Ghost stories are a summertime tradition in Japan, especially ‘ghost pictures’. Everybody knows they’re fake but they still hold a lurid fascinating appeal to the human imagination. When done right, they’re also lots of fun. With the demise of summer tv ghost picture specials, Japanese YouTube content hacks have taken up the slack ripping off old tv content, re-editing and adding new narration in a lame attempt to make money off somebody else’s work.
Security fear mongers often do the same thing, the latest example being Yes, Wallets Can Be Hacked Too on the Payment Village Substack. The piece basically says that Apple Pay EMV payment card Express Transit is a security risk because: “If a thief gets access to your locked phone, they can emulate a transit terminal and charge it instantly and silently.”
No they cannot.
The very Payment Village cited “research” is a 2021 paper by Timur Yunusov. Yes folks, this is the tired old Russian security expert/Apple Pay VISA Express Transit exploit story that made the rounds that year, regurgitated by news aggregators like Forbes with over the top scary sounding titles like, “How hackers can drain your bank account with Apple and Samsung tap and pay apps“.
Only this wasn’t the case. VISA dismissed the 2021 security hack as a lab project, not a real world problem. At the time even Yunusov said the VISA security hack happened because the VISA payment network wasn’t using EMVCo recommended offline data authentication (ODA) protocols.
That was then, this is now. VISA implemented ‘Enhanced Fraud Prevention‘ on Apple Pay cards starting in 2022. Basically, “the location of your iPhone at the time you make a purchase may be sent to Apple and the card issuer to help prevent fraud.” There are sure to be more payment network verification checks in place on the merchant ID and NFC payment terminal side too. It’s a very different security environment.
If little old me can spot this lame Payment Village security scam, they must be pretty stupid indeed. Treat it like those regurgitated Japanese ghost pictures, fake but entertaining anyway.
You must be logged in to post a comment.