Vulnerabilities Can Allow Hackers To Bypass £30 On Visa Contactless Limit

Security researchers have discovered flaws that could allow hackers to bypass the UK contactless verification limit of £30 on Visa contactless cards. The researchers, from Positive Technologies, tested the attack with five major UK banks, successfully bypassing the UK’s £30 limit (which is used to safeguard against fraudulent losses) on all tested Visa cards, irrespective of the card terminal. They also found that this attack is possible with cards and terminals outside of the UK.


EXPERTS COMMENTS
Laurie Mercer, Security Engineer,  HackerOne
July 30, 2019
To reduce the risk of being scammed, people should never let their cards go out of sight.
This attack allows contactless verification limits to be easily bypassed if an attacker has physical access to a card. To reduce the risk of being scammed, people should never let their cards go out of sight. If you notice that your card is missing, you should freeze your card using your banking mobile app immediately. For an additional layer of security, consider placing an RFID Jammer in your ....
[Read More >>]
Frederik Mennes, Director of Product Security,  OneSpan
July 30, 2019
The most practical way to implement the attack probably consists of adding an extension to the terminal that acts as a man-in-the-middle between the t
This attack requires the adversary to manipulate the data flow between the payment terminal and the payment card, which requires the them to be in very close proximity to both the terminal and payment card, which limits the scalability of the attack. The most practical way to implement the attack probably consists of adding an extension to the terminal that acts as a man-in-the-middle between the ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article