Posts Tagged ‘card’

https://contactless.files.wordpress.com/2011/11/appsdesigner_brief_page4.png?w=150&h=300&h=299

Above image: Copyright © 2012 RFID Protect

The Australian edition of Secure Business Intelligence magazine, (or SC to those in the know), has uncovered evidence of a new Android app capable of skimming customer data from contactless payment cards!  Earlier this year Thomas Cannon (ViaForensics) successfully demonstrated (on ITN Channel 4 News) a prototype app for NFC smartphones that could e-pickpocket the victims’ bank card account number, expiry dates and obtain sufficient details to enable purchases with a major online store.

It seems that Developer Thomas Skora, (Integralis), has taken Canons’ concept one step further – his new app called ‘paycardreader‘ not only skims card details, but it is claimed this tech can also access, “…transactions and merchant IDs” when tested against certain PayPass Mastercards.

Interviewed by SC during an awareness-raising event for the security industry,

Skora stated that his app was, “…only for technical demonstration”.

SC magazine suggests that the app, “…was available for download on the Google Play Store and on GitHub” although we were unable to track it down and suspect that it has since been removed for fear this technology will fall into the wrong hands.

Mindful that in Thomas Cannon and Thomas Skora we now have two independent app developers that have successfully produced a functional ‘e-pickpocket’ app for smartphones, important questions need to be asked of our security professionals. For instance, are there more developers working on similar applications we wonder? And just how long before organised crime produces its own version?  After all, it could be argued that the prospect of a ‘contactless’ theft – one where the victim doesn’t even realise they’ve been ‘mugged’ – will be an attractive proposition for career criminals; and therefore is likely to be an idea worthy of their time and investment.

Learn more about e-pickpocketing at: www.e-pickpocket.com

Or watch Thomas Cannon in action here: www.rfidprotect.co.uk/video6.html

Original source:  http://www.scmagazine.com.au/News/305881,android-app-steals-contactless-credit-card-data.aspx

Advertisements

Everyone’s favourite daytime TV show This Morning featured a selection of RFID Protect products during a slot about credit card fraud and the fast-growing issue of ‘e-pickpocketing‘.  During a five-minute feature, presenter Phillip Schofield showcased RFID Protect’s latest Leather Multi-card Holder, which has been designed in collaboration with crime-reduction officers at Victoria Police, Australia and is new to the UK.

Mr Schofield was visibly shocked at the ease by which information can be ‘skimmed’ from a contactless credit or debit card; during a demonstration given by Thomas Cannon (Director of Research and Development) at American company ViaForensics.

First shown on Thursday 10th May, 2012 the programme can be viewed again for a limited period, at http://www.itv.com/thismorning/ and a direct link to their Crime File discussion area for this particular issue can be found at: http://www.itv.com/thismorning/life/crime-file-120510/

A spokesman for RFID Protect said,

“…we’re absolutely thrilled that ITV came to us for guidance on the whole issue of ‘e-pickpocketing’, and what members of the public can do to better protect their contactless bank cards.  Working with the team on This Morning has been a great pleasure; it’s great to receive so much positive feedback about our work and products.”

Adding,

“…ITV has very kindly agreed to provide viewers with a direct link to our products from their main website.  This will go live shortly, but in the meantime our full range of RFID shielding kit can be purchased on-line at: http://www.rfidprotect.co.uk/products.html

Image

“All I did was tap my phone over your wallet and using the wireless reader on the phone I was able to lift out the details from your card, that includes the long card number, the expiry date and your name.”  Thomas Cannon, ViaForensics

Finally, the ‘eagle has landed’.

So when your bank tells you that a new ‘contactless’ payment card is 100% secure, perhaps you’ll keep in mind their track record for ‘security’ and that we’ve been calling for a greater awareness of the vulnerabilities of ‘contactless’ payment technologies for over two years now!

There’s probably nothing to worry about in the longer-term, but right now and – just to be on the safe side – then why not avoid potential mayhem and consider a low-cost ‘anti-skim’ sleeve for that new ‘contactless’ credit or debit card; such as those that can be purchased from RFID Protect.

This article makes reference to an original story by Benjamin Cohen, who is Channel 4 News’ Technology Correspondent.  You can watch the video here, or read the full story at  Channel 4 News

http://www.rfidprotect.co.uk/For UK residents interested in anti-skimming products, we’d suggest making contact with RFID Protect. RFID Protect is a British-based company, and one that offers a full range of RFID shielding kit, much of which can be custom manufactured to carry a client’s branding.

There’s also an added benefit; this being RFID Protects’ work with law enforcement specialists both in the UK and overseas – their shared goal being to raise awareness about RFID skimming, and help people keep their personal data secure.

For more information visit:  RFID Protect

Finally, if you’re in any doubt as to whether or not RFID skimming is a real threat, then perhaps watch the following video evidence.  In this video by UK broadcaster Channel 4 News, Thomas Cannon, of ViaForensics, demonstrates how an ‘electronic pickpocket’ can skim personal information remotely from RFID enabled bank cards using a smartphone application.

Electronic Pickpocket – YouTube Video
(Approx. 4minutes – n.b: opens in a new window.)