The British Daily Mail published an interesting article on a new gadget used by crooks to clone up to 15 contactless bank cards a second from victims, and it can do it by just standing nearby.
The contactless payment allows customers to pay for goods with a single tap of their card on a reader, they don’t need to enter a PIN number nor provide a signature to complete the operation. Actually, this kind of payments has a £30 spending limit, but do not be fooled, they are sufficient to motivate a criminal.
The device is able to steal payment card data including card number and the card holder name and his address. The card scanner is dubbed Contactless Infusion X5 is a powerful device that could be used to steal data and use them to produce cloned cards.
According to the British Daily Star Sunday journal, the kit is offered for sale on the criminal market and includes the Contactless Infusion X5t, its software and 20 blank cards ready to use. The device is offered for sale in London where it goes for £500 (711.24 USD), experts speculate it is the first device of this kind to be offered also in the principal black markets in the criminal underground online.
“The reader – the Contactless Infusion X5 – is able to capture encrypted data, extracting the card’s number and even the holder’s name, address and a mini-statement in some cases.” reported the DailyStar. “The swipe card swindlers who call themselves the CC buddies are selling ready-made con kits which include the reader with built-in battery, a USB cable, 20 blank chipped credit cards and software.
They are sold by dealers on the streets for up to £500 or distributed more cheaply via anonymous “dark net” fraud markets. Our investigators were shown one of the readers, which are already said to be “flooding the streets” of London and the south east.”
The fraudsters advertise the Contactless Infusion X5t with following message:
“This is the first contactless bank card hacker being sold on the black market.” “We designed and developed it. It can read any bank card from 8cm away and will read 1024 bytes per second, which is equivalent to 15 bank cards per second.
“All you have to do is be in close proximity to groups of people with contactless cards – that’s around half of all debit card holders – and you’re in.”
The fraudsters advertise the Contactless Infusion X5t with following message:
“This is the first contactless bank card hacker being sold on the black market.” “We designed and developed it. It can read any bank card from 8cm away and will read 1024 bytes per second, which is equivalent to 15 bank cards per second.
“All you have to do is be in close proximity to groups of people with contactless cards – that’s around half of all debit card holders – and you’re in.”
Card use is being boosted by the rising popularity of contactless ‘tap and go’ payments, with mobile payment services such as Apple Pay making payments ever more convenient.
This kind of technology represents the future of the payment, it has been estimated that by 2025 credit, debit and charge cards will account for more than half of all payments made.
The number of debit card payments will reach 14.5 billion by 2021, contactless ‘tap and go’ payments will be the most common form of payment.
“By 2025 people are predicted to use a debit, credit or charge card virtually every day – at 30 times per month.” reported the Daily Mail.
“The UK Cards Association has said that contactless card spending topped £1.5 billion in the space of a month for the first time in March. The milestone was reached just four months after contactless spending reached £1 billion for the first time in November 2015.”
According to data provided by the DailyStart, there are 31million credit cards now incirculation and 95.7million debit cards, 50 percent of these card use the contactless technology. Spending on tap-and-go cards – which now have a £30 spending limit – rose to almost £7.8billion last year.
Crooks are believed to have netted around £185,000 during October 2015 alone.
[adrotate banner=”9″]
(Security Affairs – Singapore, Hacking)