" on terminals. Of course there is no reason why I couldn't program my NFC equipped smartphone to emulate a Barclays contactless card...
  • Richard
    Haha, is this kind of an ongoing joke now Mof. You completely steal an article, almost word for word, then just quote it as a source at the end. It's like your signature style.
  • qwertyuiop
    A way to mitigate this issue is wrapping the credit card in tin foil.
  • Cookie
    There's 2 issues 1 the technology was broken years ago and never ever will be safe. You can put together a hand scanner for under £15 using a few bit n bobs off ebay. The 2nd and bigger issue is that these cards have an absolute shed load of your personal data on them. Non of it is encrypted! There use to be a few video using Bank Of America cards when they were 1st introduced and showing handbag bump skims on youtube. Name, address, DOB you name it it's on there FFS why? The Danish Uni team who hacked the Oyster card system via the touch in out machines using a loop of wire and a laptop is worth a view too.
  • unbelievable
    To the Apple & other manufacturer fanbwoys... wish you had a Nokia smartphone with NFC now ? ;)
  • ShakesHeadSadly
    So if someone 'bumps' into me, they may get my credit card data without the CVV number or my address? That's much worse than 'bumping' into me and stealing my wallet!!! Somehow.... Maybe.... Or not.... If your details are compromised through no fault of your own, the bank will refund any money taken. Scaremongering. Move along.

What do you think?

Connect with Facebook, Twitter, or just enter your email to sign in and comment.

Your comment