Researchers from the Swiss Federal Institute of Technology in Zurich have found a way to make large scales without contact.
Scientists say that the attack can be carried out unnoticed.using a smartphone, but in fact, the payment will be made with a stolen contactless Visa card hidden on the body of the attacker.
The vulnerability is related to flaws in the design of the EMV standard and the Visa contactless payment protocol.For the attack, the criminal needs two Android smartphones, a special mobile application, and a contactless card.On one phone, the app acts as a card emulator, and on the other, as a PoS terminal.The last smartphone should be near the card.
The PoS terminal emulator asks the card to make a payment, then modifies the transaction data and transmits the information via Wi-Fi to another smartphone. Payment is made from it without a PIN code.
Scientists have already tested the method on Huawei and Google Pixel smartphones in real stores.