Which? tests security flaws with contactless cards

The contactless card payment method has increased across the board making it more important for banks to have powerful security checks in place to ensure sensitive data is concealed and also indicate unusual activity on a user's account.

Ross Brewer, vice president and managing director for international markets at LogRhythm commented, “As contactless payment limits rise to £30 in September, it is more likely that criminals will begin to target cards rather than the old-style chip and pin for a quick and easy pay day.”

Which? found that consumers who use contactless debit and credit cards to buy goods or services could be unknowingly opening their bank account up to swindlers.

Researchers purchased cheap card scanners from a popular website to see if it were possible to steal key information from a contactless card. Ten different credit and debit cards were tested. The cards were supposed to be coded to cover-up personal data, but they were able to read essential data meant to be hidden.

With the information obtained, researchers were able to successfully place an order for a couple of items including a £3,000 television set. Which? said, “We doubted we'd be able to make purchases without the cardholder's name or CVV code – but we were wrong.”

Paul, McEvatt, lead security specialist and cyber-consultant UKI at Fujitsu says, “Companies are no longer fighting against individuals, but a sophisticated cyber-criminal industry, with intentions to steal data and use it for malicious purposes. This is an opportunity for banks to step-up and challenge the newly emerging key players in this market.”