Tim Yunusov is hacker with a special interest in banking and payment systems. He’s also written a series of articles on hacking for New Money Review.

He’s been hired by financial institutions to see if he could breach their online banking systems and mobile apps, their card payment systems or their automated teller machines (ATMs).

In many cases he could.

In 2019, for example, he showed how to get around the limit on contactless card payments (£30 at the time in the UK) by altering the information exchanged by the contactless device and the card reader.

In a more recent case, Tim went around UK petrol stations using cryptocurrency-based payment cards and found he could refuel for free.

Tim has also written articles on faking digital identity, how to steal money from buy-now-pay-later (BNPL) schemes and whether someone in possession of your mobile phone can drain your bank account (spoiler: the answer is yes).

His article on BNPL fraud didn’t go down well with one of the main lenders, who complained to me by email that it was “a step-by-step guide that will encourage criminals further in their activity of stealing money from consumers”.

I responded that Tim was showing BNPL’s security flaws in the public’s interest.

But there’s clearly a fine line between ethical hacking and breaching systems with malicious intent. So I asked Tim onto the New Money Review podcast to talk more about his work.

In the podcast, we discuss:

• Why cybercriminals love cards and payments
• Why every new technology comes with its own security risks
• Why the US and Latin America are honeypots for payments fraudsters
• Why ransomware led to a boom in cybercrime
• Why fintechs and crypto firms are more prone to fraud than banks
• Why combining crypto and payment card technology created security risks
• The global divergence in payments systems
• Fake IDs and the future of hacking
• How to stay safe when making digital payments