Multiple layers of security are used to protect payments and consumers benefit from Visa’s zero-liability guarantee. Variations of contactless fraud schemes have been studied in laboratory settings for more than a decade and have proved to be impractical to execute at scale in the real world. In the unlikely event that an unauthorized payment does occur, Visa has made it clear that their cardholders are protected by Visa’s zero-liability policy.”Ī Visa spokesperson added: “Visa cards connected to mobile wallets with transit features are secure, and cardholders should continue to use them with confidence. Collectively, Apple and the credit card companies don’t believe there’s much of a threat posed by these attacks in the real world.Īn Apple spokesperson said: “This is a concern with a Visa system, but Visa does not believe this kind of fraud is likely to take place in the real world given the multiple layers of security in place. Samsung hadn’t provided comment at the time of publication. And, as MasterCard and Google have made some steps to address the problems, the hacks only work where Visa cards are the default for mobile transport payments, says Yunosov.
The hacks only work if the attacker has physical access to the phone. In our demo it was only a few pounds, but that could go up into the thousands in a real-world attack. And there’s no limit as to how much could be transferred. “If you use a Visa card on Apple Pay, anyone could take your phone-even uncharged-go to a luxury shop on Bond Street and buy something with your phone,” Yunosov later explained to me over online messages. Just as it is for travelers, for criminals, there’s the added benefit that the tap-and-go feature continues to work when a phone has run out of battery and powered down. “But at some point, they silently fixed the issue and didn’t inform me,” Yunosov says. The same method used to crack Apple Pay could have been used with a Samsung Pay account linked with a MasterCard card up until around June 2021.
0 kommentar(er)
