"With just a mobile phone we created a POS terminal that could read a card through a wallet," Martin Emms, lead researcher of the project noted in a statement about the findings. "All the checks are carried out on the card rather than the terminal so at the point of transaction, there is nothing to raise suspicions."
"By pre-setting the amount you want to transfer, you can bump your mobile against someone’s pocket or swipe your phone over a wallet left on a table and approve a transaction. In our tests, it took less than a second for the transaction to be approved."
"Our research has identified a real vulnerability in the payment protocol, which could open the door to potential fraud by criminals who are constantly looking for ways to breach the system," Emms said.