Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Crime Security The Almighty Buck IT

Android App Lets You Steal Contactless Credit Card Data 221

mask.of.sanity writes "An Android application capable of siphoning credit card data from contactless bank cards has appeared on the Google Play store. The app was developed by a security penetration tester for research purposes and will steal card numbers and expiry dates, along with transactions and merchant IDs. It requires a near field device capable phone, or accessory."
This discussion has been archived. No new comments can be posted.

Android App Lets You Steal Contactless Credit Card Data

Comments Filter:
  • Anyone surprised? (Score:5, Interesting)

    by dyingtolive ( 1393037 ) <brad DOT arnett AT notforhire DOT org> on Thursday June 21, 2012 @09:36AM (#40397397)
    Really. Broadcast data can be intercepted by anyone with the ability to receive?
  • by Quick Reply ( 688867 ) on Thursday June 21, 2012 @09:40AM (#40397445) Journal

    I mean really, how idiotic do these companies need to be to make a system where the full Credit Card information is TRANSMITTED over the air with no authentication. Even a token would be more acceptable.

    The Credit Card system is quite happy to take a loss on all the money they have to pay back with protection guarantees when consumers get scammed, instead of actually tackling the problem by inventing a SECURE SYSTEM that is impervious to skimming methods.

    This app does not add any additional functionality that scammers don't already have, but a good highlight of how damn simple it is to do, while Mastercard/Visa and the financial institutions who use them do nothing.

  • Hate broadcasting CC (Score:4, Interesting)

    by AwesomeMcgee ( 2437070 ) on Thursday June 21, 2012 @10:17AM (#40397851)
    I am so mad that every one of my CC's/Debit cards that has expired has been replaced by the banks with ones that do this broadcasting shit. Has anyone been able to get them to replace with one that doesn't do this shit? There's absolutely no reason I would want my CC to broadcast its info for devices to read, and swiping the thing is just as easy as passing it over an NFC device.

    Or perhaps can anyone name a national bank who has allowed them to get a debit card that doesn't do this?
  • Test this (Score:5, Interesting)

    by SmallFurryCreature ( 593017 ) on Thursday June 21, 2012 @10:19AM (#40397893) Journal

    Because I have had to implement credit card payments where the field was marked as required but never checked or stored anywhere. So, if you didn't fill it in or put in a random value, it worked perfectly fine and this was on sites doing millions in transactions per year.

    There is also nothing in the contracts with processors that this is required, it is recommended but not required.

    A lot of web companies are terribly afraid to turn away any customer because they might have to think for a second while making a purchase.

  • Re:Anyone surprised? (Score:4, Interesting)

    by L4t3r4lu5 ( 1216702 ) on Thursday June 21, 2012 @10:24AM (#40397939)
    Are contactless cards shipped in Faraday cage envelopes? If not, can the card numbers be lifted before the card reaches the recipient?

"It might help if we ran the MBA's out of Washington." -- Admiral Grace Hopper