Barclays may have to recall a staggering 13 million credit and debit cards, after vulnerabilities were found in its contactless payment system which allowed an NFC-enabled phone to steal card details with a simple bump.
Channel 4, which exposed the flaw discovered by security firm ViaForensics, says it managed to obtain card numbers, expiry dates and user names by simply tapping an NFC phone to a contactless-enabled Barclays card. None of the data was encrypted, meaning modern-day pickpockets could grab your credit card details by simply bumping an NFC smartphone into your pocket.
The problem is so potentially worrying that Barclays has been summoned by the Information Commissioner today to give its side of the story. Barclays and Visa claim it’s not actually a problem with the software, because that’s how NFC payments are supposed to work, and there ought to be safeguards in place to stop thieves actually using the stolen data.
However, Channel 4 was able to set up an Amazon account and use the nicked details to make purchases, so clearly something’s not right. [Channel 4]