Contactless payments have become routine in Portugal, gradually replacing physical cash. The ease of making purchases just by bringing the card or cell phone to the terminal has won over thousands of users. However, a recent investigation reveals a vulnerability that may go unnoticed: these systems can be circumvented.
Vulnerabilities in analysis
According to the website specializing in finance and current affairs, Executive Digest, a study conducted by the universities of Surrey and Birmingham, in the United Kingdom, identified significant flaws in the EMV system, used in Europay, Mastercard and Visa cards.
Experts have verified that, in certain situations, it is possible to carry out high-value transactions without entering a PIN or using biometric authentication.
Some of the latest features, such as offline payments or payments without unlocking your phone, make the system susceptible to manipulation.
During testing, researchers were able to make terminals accept cards when they should only accept mobile devices. In one case, the fraud amounted to 25 thousand pounds (approximately €28,355).
The challenge between innovation and security
Ioana Boureanu, director of the Cybersecurity Center at the University of Surrey, warns that the accelerated pace of innovations could compromise user protection. “Rapidly introducing new features to improve the shopping experience can sometimes come at the expense of security,” he said.
Tom Chothia, from the research team, added that the failures are not due to company errors, but rather to the increasing complexity of the system. “When functions are added in isolation, unexpected gaps arise,” he explained.
Measures and continuous surveillance
The results were communicated to the responsible entities in 2024, leading to the implementation of mitigation measures.
Still, researchers emphasize that constant vigilance is essential, as each update can introduce new risks.
According to , although contactless payments have revolutionized the way we consume, convenience and security do not always coexist without conflicts.
Continuous monitoring, regular updates and cooperation between suppliers remain essential so that speed does not become a vulnerability.
Also read:
