Blog article
See all stories ยป

An article relating to this blog post on Finextra:

New fears raised over contactless chip cards

Fresh concerns have been raised over the security of radio frequency identification (RFID) technology used for contactless payments after a hacking demonstration by security expert Adam Laurie at the...

See article

PayPass open to hack attacks?

A couple of weeks ago Finextra reported that security expert Adam Laurie has developed a script that lets fraudsters pull the names, account numbers and expiration dates from RFID enabled American Express cards without touching, or even seeing, them.

At the time Amex told us the information was of little value to criminals and couldn't be used for online transactions.

Well, we've just heard from Laurie and he seems to think that you could buy things on the net with the details - although he admits he hasn't actually tested this.

Laurie also tells us his script doesn't just work with Amex, it'll also do the trick with MasterCard PayPass. 

What's more, PayPass could be even more vulnerable to attack than Amex.

Amex ExpressPay cards have two account numbers - one for contactless payments and one for the debit or credit card feature - which means only the 'alias' number (which is not printed on the card) can be pulled.

But Laurie tells us his script pulls the number that's actually printed on the PayPass cards.

If I were one of the 20 million+ people out there with PayPass cards I think I'd be looking for some assurances on the technology's security.

Oh, and incase you're feeling comfortable with your Visa PayWave card, Laurie hasn't got round to testing that one yet. 


Comments: (1)

Paul Penrose
Paul Penrose - Finextra - London 13 March, 2008, 12:20Be the first to give this comment the thumbs up 0 likes The Smart Card Alliance has responded to the scare stories with its own FAQ on contactless payment security.

Now hiring