Skip to content Skip to footer

Apps use NFC technology to hack Credit Card credentials

The fact that you can use your smartphone to pay at a restaurant or a store is great and with NFC (Near Field Communication) technology you can do just that, but what else? Several months back a report from CBC showed us how easy it is to steal credit card credentials using an App and NFC technology which is integrated in most of the high end Android smartphones, but even after 6 months it is still possible to download one of these Apps and hack someone’s credit card and Google has made no changes to its software in order to make it harder for people to steal someone else’s credit card info.

Apps like SquareLess allow users to see a credit cards number, security code and expiration date which later can be used by hackers to purchase products online without the credit card holder to give them permission to do so. SquareLess is just one of the many apps available on the Play Store that allow you to do just this, which is a very serious issue. A study done by xdadevelopers that any of the following credit cards can be hacked using NFC:

  • American Express Blue Cards
  • Barclaycard
  • Chase Credit Cards
  • MasterCard PayPass
  • Visa payWave Cards

So, How can an App and NFC read credit card credentials? NFC technology is also what is used in stores to read our credit card, a credit card will give its information which allows you to make the transaction once it finds a valid payment terminal device but the credit card doesn’t look at what type of terminal device this is (since it doesn’t know this information), it is just interested in finding one. Making the smartphone function like a payment terminal can allow you to “fool” the credit card making it think it is what it is looking for, easily allow the app to read all the necessary credentials. In order to do so, all that is required is for the smartphone with NFC to be approximately 10cm close to the credit card. Here is a video demonstrating just how easy it can be done

It seems like a huge security issue that after several months hasn’t seen much change. How do you make sure no one steals your credit card info with a smartphone? Let us know!