Android App Lets You Steal Contactless Credit Card Data

mask.of.sanity writes "An Android application capable of siphoning credit card data from contactless bank cards has appeared on the Google Play store. The app was developed by a security penetration tester for research purposes and will steal card numbers and expiry dates, along with transactions and merchant IDs. It requires a near field device capable phone, or accessory."

Re:Anyone surprised?

[dyingtolive]

Okay, you couldn't use it for online purchases, but at a brief glance, you can get magnetic card encoders for 150+ USD. Not sure about whatever tech they use for the contactless style ones, but here's what I'm thinking:

Step 1: Steal contactless CC data.
Step 2: Burn semi-realistic magnetic card with CC data. Emboss the number on the front. 99% of all retail employees will not look twice at the card.
Step 3: Profit.

You don't need the security code for purchases made in person, and if you're doing this in person, you can probably speculate what the zip code is for the few places that even ask for that. Granted, this requires making purchases in person, so you're subject to video surveilance for anyone who REALLY wants to come after you, but since you can repeat this process, it's essentially a use one, throwaway kind of thing.

Re:It was only a matter of time

[Joce640k]

You contradict yourself.

It's skimming while the card is still in your pocket. It's exactly the same as handing your card to random people for them to play with.

Re:Anyone surprised?

[petermgreen]

The criminals don't have to use the stolen details in the country they stole them from.