Here we go again ...
According to the chief marketing officer of Barclaycard, this contactless hybrid credit card "has all the security and flexibility of a full service credit card."
Um, actually no it doesn't - and I don't think anyone has seriously thought about this. Although it has "chip and pin" validation just like a regular card, the card is contactless, which means that it can be read by a near-proximity radio transmitter/receiver. Regular cards require that they be physically inserted into a reader.
Oyster cards need to be 'touched' in/out at the train station - but this is merely because the gate readers have their sensitivity tuned for that application. A rogue reader can of course have its transmit power cranked up while will allow it to access cards within a metre of two in the same way as the RFID passport crack recently documented by El Reg.
Given the above, just imagine how easy it would be for a fraudster to carry a hidden card reader in their shoulder bag/briefcase on a train attached to a laptop programmed to detect nearby cards and brute-force crunch the pin number of any card it located. Remember that "offline" chip and pin readers are common in situations such as market stalls - this kind of scenario could trivially exploited so that you could find yourself having unknowingly made purchases on your Oyster/Visa while reading your paper on your morning commute.
None of this was any real issue when you could only use the card to buy a £2 tube journey. Now that the scope has been expanded to include other goods and services - it will immediately begin to attract the interest of those who would abuse the system for illicit gain. I sincerely hope the transaction amount will be strictly limited, but knowing Barclays record on combatting fraud I doubt it.
Biting the hand that feeds IT
