Beware of fake Wi-Fi hotspots when making contactless payments

By UK CreditCards.com

Fraudsters are able to target credit card users by setting up fake wireless internet hotspots in public places, a Guardian investigation has found.

cell-phone-card

Research commissioned by the newspaper confirmed that it is indeed possible to gather passwords and credit card details from smartphone users in this way. During the first test, a mobile Wi-Fi router was set up at London's St Pancras International station and several smartphones attempted to connect to it.

Investigators then set up a fake paid-for Wi-Fi gateway at Waterloo station and found that three people attempted to log on and provide credit card details during the 30-minute test period, even though the usage policy warned that their private information would not be protected.

BT, which operates about 2.5m Wi-Fi hotspots, told the Guardian that the industry had been aware of the flaw "for some years" and that efforts were being made to address it.

Stuart Hyde, head of e-crime prevention at the Association of Chief Police Officers, also confirmed that criminals could use Wi-Fi to ensnare unsuspecting members of the public, many of whose smartphones are set up to automatically connect to Wi-Fi gateways.

"Until there are improvements in security, I would advise people to be very wary indeed when using insecure Wi-Fi in public places," said Mr Hyde to the newspaper. 

The warning comes just weeks after life assistance company CPP published research showing that 54% of second-hand mobile phones contained credit card details, usernames and passwords from a previous owner.

See related: Credit card details found on old mobile phones; Transport for London introduces contactless card payments for Tube, tram and DLR

Published: 26 April 2011