Barclays‘ contactless credit and debit cards, which have been issued to as many as 13 million banking customers in the UK, can be accessed by a smartphone with near field communication technology, according to Channel 4 and ViaForensics, a mobile phone security company. Just one swipe of a smartphone up against a contactless card – or against a wallet containing one – can steal details such as name, expiry date, and card number, the investigation discovered.
Barclays issued a statement in response to the investigation, remarking that the bank is in full compliance with contactless card scheme regulations while also guaranteeing in full any customer losses through its fraud provisions. Crucial information is left out in a contactless card transfer, such as a CCV code or a PIN, the bank added – but industry experts point out that many online retailers will permit purchases without requiring a three-digit security code or a PIN.
In a related news story, a recent investigation uncovered that certain call centres based in India may be selling the medical records and credit card details of Brits at the discount rate of 2p a record in some cases. Both criminals and marketing firms were found to be purchasing the information for their own uses, the investigation uncovered.
Indian call centre IT workers reportedly had many different forms of personal information from nearly half a million Brits, with some claiming to have no less than 45 different records per person.