Visa card vulnerability can bypass contactless limits

&gt; Positive Technologies found that both of these checks can be bypassed using a device which intercepts communication between the card and the payment terminal. This device acts as a proxy and is known to conduct man in the middle (MITM) attacks. First, the device tells the card that verification is not necessary, even though the amount is greater than £30. The device then tells the terminal that verification has already been made by another means. This attack is possible because Visa does not require issuers and acquirers to have checks in place that block payments without presenting the minimum verification.<p>That&#x27;s the first time I hear about RFID&#x2F;NFC MITM, neat.

At the time those cards came out I was very skeptical about their safety (and of course have been called paranoid&#x2F;excessive&#x2F;etc. by everyone).<p>After all I wasn&#x27;t that much off, my theory was that anyone in a crowded environment (bus, train, etc.) could get a &quot;payment&quot; by simply being &quot;near&quot; the card (be it in a wallet , in your pocket or in a bag).<p>The objection was that there were much more sophisticated controls by Visa on the &quot;other side&quot; (reputability of the account where the money would go, etc. ) and that the sheer number of micro-payments needed to make the theft profitable (and thus the number of complains) would have easily triggered off the various automated alarms.<p>But if someone can obtain a Visa&#x2F;bank account and credit it with a small number of (delinquent) transactions each of relatively high amount, get the money and close the account in a short time it can probably become viable.

I wonder what the absolute limit would be. Could you buy something for like 1 Billion?