Slashdot Mirror

← Back to Stories (view on slashdot.org)

Smartphone Used To Scan Data From Chip-Enabled Credit Cards

Posted by Soulskill on from the insufficient-forethought dept.

An anonymous reader sends this news from the CBC: "Using a Samsung Galaxy SIII — one of the most popular smartphones available in Canada — and a free app downloaded from the Google Play store, CBC was able to read information such as a card number, expiry date and cardholder name simply holding the smartphone over a debit or credit card. And it could be done through wallets, pockets and purses. ... Although the NFC antennas in current smartphones need to be very close to a card in order to work — no farther than 10 cm — that could change with the next generation of Android smartphones. Legary said the Samsung Galaxy S4, set to go on sale this spring, might have a much more capable NFC antenna, which could not only read credit cards from a greater distance, but could also be able to read the chips embedded in enhanced driving licenses and passports."

3 of 236 comments (clear)

  1. Did anybody not see this coming? by gstoddart · · Score: 5, Insightful

    I've always thought those tap-to-pay things were really a bad idea from a security perspective, as your card can be used without you even knowing it and without any form of authentication.

    The fact that it will broadcast all of that information to just about anything tells me it's something which retailers and credit card companies like -- but it's mostly bad for security, but great for convenience.

    I may need to call my bank and see if I can get that disabled on my cards. I don't use it, don't want it, and seeing this, I trust it even less than I ever have. I'd prefer it didn't even respond to the NFC terminals.

    I've always thought this was massively insecure, and it looks like I was right.

    --
    Lost at C:>. Found at C.
  2. Re:Sensationalist.... by gstoddart · · Score: 4, Insightful

    I've got a hot news story for you - everyone person you hand your credit card to is able to access your card number, name, and expiration date!

    Yes, but this provides opportunities for people you don't hand your card to to be able to get the same information.

    So anybody on the street with a phone potentially has access to your information. And if some schmuck walked up to me on the street and asked me for my card number, name, and expiry date I wouldn't give it to them -- this makes it possible for people who you have no intention of giving this information to able to get it without you even knowing.

    If NFC is so horribly broken that any random person with a free app from Google Play can access your credit card information without you knowing it, it's defective from the get go. Something I've always believed anyway. It's goal is to be convenient and spur people to use this as a payment option; it has never been designed with security and privacy in mind.

    --
    Lost at C:>. Found at C.
  3. Re:Almost useless by whoever57 · · Score: 4, Insightful

    Without the CVV (verification code) you cannot do anything usefull...

    Tell that to the criminals who were spending money in gas stations and restaurants in central California using a clone of my wife's card a couple of years ago.

    --
    The real "Libtards" are the Libertarians!