PDA

View Full Version : Contactless Card Cloning


Harold Gough
20th November 2016, 11:35 AM
You can protect against this by placing a sheet of foil at each end of the card compartment of your wallet.

Harold

http://www.dailystar.co.uk/news/latest-news/522417/Fraud-clone-bank-cards-contactless-device

Adagio
20th November 2016, 04:42 PM
Mmm . . . . Daily Star so must be true !

https://malwrpost.wordpress.com/2016/06/17/debunking-scam-contactless-infusion-x5/

Naughty Nigel
20th November 2016, 05:54 PM
Hmmm. Aluminium foil doesn't block magnetic fields.

What you need is Mu-metal, an alloy of nickel, iron, copper and chromium or molybdenum.

But how practical that would be in a wallet I'm not sure. :)

Adagio
20th November 2016, 06:27 PM
http://www.theukcardsassociation.org.uk/contactless_consumer/ContactlessSecurity2015.asp

pdk42
20th November 2016, 06:59 PM
http://www.theukcardsassociation.org.uk/contactless_consumer/ContactlessSecurity2015.asp

I work in the retail & payments business. It's not too hard to buy machines that will read contactless cards. Whilst it's true that all it will return is the card number and expiry date (as the article you linked to says), this is actually very useful information. It's probably enough to make a MSR (mag stripe) copy of your card and use it for purchases in places where Chip/PIN authentication is not used (e.g. the USA). If they were also able to get your name and address, then they could use it for internet purposes only.

It's amazing how easy card fraud is really once you know the tricks. For example, it's easy to pay with someone else's card if you have it. Try this with your friend's/wife's/husband's card:

- Cover up one or more of the pads on the chip on their card using some thin selotape.

- Go and have a nice meal in a restaurant

- At the end, go to pay with their card. The card terminal will reject the card since it can't read the chip.

- Play the "that's odd, it's done that a few times this week. Let me give it a quick polish and see if it works again". Rub the card on your jacket or whatever and get the assistant to try again.

- It'll fail again. Rinse and repeat until the 3rd time and which point the card terminal will give up on Chip/PIN and fall back to using the magnetic stripe.

- You'll now be asked to sign the slip. Make a decent impression of your friend's signature. 9 times out of 10 they never check anyhow.

- Enjoy the "free" meal

Harold Gough
20th November 2016, 07:23 PM
Hmmm. Aluminium foil doesn't block magnetic fields.

What you need is Mu-metal, an alloy of nickel, iron, copper and chromium or molybdenum.

But how practical that would be in a wallet I'm not sure. :)

Are we talking about magnetic fields? Foil blocks microwaves.

Harold

Harold Gough
20th November 2016, 07:29 PM
The reason I was looking up such matters is that my credit card, replaced last year for a similar reason, has become increasingly unreliable in contactless mode. even when held flat against the reader, at a variety of angles. I am not worried about other people accessing it but inconvenienced by the delay. It is OK with chip & PIN. My card goes nowhere to get dirty, except on the readers, and I don't see why such dirt would affect function.

Harold

Naughty Nigel
20th November 2016, 11:14 PM
Are we talking about magnetic fields? Foil blocks microwaves.

Harold

Low power radio waves. I'm not sure what kind of frequency they operate on.

PeterBirder
20th November 2016, 11:39 PM
Low power radio waves. I'm not sure what kind of frequency they operate on.

The system used is Near Field Communication (NFC) with small loop antennas. It operates at a frequency of 13.56 Mhz and data rates of 106Kb/s, 212Kb/s or 424Kb/s. The RF field from the "card reader" is used to power the chip which functions as a passive transponder. "Practical" working range is up to 10cm. A similar system is used for "ID Chips" in dogs.

Regards.*chr

AMc
21st November 2016, 09:46 AM
I discovered when I got my first contactless Barclaycard that if it was next to my Oystercard in my wallet the Oystercard wouldn't work in the wallet - causing some rush hour irritation for those behind me at the barrier :)
My brother found the same thing with his Oystercard and work pass - tube gates and office doors refused to work with the cards next to each other.
As I'm covered against fraud and I've never actually used the contactless feature on any of my cards I'm not worrying ;)

Naughty Nigel
21st November 2016, 09:46 AM
The system used is Near Field Communication (NFC) with small loop antennas. It operates at a frequency of 13.56 Mhz and data rates of 106Kb/s, 212Kb/s or 424Kb/s. The RF field from the "card reader" is used to power the chip which functions as a passive transponder. "Practical" working range is up to 10cm. A similar system is used for "ID Chips" in dogs.

Regards.*chr

OK, so it is doubtful that a sheet of aluminium foil just a few microns thick will stop it from working?

I will try it next time I use the Co-op self serve. *yes

Naughty Nigel
21st November 2016, 09:50 AM
I discovered when I got my first contactless Barclaycard that if it was next to my Oystercard in my wallet the Oystercard wouldn't work in the wallet - causing some rush hour irritation for those behind me at the barrier :)
My brother found the same thing with his Oystercard and work pass - tube gates and office doors refused to work with the cards next to each other.
As I'm covered against fraud and I've never actually used the contactless feature on any of my cards I'm not worrying ;)

TFL did warn against keeping their Oyster card and a contactless bank card together as there was a risk of double payments being taken at ticket barriers.

From what you say it sounds as if this is unlikely.

Harold Gough
21st November 2016, 10:01 AM
I discovered when I got my first contactless Barclaycard that if it was next to my Oystercard in my wallet the Oystercard wouldn't work in the wallet - causing some rush hour irritation for those behind me at the barrier :)
My brother found the same thing with his Oystercard and work pass - tube gates and office doors refused to work with the cards next to each other.
As I'm covered against fraud and I've never actually used the contactless feature on any of my cards I'm not worrying ;)

Allergy to oysters is quite common! :D

Harold

Phill D
21st November 2016, 10:19 AM
So if you have two contact less cards in a wallet does that mean there is a chance you could pay twice if the second one in the wallet is within range of the sensor?

PeterBirder
21st November 2016, 11:36 AM
OK, so it is doubtful that a sheet of aluminium foil just a few microns thick will stop it from working?

I will try it next time I use the Co-op self serve. *yes

Not so. RF currents circulate in the surface area of a conductor, the higher the frequency the thinner the surface layer which is why at high frequencies it is often necessary to gold or silver plate conductors. The presence of any metalic object in close proximity to the card will at least distort the RF field and absorb some of its energy. That is one of the reasons card issuers advise against using cards without removing them from purses etc. which could contain keys or other metalic objects. It is also one of the reasons the card readers/terminals instruct you to Tap with the card, they cannot detect the mechanical "tap" but it ensures you get the antenna on the chip near enough to the antenna in the reader.

Regards.*chr

PeterBirder
21st November 2016, 12:03 PM
So if you have two contact less cards in a wallet does that mean there is a chance you could pay twice if the second one in the wallet is within range of the sensor?

No.
The data from the two cards will be "jumbled" and the reader will not process either. This is the reason for AMc's (Post #10) problem with Oyster card and debit card in the same wallet.

Regards.*chr

AMc
21st November 2016, 01:49 PM
TFL did warn against keeping their Oyster card and a contactless bank card together as there was a risk of double payments being taken at ticket barriers.

From what you say it sounds as if this is unlikely.
Don't know for sure - IIRC Barclaycard were one of the first to introduce contactless well ahead of TFL accepting it as a payment method.

The only double payment things I ever came across were early on and not double contactless payments but where a chip and PIN transaction was also done.
https://www.theguardian.com/money/shortcuts/2013/may/20/contactless-payments-consumer-affairs

Wally
21st November 2016, 05:17 PM
Apologies if this has been mentioned previously - RFID sleeves --> https://www.amazon.co.uk/Demarkt-Passport-Blocking-WaterProof-Protector/dp/B01DXWJWTG/ref=sr_1_5?ie=UTF8&qid=1479748167&sr=8-5&keywords=rfid+blocking+sleeve

Can't comment if good, bad or indifferent? For 90p it won't break the bank but could prevent it being robbed.

iso
21st November 2016, 05:52 PM
Apologies if this has been mentioned previously - RFID sleeves --> https://www.amazon.co.uk/Demarkt-Passport-Blocking-WaterProof-Protector/dp/B01DXWJWTG/ref=sr_1_5?ie=UTF8&qid=1479748167&sr=8-5&keywords=rfid+blocking+sleeve

Can't comment if good, bad or indifferent? For 90p it won't break the bank but could prevent it being robbed.

Of course the other option is to ask your Bank to replace Cards with non-contactless ones. I have heard that this can be done.

David M
21st November 2016, 11:30 PM
I've been using a crush/dent proof aluminium wallet for years. I'm not sure if contactless cards were available when I got it. I was fed up with having to go to the bank for new cards when mine fell apart. I can report that so far it's been crush proof but it had a couple of dents in it after only a week or so. Now it's got so many dents you can't count them as there's dents on top of dents. But I've not had to replace a card since I started using it.

AMc
22nd November 2016, 11:03 AM
You can always butcher your card to prevent it working :D

The refuelling argument is still in it's favour once
http://www.instructables.com/id/Disabling-Contacless-Payment-on-Debit-Cards/?ALLSTEPS
The refuelling argument is still in it's favour once