We worry all the time about credit card fraud and that someone will gain access to our bank accounts and steal everything we have. And for a good reason too: Charlie Miller, a security researcher demonstrated at The Black Hat conference in Las Vegas how to steal credit card data, using an app and the smartphone’s NFC feature.
It must be noted that this technique only works with cards that are equipped with special chips that enable near field communication (NFC). Cards with NFC are designed for simplified use, as customers need only tap their credit card to make a purchase, without requiring any PIN code.
So how does it work? The CBC News team used a Samsung Galaxy S III and an app from Google Play Store, which took less than five minutes to download and install. The app allowed them to read the card’s number, expiry date and the name of the cardholder by simply holding the phone close to the card.
And it seems that the app can read the card data even through the wallet, purse or coat. It’s enough for the thief to pause in the close proximity of the victim, without having to actually touch or talk to them. The whole process takes less than a second and the target is completely unaware, as there are no traces left whatsoever. Although the app currently works only at distances of about 10 cm, that is very likely to change with next generation smartphones, which will have a much stronger NFC antenna.
The stolen data is then easily sent to another phone and used to make different purchases. According to Canadian security experts, the information can be used to buy anything from a drink to an expensive laptop. The app is apparently already a favorite technique with skimming networks in Europe.
Credit card companies such as Visa and MasterCard, which already use the NFC technology for some of their products, insist that their clients are well protected against such fraud by multiple layers of security. Google too said it would remove any apps that would be found in violation with its terms of use.
[Image via Extremetech]