A team of researchers in the U.K. has discovered security issues related to Visa cards and Apple Pay that could result in attackers bypassing the lock screen and making fraudulent payments, reports AppleInsider.
The research says the glitch happens when Visa cards are set up in Apple’s Express Transit mode on an iPhone. The flaw could allow attackers to bypass the iPhone Lock Screen and make contactless payments without the passcode.
Here’s some info from the report: We disclosed this attack to both Apple and Visa, and discussed it with their security teams. Apple suggested that the best solution was for Visa to implement additional fraud detection checks, explicitly checking Issuer Application Data (IAD) and the Merchant Category Code (MCC). Meanwhile, Visa observed that the issue only applied to Apple (i.e., not Samsung Pay), so suggested that a fix should be made to Apple Pay.