Visa & MasterCard users could be at risk from a security flaw in Apple’s, Samsung’s, and Google payment apps

MOBILE wallet users across the globe have been warned of a new flaw in Apple Pay, Samsung Pay and Google Pay that can leave them open to fraud — and both Visa and Mastercard users are at risk.

Contactless payments, also known as Near Field Communication payments (NFC), are a flaw that is used with transit features. They pose dangers to cellphone users.


Global mobile wallet users have been warned about a new flaw with Apple Pay, Samsung Pay, and Google PayCredit: Getty
A security expert said the absence of offline data authentication leaves people vulnerable when paying for subways or bus tickets without unlocking the phone


According to security experts, the lack of offline data authentication makes it vulnerable for people to pay for bus or subway tickets without unlocking their phone.Credit: Getty

Positive Technologies security expert Timur Yunusov spoke this week about contactless payments apps and their vulnerability to fraud at a Black Hat Europe 2021 session.

Tech Republic reports that Yunusov explained to Tech Republic how offline data authentication makes it difficult for people to pay for tickets and subways without unlocking their phones.

This warning is for people in Japan, the UK, China, and the USA.

Yunusov stated: “To execute the attack smartphones with Samsung Pay/Apple Pay must have been registered in these countries. But the cards may be issued in any region.

“The stolen phones can also be used anywhere, and the same is possible with Google Pay.”

Positive Technologies reached Apple, Google, Samsung and Samsung regarding the issues in March, February, and April 2021 respectively, according to the report. The global cyber security company did not learn any changes to the systems.

Yunusov stated: “The only problem is that now big companies like MasterCard, Visa and AMEX don’t need to follow these standards when we talk about NFC payments – these companies diverged in the early 2010s, and everyone is now doing what they want here.”

The threat to Apple Pay, Google Pay, Samsung Pay apps, and Google Pay are all equally possible, however, the expert said that Visa card holders were more at-risk than those who used Mastercards or American Express to pay.

Yunusov said Visa doesn’t use the ODA security mechanism at point of sale terminals — which is why the payment method is more vulnerable than Mastercard, which uses ODA (offline data authentication).

Tech Republic was told by a Visa spokesperson that, contrary to Yunusov’s claims, most contactless fraud schemes were not practical at the necessary size to resolve the problem.

According to the spokesperson, “Multiple layers are used for payment security and consumers get Visa’s zero liability guarantee.

“Visa takes all security threats seriously and continuously evolves its payment security capabilities to protect cardholders from the latest real-world threats.”    

The Sun reached out directly to Visa, Google, and Apple but didn’t receive an immediate response.

Yunusov suggests that developers solve problems with mobile pay apps in order to increase security. Apple Pay authenticationGoogle Pay payments over No CVM limit, and more field validation for public transportation schemes.

ZELLE users have been warned that cybercriminals are attempting to steal cash.

According to a report, iPhone thieves discovered a new method to steal stolen devices.

Crooks may trick users into giving their Apple ID to bypass security settings that prevent intruders from accessing the expensive devices.

Apple Pay users are have been warned about a flaw in contactless paments


Apple Pay customers have been warned of a problem with contactless pamentsCredit: Getty

We will pay for your stories

Are you a writer and would you like to tell The Sun Team?


Please enter your comment!
Please enter your name here