Smartphones used to skim credit card data

Many new credit and debit cards come with chips that allow customers to tap the card to make a purchase. These chips, used in many retail outlets from Tim Hortons to high-end computer shops, are read by payment machines and are supposed to be a safe and convenient way to pay for goods.

Using a Samsung Galaxy SIII — one of the most popular smartphones available in Canada — and a free app downloaded from the Google Play store, CBC was able to read information such as a card number, expiry date and cardholder name simply by holding the smartphone over a debit or credit card.

And it could be done through wallets, pockets and purses.

The app used the near field communication (NFC) antenna built into the Galaxy SIII phone, a feature available on many phones running Google’s Android operating system. The antenna is normally used to allow two phones to talk to each other.

While the apps can’t read CVV information, this isn’t always necessary in order to make a purchase. Many stores have a $25 or $50 limit before you even need to sign for your purchases. Most stores don’t ask for your CVV when you are there in person. Stores such as Staples, type in the last four digits of your credit card number when they ask for the card. The most common place for CVV information is when purchasing something online. Given the fact that the vast majority of retailers don’t ever ask to look at the card, cloning a card for several small purchases can be done without it even needing to look legitimate.


Author: Tony Weber
Tony Weber often jokes that he learned how to code before learning to walk. His father being a computer engineer, taught him everything about computers and coding since he was a child. Tony was a swift learner, and even before starting school, he knew this would be his profession.