Community
A couple of weeks ago Finextra reported that security expert Adam Laurie has developed a script that lets fraudsters pull the names, account numbers and expiration dates from RFID enabled American Express cards without touching, or even seeing, them.
At the time Amex told us the information was of little value to criminals and couldn't be used for online transactions.
Well, we've just heard from Laurie and he seems to think that you could buy things on the net with the details - although he admits he hasn't actually tested this.
Laurie also tells us his script doesn't just work with Amex, it'll also do the trick with MasterCard PayPass.
What's more, PayPass could be even more vulnerable to attack than Amex.
Amex ExpressPay cards have two account numbers - one for contactless payments and one for the debit or credit card feature - which means only the 'alias' number (which is not printed on the card) can be pulled.
But Laurie tells us his script pulls the number that's actually printed on the PayPass cards.
If I were one of the 20 million+ people out there with PayPass cards I think I'd be looking for some assurances on the technology's security.
Oh, and incase you're feeling comfortable with your Visa PayWave card, Laurie hasn't got round to testing that one yet.
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
Anusha Sivaramakrishnan Consulting Partner at TCS
17 July
Viacheslav Kostin CEO at WislaCode Solutions
14 July
Alex Kreger Founder and CEO at UXDA Financial UX Design
Milko Filipov Senior Manager at valantic
Welcome to Finextra. We use cookies to help us to deliver our services. You may change your preferences at our Cookie Centre.
Please read our Privacy Policy.