By Sheila Mckenzie-
Researchers from the University of Birmingham and University of Surrey have urged iPhone users to remove Visa as a transport card in Apple Pay, after discovering a flaw which could allow fraudsters to bypass security and make unlimited contactless payments.
The experts warned that criminals have been exploiting unsuspecting vctims in making transactions from a device inside someone’s bag, without their knowledge.
AD: Capeesh Restaurant
According to their research, the potential vulnerability only occurs on Apple Pay when a Visa card is set up as an Express Travel Card, also known as Express Transit mode. The feature is intended for iPhone owners to tap in and out of public transport without needing to unlock their phone.
Whilst conducting their research, the team used simple radio equipment to trick the iPhone into thinking it was communicating with a transit gate, when it was actually a payment reader used by shops.
This was done by identifying a unique code broadcast by transit gates or turnstiles, which was then used to interfere with signals between the devices and a shop card reader.
AD: Oysterian Sea Food Restaurant And Bar
“iPhone owners should check if they have a Visa card set up for transit payments and if so they should disable it,” advised Dr Tom Chothia, co-author of the study, from the University of Birmingham.
“There is no need for Apple Pay users to be in danger, but until Apple or Visa fix this they are.”
Fraud testing also found that it wasn’t possible to stop any payments going through.
Both the Apple iPhone 13 and the iPhone 13 Pro are finally out! They hit stores and online retailers on Friday, September 24.
Demand is high and stock availability not assured, so make sure you don’t miss out by picking up yours now.
The researchers have since shared details of the problem with Apple and Visa, claiming both companies acknowledged the seriousness of the vulnerability, but are yet to come to an agreement on whose responsibility it is to implement a solution.
Visa did, however, say its cards are secure with the feature, and that cardholders can continue to use them “with confidence”.
“Variations of contactless fraud schemes have been studied in laboratory settings for more than a decade and have proven to be impractical to execute at scale in the real world,” a spokeswoman said.
“Visa takes all security threats very seriously, and we work tirelessly to strengthen payment security across the ecosystem.”
An Apple spokesperson, meanwhile, responded: “We take any threat to users’ security very seriously. This is a concern with a Visa system but Visa does not believe this kind of fraud is likely to take place in the real world given the multiple layers of security in place.
AD: Heritage And Restaurant Lounge Bar