From helpnetsecurity.com
Flaws that allow attackers to bypass the payment limits on Visa contactless cards have been discovered by researchers Leigh-Anne Galloway and Tim Yunusov at Positive Technologies.
The attack was tested with five major UK banks, successfully bypassing the UK contactless verification limit of £30 on all tested Visa cards, irrespective of the card terminal.
The researchers also found that this attack is possible with cards and terminals outside of the UK. These findings are significant because contactless payment verification limits are used to safeguard against fraudulent losses, which have been increasing in recent years.