This Black Box Reads RFID Cards in Your Pocket (2023 Update)

Ski lift gates read RFID cards in one's pocket.

?

I remember the earliest cases of bank card fraud. The kind the cash machine type. The banks *insisted* their system was bullet proof and flatly refused to pay out victims. They were so sure of themselves. It seems they've learned nothing. --

"In this sense, the theory of the Communists may be summed up in the single sentence: abolition of private property."

- The Communist Manifesto, Marx & Engels.

Range would be much better if he aligned the card toward the edge of the loop antenna, instead of along the center line which is a null in the loop antenna pattern:

I prefer to embalm the card in aluminum foil. Unwrap the foil when the card needs to be scanned. I've done some crude testing and it seems to work quite well.

The most common long range RFID readers work at 13.56MHZ.

Jackson Hole uses 13MHz for their J-Card:

"Avalanche beacons operate on 457kHz whereas the our SKIDATA readers are on the 13 MHz frequency, so no there is interference between the two."

"The HF 13.56 MHz-based solution is already in use at approximately 1,500 resorts worldwide, with the RFID tags built into lift tickets to enable skiers to access the slopes hands-free. UHF technology offers a further step, the company reports, by tracking the movements of skiers into some zones within a resort so that the company can better understand traffic movement." I'm sure skiers will be thrilled to know that they're being tracked around "some zones".

It's also possible to get a few meters range at the more common

915-928MHz frequency by embedding a large antenna in the card. However, such antennas can be detuned by body capacitance, which reduces the range.

However, 915MHz readers are far from dead (July 2008):

"While high-frequency (HF) passive RFID tags operating at 13.56 MHz have become standard for ski pass applications, Vail is utilizing newer, ultrahigh-frequency (UHF) passive EPC Gen 2 tags, which operate at 900 MHz and can be read from much greater distances than HF tags."

On a sunny day (Tue, 19 Oct 2021 21:50:49 -0700) it happened Jeff Liebermann snipped-for-privacy@cruzio.com wrote in snipped-for-privacy@4ax.com:

My plastic bank card holder I wrapped with alu foil,, then grey tape over it. It prevenst the trick of people near you scanning and taken a few dollars from it, possible without PIN.

As the video showed, reading is difficult when 2 or more cards are stacked. The standard allows the reader to select a single card from the stack, see for example

I have not seen it in the wild. B.t.w. A piece of copper sheet between the cards is more effective than aluminium foil.

On a sunny day (Wed, 20 Oct 2021 00:17:41 -0700 (PDT)) it happened Wim Ton snipped-for-privacy@gmail.com wrote in snipped-for-privacy@googlegroups.com:

OK, I will remember that when I start wrapping my head against the CIA mind readers.

I'm not embarrassed to be discovered to be at the bar, or to ski the same run 6 times in a row. That's all public.

The thing about universal surveillance is that the sheer numbers make you mostly anonymous.

Using something metallic to shield against 900 MHz is marginal unless you have a totally enclosed shield, such as wrapping the card and edges with aluminum or copper conductive foil. Building a sandwich (stack) of alternating cards and shields still leaks quite a bit of RF through the edges as in a slot antenna.

What works best is an RF absorber instead of a reflector. The carbon foam used in RF anechoic chambers is quite good, but not practical for something carried in your pocket:

Payment cards, ski passes and modern passports use 13.56 MHz. The 900 MHz RFIDs I have seen in the wild were to record the time at mass running events.

In the beginning, there was an idea to glue RFID payment cards as a sticker on a mobile phone. (before these supported NFC). This was a problem on iPhones with a metal backside and the reading distance from 40 mm as required by EMVCo was impossible to achieve. One trick that worked, was to glue a piece ferrite foil between the metal and the sticker.

I worked for a payment terminal manufacturer in the past. One of the first to offer Paypass (Mastercard) and Paywave (Visa). An interesting project, as the standard, the test equipment and the certification were also under development at the same time.

Jeff Liebermann snipped-for-privacy@cruzio.com wrote in news: snipped-for-privacy@4ax.com:

I use a wallet (regular cloth trifold) that is supposed to be shielded. My bank card buys my morning covfefe just fine, but it wont read unless I remove it from the wallet. Though those readers are weak signals and deliberately set to read only within a couple inches. I do not know how higher power excitation would cause the card to respond or how close the "requestor" would have to be for a readable reflection, or transmission in the case of an active device. I had a bus pass that would read through my wallet, but that was 7 years ago and a different wallet.