An information technology security consultant in Halifax is warning that the technology that allows people to use their smartphones to skim credit card information from unsuspecting people will likely become more powerful and pervasive.
Many smartphones now have the capability to capture credit card information, storing the information on the phone so it can act as a credit card or an electronic wallet.
The technology is similar to tap-and-pay credit cards that allow users to purchase items simply by tapping their card on a pad at the cash register, using technology that relies on radio frequencies.
Travis Barlow, a security consultant, said with some relatively easy modifications to a Samsung Galaxy S3 phone and a free app, someone could digitally pickpocket key pieces of the information on debit and credit cards that could be used to make purchases.
"They actually say they don't show you all of the information. They do it on purpose. They just want to show you this is how you can test to see if your card has this information," Barlow said.
"That's great, but it's very easy for somebody to just rewrite that code."
Barlow said right now, taking the information from a card requires holding a smartphone close to a chip embedded in the card — he predicts even that will change in the near future.
"As technology improves, probably in the next six to 12 months you'll see that only expand," he said.
"Theoretically I can walk by you and potentially grab that data."
Credit card companies insist multiple layers of security and advanced fraud detection technologies are keeping fraud rates low.
People with tap-and-pay credit cards can also protect their information with specially designed wallets and purses with metallic sleeves for credit and debit cards that can make it harder to read them.
Barlow said financial institutions developed the tap-and-pay technology for ease of payment, working under the assumption that people would spend more money if it was easier to pay for items.
"When they initially started rolling it out, everybody in the security community was against it. We still are, to an extent. We've come to expect the fact that it's going to be there, it's out there, not much we can do about it except keep raising awareness that yes, there is a problem here," he said.
"Watch who's around you, watch your card like you'd watch your drink in a strange environment."