Flaws In Contactless Visa Card, Hacker Can Bypass It’s Spending Limits
Researchers have discovered a technique for exploiting Visa card frauds. The contactless Visa card vulnerability can allow the attacker to bypass payment limit checks. that requires a user’s verification. The attackers can exploit the flaw via man-in-the-middle attacks to conduct large-scale fraud.
As mentioned in a blog post, researchers of Positive Technologies, tested the exploit across five major banks of the Uk. In all the cases, The attack works regardless of the terminal used, and the exploit bypassing the £30 limit(according to India it will Rs. 2000 limit) with a 100% success rate. They could even demonstrate the success of the attack outside the UK.
However, Positive Technologies found that these two checks can be bypassed by a device capable of conducting man-in-the-middle attacks, intercepting communications between payment cards and terminals and modifying to key data fields.
The first issue relates to a contactless card’s default programming which won’t allow it to complete transactions over £30. this can be bypassed, as can the measure on a terminal that requires additional verification such as a PIN or in the case of mobile wallets or fingerprint authentication.
Hence, the ensuing MiTM attack could allow bypassing the verification limit. hackers could just manipulate two data fields that are exchanged between the card and terminal. According to the researchers, this can be done using a device like a skimmer on an ATM.
Mobile payment systems using Visa Cards can be affected by this attack | Visa Card Frauds.
“The attack can also be done using mobile wallets such as GPay, where a Visa card has been added to the wallet. Here, it is even possible to fraudulently charge up to £30 without unlocking the phone”
The researchers fear that such attacks could lead to enormous fraud causing damage to customers and banks. According to Tim Yunusov, “While it’s a relatively new type of fraud and might not be the number one priority for banks at the moment if contactless verification limits can be easily bypassed, it means that we could see more damaging losses for banks and their customers.”
The advice to the users to vigilantly monitor their bank accounts for detecting any fraudulent transactions. They should also introduce verification measures and alerts to keep an eye on their account activity & you can read some tips here to avoid Credit/Debit & Financial Frauds.