Contactless Cards: App Reveals Security Risk

Millions of contactless payment cards contain a security loophole that allows vital security information to be stolen using nothing more than a mobile phone.

University researchers in Newcastle have created an app that can read the cards, taking the data criminals would need to plunder accounts.

An estimated 32 million contactless cards are in circulation in Britain, with each one allowing five payments of up to £20 each before the user is prompted to enter a PIN number.

Martin Emms, of the University of Newcastle's Centre for Cybercrime and Computer Security , said he has been able to buy goods at online retailer Amazon using data taken from a card by his phone.

Demonstrating the app, he held his phone next to a closed wallet containing one of the cards, and the screen almost immediately displayed his account details.

"It captures the 16 digit number from the card, my name, and the expiry date," he explained.

"If I wanted to buy a TV from Amazon I could do so using that information, because their site doesn't ask for the three digit security number on the back of the card."

According to Mr Emms, a new generation of contactless cards is being issued by banks with the security loophole closed, but existing cards will continue to pose a security risk until they are replaced.