My bank was recently acquired by Chase, and all our debit cards were replaced with dual-tech magstripe/RFID ("blink") cards. I don't want, and absolutely refuse to use or even carry, a contactless payment token linked to my checking accounts - but I need to have a working debit card.
While I do have the equipment to copy the magstripe onto a blank card, I suspect that using such a card at a manned POS terminal could be problematic :)
Is there a simple method to kill the RFID side of the card without harming the magstripe? I've tried flexing it to break the bond wires, but this hasn't worked (I have 13MHz readers, so I can see the card powering up).
How about RF heating systems, ISTR that some operate about 13MHz, you could try it on an old mag stripe card first, to see if it wipes it.
Just wait until they introduce 100?/$ bills with RFIDs in them, so the gubimint can trace where you spent your money/ muggers can select the person with the most cash carried
We have access cards like that- a powerful enough light allows you to see the chip and the antenna wires. On a colored credit card, it might take a powerful lamp.
Then its a matter of inserting a push-pin in the right place.
A microwave will fix it right, but there will be some carnage.
I have to admit that I share your sentiments, particularly with Chip & Pin cards here in the UK.
The law here has recently changed and money fraud is no longer the responsibility of the Police, but has been laid firmly at the doorstep of the banks. Who of course couldn't give a shit!! They just ignore everyone and set debt collectors onto them.
There have been people who had literally thousands of pounds linked to their names, and the banks ain't interested.
Getting to the point here.. Chip & Pin cards is the banks' latest saviour. If the Pin is used, then they wash their hands of all responsibility saying it's your fault. Cards have been used Malaysia, Spain, and allover the place, while people are sitting in their local bank branches trying to sort the problem out. Yet the banks still say they must of course be in Malaysia or wherever, natually of course we're all in Malaysia aren't we!! It's the popular place to withdraw the entire contents of your bank account.
Point! Chip & Pin cards can be rendered useless by frying the chip. It's nothing more than a smart card.
But I understand your sentiments entirely OP. I now use cash as is practical in all cases. My card is more often only ever used over the counter in the local branch to withdraw cash. I DON'T trust cash machine either, having tried to withdraw £60 and the machine crashed. It gave me my card back after about 5-minutes yet no money, and still debited my account for the amount. And THEN instead of correcting it, it debited another £60!! So £120 down and no money.
Sorry. I grew up with all of this stuff and I don't trust it one bit. Oldest trick when 13-years old used to be to go from cash machine to cash machine withdrawing £100 before they had the chance to update. My bank didn't like as I was only 13 and not liable. Hey thanks Midland/HSBC :-) A
Contactless payment is even worse here. No PIN is required (in most cases), it is treated as a "card not present" transaction. The protections for _credit_ cards are fairly robust, but _debit_ cards are not so well protected. Additionally, if someone scammed my credit card, I'd simply not be able to use that card for a while. If someone scams my debit card, my checks will start bouncing, which affects every bill I pay.
Why don't you just wrap your cards in aluminium foil while they're in your wallet. If anyone asks, you could just say you'd heard it was good against inflation.
Well here's another one.. I used to work for an Internet bank. And what came across our desks was the Executive's solution to everything. Another company was trying to sell it to them.
They wanted to push forward a project to hook up a GPS receiver to a PC, to prove that the transaction was taking place in the expected geographic location. This was their perfect solution, and some of these Directors sat on the Boards of a particular UK/Global bank. These are the same people who pushed forward Chip & Pin as the ideal solution.
We pointed out that a GPS module could easily have it's interface lines hacked with a microcontroller, thus making the whole idea useless.
"Microcontroller, what's that!, living in a world of fantasy, that'll never happen!"
Debit cards linked to your main bank account, yes, they're dangerous. None of this really happened 10-years ago. Banks (and people) just think that far fetched fantansy ideas are exactly that, fantasy.
This isn't sufficient. There are numerous documented cases (for example) of POS terminals being placed too close together and cross- authenticating each others' transactions. I walk into Best Buy for $10 of batteries and pay for someone's $1200 TV set.
I seem to recall that the gizmos at the counter for deactivating the anti-theft RF stickers on smaller things like stationery work on the principle of emitting strong magnetic fields that fry the tags.
Perhaps that could be used when the cashier isn't looking? Either that or ferrite transformer with an airgap.
The OT can always read the magstripe contents beforehand, just in case he needs to code it back.
BTW anyone tried putting a magcard in the microwave?
Nothing worse than dumb executives/managers repeating the latest suit's sales pitch when they obviously do not understand what is going on.
Banks and security especially via electronic means is an Oxymoron. I have had several run ins with banks/financial institutions and LACK of security
1/ Said company rings you up expecting all sorts of answers to security questions, with NO means of verifying they are who they say they are.
Oh look that is what the phone phishers do!
One girl said "but I am .... from .... bank" that was the method of security verification.
2/ Expecting you to have different online ids and passwords for each account at the same branch of the same bank.
3/ Expecting Different sets of security phrases when phoning them!
4/ Accept photocopies but not fax docuemnts as faxes were forgeable! Photocopies can be forged just as easily as a fax is just a copier with a phone line between the scan and print part.
5/ In UK banks once a staff member has a login to the network of ANY division can get access to all the accounts details including transactions on ANY account of ANY customer. So the insurance division can look at the day to day transactions on your personal checking account.
There was recently many documented cases of UK banks leaving confidential documents in rubbish sacks at the back door. All documents were UNshredded. Identity theft warehouse....
Financial institutions having people who make decisions understand real world would be anti-Dilbert.
Over 20 years ago a then colleague used a modem to sequentially dial numbers close to the numbers of his bank branch until it found a modem, entered two valid Bank Sort Codes and was IN!
Financial Institutions rely on obfuscation and volume of transactions for security.
--
Paul Carpenter | paul@pcserviceselectronics.co.uk
PC Services
GNU H8 & mailing list info
For those web sites you hate
I haven't done much with 13 MHz, but I have with 125 kHz. Assuming that there is a coil going around the circumference of the card on 13 MHz as well, how about cutting that, perhaps just from one side with a razor knife? A thin layer of electrically insulative material (e.g. glue) could be applied to stop it from making contact again when the card springs back together.
Alternatively, how about a 1/16" to 1/8" drill through the IC, perhaps from the back and not fully penetrating through the front to minimize visible damage?
I think that mechanical techniques are likely to produce *less* visible damage than electrical ones, as anything strong enough to stop it working is also likely to make it emit smoke unless you can control it quite carefully.
snipped-for-privacy@gmail.com wrote in news: snipped-for-privacy@b75g2000hsg.googlegroups.com:
Pulsed coil gas ignitor? The type that snap a spark once per second or so. If you pass the spark through the card at the right place it might be enough. The holes would be too small to see unless the thing was brand new and clean as a polished mirror. The main difficuty is making sure that you manage to pass the arc into the silicon and not just along a bonding wire. Tests are in order...
It depends on the provider. I use Bank of America, which extends the same protections to debit cards. In addition, they provide a service which notifies me by email whenever a "card not present" transaction is made.
You might be on the right lines there, gas igniters usually use a high current gas discharge tube or a thyristor to dump the charge in a capacitor into a HV pulse transformer, it might be possible to damage the card's transceiver by dumping the charge into a few turns pressed against the antenna.
Quite a lot of those suffered from the principle that the RF sticker would work for ODD numbers of RF stickers, EVEN numbers together often gave cancelling effects, at the door exit scanners.
The other principle that fooled a lot of exit scanners was put the RF sticker at the same height as your heart, as some scanners assumed you would be carrying the items in a bag near the floor, and did not want to do anything at pacemaker height!.
--
Paul Carpenter | paul@pcserviceselectronics.co.uk
PC Services
GNU H8 & mailing list info
For those web sites you hate
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.