A security breach allows Visa card accounts to be emptied -

Geeko

A security breach common to all Visa cards has just been identified by cybersecurity researchers at the Swiss Federal Institute of Technology in Zurich.

This flaw in question is at the level of contactless payment.

A functionality which is nevertheless protected since in the event of payment of a large amount, the user of the card must be authenticated in several ways;

security code, digital or facial recognition via your smartphone.

However, it is precisely this authentication system set up to secure payments that seems porous.

ETH Zurich researchers have indeed managed to transfer large sums of money by going beyond authentication.

For this, they used two smartphones.

One simulated the payment terminal with the stolen Visa card and the other simulated a Visa card with the real payment terminal.

This scam therefore requires a little equipment, but nothing very difficult to obtain for malicious people.

Thanks to a modified payment protocol, the researchers managed to make the payment terminal believe that the authentication had been done.

In fact, this was not the case.

Without purchase limits and without having to authenticate, researchers were able to transfer large sums without problems.

The Visa card interpreted its amounts as lower than the threshold requiring validation of the purchase.

You can see the trick in action in the researchers' demo video:

Nothing to fear

To be able to exploit this breach, it is obviously necessary to have a Visa card, after which the malicious people only have to empty the accounts of their victims.

Researchers at ETH Zurich do not share in detail the payment protocol they modified to fool the payment terminal and the Visa card for obvious reasons.

If you are the owner of a Visa card, you can therefore rest assured.

In case of loss or theft, make sure to block your card quickly.

According to Visa, there would be nothing to worry about: “The studies and tests can be interesting, but in reality these kinds of methods have proved impractical for fraudsters to implement in the real world.

"

Economy

The QR code, the other way to pay without any contact

High-Tech

Netflix: A new scam targets the platform to steal banking data

  • Visa

  • Contactless payment

  • Fraud

  • Piracy

  • High-Tech

  • Bank card