Your Credit Card Could Start Literally “Leaking” Data in the Smartphone Era
By way of a heads-up comes this news from Canada, and reported in the northerly edition of Huffington Post (and later picked up in Forbes’ credit card “round up” column). We’ve mentioned those embedded chips that are due to replace magnetic strips on most credit cards (and have to a large extent in Europe — where the upgraded plastic is the “EMV” standard we’ve written about here before) now its about leaking data in smartphone era.
Visualize smartphones commercials you’ve seen, where phones tap together to exchange information. Now put that “tapping” ability in a scarier context, and think of it brushing against one of those chips on a card.
That’s right. The phone can pick up the information from the card.
News from Canada’s CBC
It’s not that there’s a rash of this yet, or that you have to carry your credit cards in a lead case (or encourage your customers to do liekwise), but put this on your map as a thing to be aware of: In Canada, CBC news was able to use a Samsung Galaxy 3, and an Android app from the Galaxy Play store, to read credit card info including name, expiration date, and of course, cardholder.The article highlights that the information could read through wallets, pockets, and purses.
The antenna used for “Near Field Communication” or NFC facilitates the transmitting, enabling that “tapping” capability, but someone would need to be in close proximity to your pocket. And while only certain models of Android phones have such tapping ability, the upcoming Galaxy 4 will make that “near” field a little farther than it is already.
Fraud in Europe
Apparently, such fraud is more commonplace in Europe, where such card chips are themselves more widespread, and it’s unclear, at the moment, what either phone or app makers, or the card issuers themselves, are going to do to combat this problem while it’s still in its early stages.
If you’re an online merchant, or thinking of upgrading to allow “virtual wallet” use in your offline store, or any other kind of payment where numbers simply need to be typed in or transmitted, make sure all your security protocols are updated, and that you stay in regular touch with your AVPS rep about security measures and upgrades. And we’ll continue to keep you updated here on our blog.
We are wondering about the efficacy of lead-lined pockets in our summer chinos, though.