PayPass open to hack attacks?

A couple of weeks ago Finextra reported that security expert Adam Laurie has developed a script that lets fraudsters pull the names, account numbers and expiration dates from RFID enabled American Express cards without touching, or even seeing, them.

At the time Amex told us the information was of little value to criminals and couldn't be used for online transactions.

Well, we've just heard from Laurie and he seems to think that you could buy things on the net with the details - although he admits he hasn't actually tested this.

Laurie also tells us his script doesn't just work with Amex, it'll also do the trick with MasterCard PayPass. 

What's more, PayPass could be even more vulnerable to attack than Amex.

Amex ExpressPay cards have two account numbers - one for contactless payments and one for the debit or credit card feature - which means only the 'alias' number (which is not printed on the card) can be pulled.

But Laurie tells us his script pulls the number that's actually printed on the PayPass cards.

If I were one of the 20 million+ people out there with PayPass cards I think I'd be looking for some assurances on the technology's security.

Oh, and incase you're feeling comfortable with your Visa PayWave card, Laurie hasn't got round to testing that one yet.