Flaw in New Visa Cards Would Let Hackers Steal $1M Per Card

New submitter biomass writes with news about a flaw in Visa's contactless card that lets anyone charge $999,999 to it. According to researchers at Newcastle University in the UK, the card system developed by VISA for use in the United Kingdom fails to recognize transactions made in non-UK foreign currencies and can therefore be tricked into approving any transaction up to 999,999.99. "With just a mobile phone we created a POS terminal that could read a card through a wallet," Martin Emms, lead researcher of the project that uncovered the flaw, noted in a statement about the findings. "All the checks are carried out on the card rather than the terminal so at the point of transaction, there is nothing to raise suspicions. By pre-setting the amount you want to transfer, you can bump your mobile against someone's pocket or swipe your phone over a wallet left on a table and approve a transaction."

Re: Good

Woven steel passport wallet here - dump it on the x-ray belt regularly in jacket and all sorts. Been asked to walk thru with passport/boarding pass on odd occassion but just slip them out of metal sleeve for that. Wallet itself has never been a burden.

Re:Wouldn't the target phone need to be turned on

[Chocolate+Teapot]

No. You didn't read TFA. The target is a contactless credit/debit card carried in the victim's wallet. The phone is used by the thief, who installs basic point-of-sale software on and then bumps it against a wallet in an attempt to relieve the victim of funds. The card is a passive device which is never 'turned off'.

Re:Well... no.

[sumdumass]

A good majority of small transactions are never caught or challenged. Credit card thieves figured this out a long time ago when card skimmers and the internet came about. People don't really pay attention like they should.