BreachExchange mailing list archives
Millions of Barclays card users exposed to fraud
From: security curmudgeon <jericho () attrition org>
Date: Fri, 23 Mar 2012 14:10:50 -0500 (CDT)
http://www.channel4.com/news/millions-of-barclays-card-users-exposed-to-fraud Millions of Barclays card users exposed to fraud Friday 23 March 2012 Benjamin Cohen, Technology Correspondent Barclays customers using contactless bank cards could have their data stolen without even knowing through readers in new mobile phones, Channel 4 News can exclusively reveal. Card readers that are now being built in as standard to mobile phones can be adapted to access data from these cards. Working with a mobile phone security company, Channel 4 News managed to take data with just one swipe, and then use that data to purchase multiple goods online. This means that it would be possible to gain access to this data merely by nudging someone's wallet, or through clothes in a crowded public space. The new contactless credit and debit cards contain a chip, so that when the card is held next to a reader a payment is made without need of a pin, and 13 million Barclays customers currently use them. But our research shows that this ease of use will work for pickpocketers too. A mobile phone security company researched how the technology could be used. Thomas Cannon of ViaForensics said: "All I did was I tap my phone over your wallet and using the wireless reader on the phone I was able to lift out the details from your card, that includes the long card number, the expiry date and your name. None of it was encrypted, it was simply a case of the details coming out through the air." [..] _______________________________________________ Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Millions of Barclays card users exposed to fraud security curmudgeon (Mar 23)