Encircle News!

Retro Game Arcade
, ,

Digital wallets allow for the use of stolen credit cards

TechRadar – All the latest technology news

Researchers have discovered leading digital wallets such as Apple Pay, Google Pay, and PayPal could be used to carry out fraudulent purchases using stolen and cancelled payment cards.

By adding the card to a digital wallet, criminals can exploit the flaw in the ‘authentication, authorization, and access the control mechanisms of major digital wallet apps and US banks alike.

Security academics exposed the fault at the Usenix security 2024, and in a research paper outlined plausible scenarios in which victims full names (which are already printed on cards) and a victim’s address can be used to authenticate a card added to the digital wallet.

The potential scenario

The process can be carried out if the attacker choses a knowledge-based authentication (KBA) instead of a multi-factor authentication such as a one time password sent by email, text, or call (MFA). Some KBA schemes don’t even require multiple data points – many only need a zip code, billing address, date of birth, or last four digits of a social security number. Once this is acquired, the fraudster can freely make purchases with the digital card.

To make matters worse, cancelling or blocking the card does not necessarily stop this, as when a card is authenticated, the bank issues a token which authorizes purchases and is stored in the digital wallet, so criminals can reassociate the wallet with the replacement card once it is reissued.

Recurring transactions can also be used to exploit the victim, with purchases labelled ‘recurring’ processed even if the card is locked.

In the age of data breaches, most notably the recent National Public Data incident which potentially exposed the personal information of billions of people, verifying information is easier than ever to obtain.

Whilst banks have reported that the flaws have been resolved and that this type of attacks are no longer possible, staying vigilant is always important – and for anyone concerned, we’ve reviewed the best credit card fraud detection platforms available.

Via The Register

More from TechRadar Pro

https://www.techradar.com/pro/digital-wallets-allow-for-the-use-of-stolen-credit-cards

Leave a Reply

Your email address will not be published. Required fields are marked *

Follow Us

Featured Posts

August 2024
M T W T F S S
 1234
567891011
12131415161718
19202122232425
262728293031  

About Us

Welcome to encircle News! We are a cutting-edge technology news company that is dedicated to bringing you the latest and greatest in everything tech. From automobiles to drones, software to hardware, we’ve got you covered.

At encircle News, we believe that technology is more than just a tool, it’s a way of life. And we’re here to help you stay on top of all the latest trends and developments in this ever-evolving field. We know that technology is constantly changing, and that can be overwhelming, but we’re here to make it easy for you to keep up.

We’re a team of tech enthusiasts who are passionate about everything tech and love to share our knowledge with others. We believe that technology should be accessible to everyone, and we’re here to make sure it is. Our mission is to provide you with fun, engaging, and informative content that helps you to understand and embrace the latest technologies.

From the newest cars on the road to the latest drones taking to the skies, we’ve got you covered. We also dive deep into the world of software and hardware, bringing you the latest updates on everything from operating systems to processors.

So whether you’re a tech enthusiast, a business professional, or just someone who wants to stay up-to-date on the latest advancements in technology, encircle News is the place for you. Join us on this exciting journey and be a part of shaping the future.

Podcasts

TWiT 993: The Save Money Button – Pixel 9, Dell Layoffs, Apple Robotics This Week in Tech (Audio)

Hackers leak 2.7 billion data records with Social Security numbers Troy Hunt: Inside the "3 Billion People" National Public Data Breach The English Premier League Will Ditch Its Hated VAR Offside Tech for a Fleet of iPhones Pixel 9 Pro and Pro XL: Satellite SOS, Android 14, $999 start price Google Team Pixel "reviews" controversy DOJ Considers Seeking Google (GOOG) Breakup After Major Antitrust Win – Bloomberg Dell announces second massive set of layoffs to employees The first post-quantum cryptography standards are here News outlets were leaked insider material from the Trump campaign. They chose not to print it Your Air Conditioner Is Lying to You Apple (AAPL) Pushes Ahead with Tabletop Home Device in Shift to Robotics Pelosi Statement in Opposition to California Senate Bill 1047 NVIDIA, OpenAI face YouTube creator lawsuits for using online videos xAI's new Grok image generator floods X with controversial AI fakes AT&T and Verizon ask FCC to throw a wrench into Starlink's mobile plan Consumers spent $3.8B on mobile entertainment apps in Q1 Fox-Disney Sports Service Blocked by Judge in Win for Fubo Microsoft removes FAT32 partition size limit in Windows 11 Host: Leo Laporte Guests: Nicholas Deleon, Dan Patterson, and Brian McCullough Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: mintmobile.com/twit canary.tools/twit – use code: TWIT 1password.com/twit e-e.com/twit
  1. TWiT 993: The Save Money Button – Pixel 9, Dell Layoffs, Apple Robotics
  2. TWiT 992: Why Not Pudding? – Google's Monopoly, Net Neutrality, AI Phishing
  3. TWiT 991: This Show Is Securities Fraud – Intel Layoffs, KOSA, Don Lemon
  4. TWiT 990: Dogecoin Fort Knox – AI Cheese, SearchGPT, "Free" Facebook
  5. TWiT 989: Executive Laundry Folding Disorder – Crowdstrike, Prime Day, Streaming the Olympics