What's New in Payments

Researchers showcase method for bypassing contactless card limit

Hack breaks your Visa card’s contactless limit for big frauds — Forbes — “To carry out their hack, the researchers used a specialised piece of hardware to intercept and insert messages in the communications between the card and the reader. For instance, they could tell the card that verification — like a PIN — wasn’t needed, even though the requested amount was more than £30. They then told the terminal that verification has already been made by another means.”


What's New in Payments

7-Eleven Japan halts QR payments rollout after hackers steal $500k in two days

Seven-Eleven mobile pay hack hits Japan’s drive to go cashless — Nikkei Asian Review — “Japan’s second-largest retail group by sales on Monday rolled out 7pay, which lets users make purchases with a smartphone app at Seven-Eleven Japan’s roughly 21,000 stores nationwide… By early Thursday, Seven & i had confirmed about 55 million yen ($510,000) stolen from 900 or so 7pay users. The company has in effect suspended the service by stopping users from adding money to their accounts.”


What's New in Payments

Federal Trade Commission to investigate Equifax data breach

FTC probes Equifax, top Democrat likens it to Enron — Reuters — “The US Federal Trade Commission said on Thursday it was investigating Equifax Inc’s massive data breach, and a top Democrat suggested the credit monitoring company’s corporate leaders might need to resign… Senate Democratic leader Chuck Schumer compared Equifax to Enron, the US energy company that filed for bankruptcy in 2001 after revelations of a widespread accounting fraud.”



Hackers defeat Samsung Galaxy S8 iris scanner

Hackers defeat Samsung Galaxy S8 iris scanner — Security Week — “Hackers of the Chaos Computer Club (CCC) in Germany have managed to defeat the iris recognition system on Samsung’s flagship Galaxy S8 smartphones… While an individual’s iris is unique, researchers from CCC showed that Samsung’s iris scanner can be defeated by showing it a picture of the victim’s eye.”




What's New in Payments

Samsung responds to LoopPay hack

Samsung Pay in action at an contactless POS terminal

Samsung has responded to a New York Times report that claimed a hacking group affiliated with the Chinese government penetrated the corporate network of LoopPay, the inventor of Magnetic Secure Transmission (MST) technology that was acquired in February to form a core part of Samsung Pay... More


What's New in Payments

NYT reports on LoopPay breach

A hacking group affiliated with the Chinese government penetrated the corporate network of LoopPay, the inventor of the Magnetic Secure Transmission (MST) technology that was acquired in February 2015 to form a core part of Samsung Pay, the New York Times reports... More







NFC World

NXP responds to NFC transit security hack

Researchers at Intrepidus Group have demonstrated how an Android NFC phone can be used to add value to a transit card without paying but, says NXP, the vulnerability is limited to transportation card issuers that haven’t upgraded from Mifare Ultralight to the newer Mifare Ultralight C technology. More


NFC World

Forum responds to Black Hat presentation on NFC vulnerabilities

NFC Forum director Debbie Arnold

“The NFC Forum works to ensure that tools are available to allow applications to operate with the appropriate level of security,” says the industry standards body. “Mr Miller’s demonstration underscores the importance of providing appropriate security measures at the application layer and enabling users to adjust security settings to suit their own needs and preferences.” More