Researchers showcase method for bypassing contactless card limit

Hack breaks your Visa card’s contactless limit for big frauds — Forbes — “To carry out their hack, the researchers used a specialised piece of hardware to intercept and insert messages in the communications between the card and the reader. For instance, they could tell the card that verification — like a PIN — wasn’t needed, even though the requested amount was more than £30. They then told the terminal that verification has already been made by another means.”


7-Eleven Japan halts QR payments rollout after hackers steal $500k in two days

Seven-Eleven mobile pay hack hits Japan’s drive to go cashless — Nikkei Asian Review — “Japan’s second-largest retail group by sales on Monday rolled out 7pay, which lets users make purchases with a smartphone app at Seven-Eleven Japan’s roughly 21,000 stores nationwide… By early Thursday, Seven & i had confirmed about 55 million yen ($510,000) stolen from 900 or so 7pay users. The company has in effect suspended the service by stopping users from adding money to their accounts.”


Federal Trade Commission to investigate Equifax data breach

FTC probes Equifax, top Democrat likens it to Enron — Reuters — “The US Federal Trade Commission said on Thursday it was investigating Equifax Inc’s massive data breach, and a top Democrat suggested the credit monitoring company’s corporate leaders might need to resign… Senate Democratic leader Chuck Schumer compared Equifax to Enron, the US energy company that filed for bankruptcy in 2001 after revelations of a widespread accounting fraud.”






Samsung responds to LoopPay hack

Samsung Pay in action at an contactless POS terminal

Samsung has responded to a New York Times report that claimed a hacking group affiliated with the Chinese government penetrated the corporate network of LoopPay, the inventor of Magnetic Secure Transmission (MST) technology that was acquired in February to form a core part of Samsung Pay... More


NYT reports on LoopPay breach

A hacking group affiliated with the Chinese government penetrated the corporate network of LoopPay, the inventor of the Magnetic Secure Transmission (MST) technology that was acquired in February 2015 to form a core part of Samsung Pay, the New York Times reports... More




MCX suffers email address data breach

CurrentC

“Within the last 36 hours, we learned that unauthorized third parties obtained the email addresses of some of our CurrentC pilot program participants and individuals who had expressed interest in the app,” retailer-owned mobile payments consortium MCX has revealed... More




NXP responds to NFC transit security hack

Researchers at Intrepidus Group have demonstrated how an Android NFC phone can be used to add value to a transit card without paying but, says NXP, the vulnerability is limited to transportation card issuers that haven’t upgraded from Mifare Ultralight to the newer Mifare Ultralight C technology. More


Forum responds to Black Hat presentation on NFC vulnerabilities

NFC Forum director Debbie Arnold

“The NFC Forum works to ensure that tools are available to allow applications to operate with the appropriate level of security,” says the industry standards body. “Mr Miller’s demonstration underscores the importance of providing appropriate security measures at the application layer and enabling users to adjust security settings to suit their own needs and preferences.” More






Feed for stories about Hack.