Jump to content

CON-TACTLESS How crooks are using a legal app to steal your bank card details in under one SECOND


Minty

Recommended Posts

CON-TACTLESS 

How crooks are using a legal app to steal your bank card details in under one SECOND

The Sun on Sunday tested it on a busy high street and were able to clone a test 'victim's' credit card in seconds

CONTACTLESS card fraud has doubled in the past year – and The Sun on Sunday can reveal just how easy it is to fall victim while you shop.

Our investigation found that a widely available app allows thieves to clone tap-and-go credit and debit cards in just ONE SECOND by pressing up against shoppers.

The software turns a mobile phone or tablet into a scanner, meaning a crook can spend your money without reaching into your pocket.

Our reporter tried the app on a busy high street and cloned a credit card we gave to our test “victim” with a simple swipe of a hand.

“A fraudster can go online shopping with your money. They can also go to popular travel websites and book a luxury holiday that you or your bank will have to pay for.

The fact it is so easy to copy a contactless card is a huge concern.”

The app — which we are not naming — can be downloaded to Android devices such as a Samsung tablet or phone through the Google Play store.

It is not available on Apple devices, as the tech giant requires companies to be certified. Google Play is an open platform where any developer can release an app, meaning it is easier to abuse.

Once installed, you simply place the gadget close to someone carrying a contactless card and their long card number and expiry date appear on the screen.

80282237-693E-4856-A6F8-7866F84B718A.jpeg

85009694-6844-43F7-BE79-E3907E8FECCF.jpeg

Our reporter copied a card, which was in our model’s pocket, at a number of locations across London, including an ATM, a supermarket, the Tube and by her car.

The app could not penetrate a handbag as it requires closer proximity to the contactless chip to clone it. It does not copy the CVV — the three-digit security code on the back — but some websites, including Amazon, do not ask for this when you buy online.

The long card number and expiry date can also be sold on the dark web to other thieves for as little as £5 a time.

The findings are frightening at a time when contactless — which allows you to make purchases up to £30 without a PIN or signature — is so popular.

The number of such cards has doubled in the past three years, from 59million in 2015 to 119million by the end of 2017. Shoppers spent £52billion using contactless in the past 12 months.

In the same period around £14million was stolen — up from £6.9million the year before — and experts fear the real figure could be much higher.

Richard Emery, of security company 4Keys, said: “For now, the banks are absorbing most of the cost of contactless fraud and paying people back when money is stolen.

“They want people to switch from cash to contactless, so are accepting a certain loss. But we don’t know how long that will continue.

How at risk you are depends on your lifestyle. If you spend most of your time going for solitary walks in the countryside you don’t have to worry much about contactless fraud.

“But if you live in busy environments or go clubbing with your credit card stuffed in your back pocket, you might want to consider getting a protected wallet to make sure it doesn’t happen to you.”

Most contactless fraud takes place when the owner has been separated from their card, either through losing it or because it was stolen.

But banks admit that even after a card is cancelled, they cannot immediately stop other people from using it.

 

 

FDF31379-073A-47C1-AA4A-A5A28AE05BBD.jpeg

Edited by Minty
Link to comment
Share on other sites

I believe you are correct ktv,

it means they can get you without codes/pin under £30.

just image your on the underground/night club/pubs/restaurants etc ,how many people they can swipe.

(i think I found the app on play store)

But you can get RFID wallet, and sleeves to help you block them from amazon etc.

Link to comment
Share on other sites

surely though, if you had your card scanned by some random in a pub youd easily get your money back off the bank, 

i mean it you wouldnt be paying a company or anything, it would just go to some ones personal account so id imagine you could just tell the bank and theyd claw it back form the account it went into. 

hassle but not the end of the world. 

Link to comment
Share on other sites

A couple of months ago someone went on a spending spree with my contactless santander business card.

I've had the account with them for almost a year and for the first time went to the branch to pay in cheques only to find out you can't pay them in at the counter and have to use the ATM. I had no idea how to do it and one of the cashiers showed me and i left the card in the machine because i was distracted.

I realised i didn't have it 3 days later, checked online and saw transactions at new look, sports direct, poundstretcher, morrisons and jd sports internet. About £260 in total. 

All done on a card that i'd never even used as contactless and never used in a high street store.

Unbelievable really, although i'm the twat that left it in the machine i can't believe that so many transactions were done in a 2 hour period on a business card never used like that before. I thought you had to put a pin in on the first transaction to activate but apparently not.

Anyway got my refund and now have a non contactless card. 

They're so obsessed with trying to make us a cashless society they are swallowing huge losses. It scares me when you see how this new technology is being breached. It's getting ridiculous how easy it is for someone to steal your car or empty your bank account. 

Link to comment
Share on other sites

23 hours ago, ktv303 said:

surely though, if you had your card scanned by some random in a pub youd easily get your money back off the bank, 

i mean it you wouldnt be paying a company or anything, it would just go to some ones personal account so id imagine you could just tell the bank and theyd claw it back form the account it went into. 

hassle but not the end of the world. 

Presumably though they can add your card details to the wallet/apple pay etc function and then be using that to pay for anything up to the £30 limit - you could be drinking in the same pub and paying for every round.

Link to comment
Share on other sites

22 hours ago, hoponbaby said:

Presumably though they can add your card details to the wallet/apple pay etc function and then be using that to pay for anything up to the £30 limit - you could be drinking in the same pub and paying for every round.

aye right enough, youd have a problem claiming half the bill wasnt yours or like what usually happens just wake up and thing WTF did i do last night

Link to comment
Share on other sites

  • 2 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...