Questions asked over Barclays\' Contactless after C4 News investigation

Contactless payments were revealed to be unsecure, following an investigation that exposed Barclays customers may have their card data stolen without even knowing about it.

A report by Channel 4 News found that readers for Barclays Contactless cards may well be adapted to access data. The readers are now being inbuilt as standard into cellphones, and 13 million Barclays customers currently use them.

Working with a cell phone security company, Channel 4 News managed to take data with only a swipe, after which use it to buy multiple goods online. It said it might be possible to achieve access to this knowledge merely by nudging someone's wallet, through clothes, in a crowded public space.

Thomas Cannon of ViaForensics told Channel 4 News that he was ready to get the long card number, expiry date and owner's name simply by tapping his phone over a wallet. “None of it was encrypted, it was simply a case of the small print popping out throughout the air,” he said.

The investigation was only ready to access the important points of Barclays-issued Visa cards. The UK Card Association says guidelines state that the cardholder's name shouldn't be transmitted.

Barclays told Channel 4 News: "The protection of our customers' money and private details is a top priority at Barclays so we're understandably inquisitive about these transactions.

“We are compliant with scheme rules for Contactless, and our fraud guarantee refunds any fraudulent losses to customers in full. The best information that are obtained from a chip is equal to that that is imprinted on the front of the cardboard â€" this doesn't include secure information comparable to PIN or signature (CVV) code.

“The details obtained shouldn't be sufficient to undertake any fraudulent activity, but we do rely upon retailers upholding the identical high standards of security when verifying payment details. To be clear, this isn't a problem with Contactless but with the checks undertaken for ‘card not present' payments by some retailers.

“As an issue of urgency we're now engaging with retailers to make certain they're undertaking adequate and powerful checks. We remain committed to Contactless and firmly believe that it remains a secure and viable payment system.”

Channel 4 News was in a position to complete a transaction which failed to require the CVV code.

The Government Department for Business, Innovation and talents, said: “Channel 4 News's investigation has revealed serious security flaws inside the payment procedures of a few of the contactless card operators.

“There are standards in place that are designed to forestall this and all operators should follow them. We call at the card issuers to behave quickly to deal with this issue and to cancel and replace cards if necessary.”