Researchers at Newcastle University have identified a major vulnerability in Visa’s contactless cards that could allow hackers to steal huge amounts of money from users’ accounts without their knowledge.
Contactless credit cards allow users in the UK to make transactions that cost less than £20 without entering their PIN, speeding up the process and improving customer convenience. However researchers have found that the limitation on the amount can be increased by changing the default currency into a new one.
The good news is that the research team haven’t tested how Visa’s system reacted to a rush of foreign currency transfers, and whether it would flag them up as a possible fraud or not.
But the experts are worried that the contactless payment cards system is insecure, and that cybercriminals would likely use the flaw to set up hundreds or thousands of fraudulent transactions in smaller amounts to evade detection.
Since cyber criminals are exploring all possible ways to break into the system, they will exploit this vulnerability sooner or later. The researchers also said that the payment protocol does not clearly mention a way in which the banks would handle this inconsistency. However, Visa doesn’t seem to be worried. They said that the researchers hadn’t considered the multiple safeguards they employ to prevent such types of attacks. They also ruled out the possibility of similar attacks being replicated outside the lab.