“With just a mobile phone we created a POS terminal that could read a card through a wallet,” explains Martin Emms, from the NewCastle University research team during the 2014 ACM CCS Conference held in the city of Scottsdale, Arizona, USA on November 3 – 7, 2014. A flaw in Visa’s contactless credit cards means they will approve unlimited cash transactions without a PIN when the amount is requested in a foreign currency.
By pre-setting the amount you want to transfer, you can bump your mobile against someone’s pocket or swipe your phone over a wallet left on a table and approve a transaction. In tests, it took less than a second for the transaction to be approved.
Visa said it would be “very difficult” to carry out such a theft in reality.
http://www.bbc.com/news/uk-england-tyne-29862080
http://thehackernews.com/2014/11/hackers-can-steal-99999999-from-visa.html
http://www.ncl.ac.uk/press.office/press.release/item/contactless-cards-fail-to-recognise-foreign-currency