Skip to main content

Researchers warn of NFC-enabled card theft

Security firm MWR InfoSecurity has warned everyone that NFC theft is real, and that it's not always the card owners' fault if they get scammed.

The firm has developed an application which uses near-field communication (NFC) to read some of the information stored in a contactless card or a similar chip. It says there are other apps similar to this one already on the Google Store, claiming they can do the same thing.

It also says finding the source code for such an app is 'not too difficult to find'.

MWR senior consultant Nick Walker recently said that brushing against someone on the street can be enough to send a signal to the chip, to query the data stored there. That data is usually the long card number, as well as the expiry date, but it's not limited to that info only.

It can also include metadata about the correct usage of the card, including how many PIN attempts are allowed before the ATM blocks access to the card.

“Due to limitations in the NFC technology in use, you have to be in fairly close proximity (4-5 centimeters) to be able to extract the data, but far too often I see people place a card in a breast or back pocket having made a transaction and that leaves them open to attacks like this. The problem, I think, is that consumers just don’t know that this type of app is readily available so need to be warned that cards stored in pockets present an inviting target to modern day criminals.

"To mitigate this kind of attack, cards can be stored in an RFID protected wallet – which contains a metal mesh which disrupts the signal and makes it harder for a criminal to steal the details.”