Search This Blog

Showing posts with label Digital Wallet transactions.. Show all posts

Security Issues in Visa and Apple Payment Could Result in Fraudulent Contactless Payments

 

Researchers warn that an attacker who steals a locked iPhone can use a saved Visa card to conduct contactless payments worth thousands of dollars without having to unlock the phone. According to an academic team from the Universities of Birmingham and Surrey, backed by the UK's National Cyber Security Centre (NCSC), the problem is caused by unpatched vulnerabilities in both the Apple Pay and Visa systems. Visa, on the other hand, claims that Apple Pay transactions are safe and that any real-world assaults would be impossible to execute. 

Any iPhone with a Visa card set up in "Express Transit" mode can make fraudulent tap-and-go payments at card readers, according to the team. Commuters all around the world, including those on the New York City subway, the Chicago El, and the London Underground, may tap their phones on a reader to pay their fares without having to unlock their devices. 

The problem, which exclusively affects Apple Pay and Visa, is created, according to the researchers, by the usage of a unique code, dubbed "magic bytes," that is broadcast by transit gates and turnstiles to open Apple Pay. They were able to undertake a relay attack using ordinary radio equipment, deceiving an iPhone into thinking it was talking to a transit gate, according to the team. 

 “An attacker only needs a stolen, powered-on iPhone,” according to a writeup published this week. “The transactions could also be relayed from an iPhone inside someone’s bag, without their knowledge. The attacker needs no assistance from the merchant.” 

The researchers demonstrated a £1,000 payment being delivered from a locked iPhone to a normal, non-transit Europay, Mastercard, and Visa (EMV) credit-card reader in a proof-of-concept video. Visa said in a statement that Visa cards linked to Apple Pay Express Transit are safe to use and that cardholders should continue to do so. Contactless fraud methods have been investigated in the lab for over a decade and have proven to be impracticable to implement on a large scale in the real world. They also said that it takes all security concerns seriously and is always working to improve payment security across the ecosystem. 

“Logically, it’s an interesting advancement of tapping a contactless card machine against someone’s wallet/purse in their back pocket on the subway/metro,” Ken Munro, a researcher with Pen Test Partners, said. “However, I’m more concerned about the threat of fraud with a stolen phone. In the past, the PIN would have prevented fraud from a stolen phone. Now, there’s a valid attack method that makes theft of a phone with Express Transit enabled really quite valuable.”

Youth Loses Rs 88,516 In Yet Another Incident Of Credit Card Cheating.


A youth from Thiruvananthapuram reported Credit-card extortion to the tune of Rs. 88,516 through his SBI credit card on Thursday.

Working in an automobile showroom, Hari Kumar, a local of Poojappura, proclaimed to have lost Rs. 88,516 through a solitary exchange. The exchange had occurred through PayPal, a "digital" wallet, around 11.45 a.m.



Not long after receiving a SMS alert, Kumar contacted the bank and simultaneously blocked the card. With the transaction being finished without the need of a "one-time-password" (OTP), authorities of the bank were dubious that it could have been conscripted from outside the nation.

 Kumar later added that he came to know from the digital cell that no less than three comparative cases were still pending before the police.

The Dissensions however, have been submitted to the District Police Chief of the Thiruvananthapuram city as well as the Cyber Cell.