Credit card data can be stolen with a wave and an app

0
186

It seems like there’s a smartphone app for everything these days — including one that could be used to steal your credit card information.
A CBC News investigation has found that it’s not difficult to do.
Within five minutes, the app can be ready to go — and in the wrong hands, criminals could easily steal credit card information, without the victim knowing. “It’s always a concern when a stranger could obtain my personal information and my banking and financial information just from a simple walk by, particularly the fact that that worked so quickly,” said Mandy Woodland, a St. John’s lawyer who specializes in technology and privacy law. Mandy Woodland is a lawyer with Cox & Palmer in St. John’s. She specializes in technology and privacy law. Woodland says most of what she’s read about near-field communications skimming indicated it took 30 seconds to download information from the card. “And that’s clearly not true since you were able to do it much quicker than that,” she said.
CBC News showed Woodland just how easy it is to steal the information — even from a card inside a wallet or inside someone’s pants.
The whole process only took about one second, not 30.
Technology aimed at aiding consumers: The technology is supposed to make life easier. MasterCard calls it PayPass, Visa calls it payWave. It allows customers to simply tap and go — quickly pay for that coffee without the hassle of a PIN number.
But it’s not just easier to pay — it’s easier to steal a card-holder’s personal information.
CBC News used a Samsung Galaxy SIII and a free app downloaded from the Google Play store to read information such as a card number, expiry date and cardholder name simply holding the smartphone over a debit or credit card.
The Samsung Galaxy SIII is one of the most popular smartphones available in Canada. A thief can simply walk by, pause and read the information through an unwitting person’s coat and wallet. Then the information can be sent to another phone. CBC News used it to buy a Coke.
But it could be just as easily used to buy a tank of gas or a new computer. Michael Legary says his company, Seccuris Inc., has investigated cases where phones paired with these apps were used to commit credit card fraud.
Legary says the information read can be used to buy “anything from a $1.50 drink from a machine to a $4,000 to $5,000 laptop.” He says the app has become a tool for organized crime in Europe.