Reading credit card through your clothing and billfold.
-
There is a story going around that there is a device that can read your credit card information through your billfold, pocket book, and clothing. The information on the cards are on a magnetic strip and/or a chip. I've had to swipe my card more than once to get a reader at a store to read it. The more I think about it reading the strip or chip through all the above and not even rubbing up against the person carrying the card would be unlikely at best. An episode of NCIS had a girl doing just that. Okay you knowers of all things tech, is this possible?
-
There is a story going around that there is a device that can read your credit card information through your billfold, pocket book, and clothing. The information on the cards are on a magnetic strip and/or a chip. I've had to swipe my card more than once to get a reader at a store to read it. The more I think about it reading the strip or chip through all the above and not even rubbing up against the person carrying the card would be unlikely at best. An episode of NCIS had a girl doing just that. Okay you knowers of all things tech, is this possible?
-
There is a story going around that there is a device that can read your credit card information through your billfold, pocket book, and clothing. The information on the cards are on a magnetic strip and/or a chip. I've had to swipe my card more than once to get a reader at a store to read it. The more I think about it reading the strip or chip through all the above and not even rubbing up against the person carrying the card would be unlikely at best. An episode of NCIS had a girl doing just that. Okay you knowers of all things tech, is this possible?
If criminals truly could do that then they would be better of starting a company to sell these super readers.
-
If criminals truly could do that then they would be better of starting a company to sell these super readers.
They can do it, it you have Contactless payment[^] cards - as all new ones in the UK seem to be. The contactless payment bank cards just need to be offered to the shop reader for sums up to about £30, and RFID reads the card details and executes the transaction with no further input (such as PIN id). If you have the RFID reader then close proximity to the card in your wallet is sufficient. Crowded spaces (tube trains and so forth) ad good hunting grounds apparently.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
"I have no idea what I did, but I'm taking full credit for it." - ThisOldTony
"Common sense is so rare these days, it should be classified as a super power" - Random T-shirt -
They can do it, it you have Contactless payment[^] cards - as all new ones in the UK seem to be. The contactless payment bank cards just need to be offered to the shop reader for sums up to about £30, and RFID reads the card details and executes the transaction with no further input (such as PIN id). If you have the RFID reader then close proximity to the card in your wallet is sufficient. Crowded spaces (tube trains and so forth) ad good hunting grounds apparently.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
I made my bank disable the contactless transactions on my card. Pickpockets are a friggin real danger, and this is only a different type of pickpocketing.
GCS d--- s-/++ a- C++++ U+++ P- L- E-- W++ N++ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t++ 5? X R++ tv-- b+ DI+++ D++ G e++>+++ h--- ++>+++ y+++* Weapons extension: ma- k++ F+2 X If you think 'goto' is evil, try writing an Assembly program without JMP. -- TNCaver
-
I made my bank disable the contactless transactions on my card. Pickpockets are a friggin real danger, and this is only a different type of pickpocketing.
GCS d--- s-/++ a- C++++ U+++ P- L- E-- W++ N++ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t++ 5? X R++ tv-- b+ DI+++ D++ G e++>+++ h--- ++>+++ y+++* Weapons extension: ma- k++ F+2 X If you think 'goto' is evil, try writing an Assembly program without JMP. -- TNCaver
Snap - and Herself's as well. OK, I don't go near the Tube, and I'm none too fond of crowds - but it's a solution looking for a problem to my mind.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
-
Snap - and Herself's as well. OK, I don't go near the Tube, and I'm none too fond of crowds - but it's a solution looking for a problem to my mind.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
I'm a commuter so tube, train and train-stations are frequent point of passage for me. Also I particularly enjoy comics conventions and book fairs (there is one in my hometown these days by the way, the Turin International Book Fair) and I know that many delinquent attend only to lift some pockets. I very much prefer to pass the card and insert the pin, and only if I trust the commercial activity - many immigrant shops are barely legal and they sometimes use counterfeit POS to steal CC details. It's not paranoia if they're really out to get you... Also the ATMs are sometimes at risk, in a town near where I live a band of skilled thieves sabotaged the insertion slot to clone the cards that passed along with the PIN. So I normally use only the indoors ATMs...
GCS d--- s-/++ a- C++++ U+++ P- L- E-- W++ N++ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t++ 5? X R++ tv-- b+ DI+++ D++ G e++>+++ h--- ++>+++ y+++* Weapons extension: ma- k++ F+2 X If you think 'goto' is evil, try writing an Assembly program without JMP. -- TNCaver
-
Snap - and Herself's as well. OK, I don't go near the Tube, and I'm none too fond of crowds - but it's a solution looking for a problem to my mind.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
-
I made my bank disable the contactless transactions on my card. Pickpockets are a friggin real danger, and this is only a different type of pickpocketing.
GCS d--- s-/++ a- C++++ U+++ P- L- E-- W++ N++ o+ K- w+++ O? M-- V? PS+ PE- Y+ PGP t++ 5? X R++ tv-- b+ DI+++ D++ G e++>+++ h--- ++>+++ y+++* Weapons extension: ma- k++ F+2 X If you think 'goto' is evil, try writing an Assembly program without JMP. -- TNCaver
My bank asked me if I wanted to have a contactless card or not. That was the quickest no I ever uttered. The only quicker one was, if I wanted to have access to my account via my cell phone. While I understand it might be handy, I'm not going for that. I'm already paranoid about having it on my computer, let alone on my cell phone.
-
Snap - and Herself's as well. OK, I don't go near the Tube, and I'm none too fond of crowds - but it's a solution looking for a problem to my mind.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
Your solution is akin to wearing a full wet suit in a light shower. The details available from the RFID are not the full card details and for some time actually use a dummy card number that will only work with contactless. This means that the maximum exposure you have is £30 to a registered merchant. Fraud readers cannot put the valid messages into the system as they are outside the network and do not have authentication keys.
veni bibi saltavi
-
My bank asked me if I wanted to have a contactless card or not. That was the quickest no I ever uttered. The only quicker one was, if I wanted to have access to my account via my cell phone. While I understand it might be handy, I'm not going for that. I'm already paranoid about having it on my computer, let alone on my cell phone.
RUs123 wrote:
While I understand it might be handy, I'm not going for that. I'm already paranoid about having it on my computer, let alone on my cell phone.
If you are that worried about access to your money then I suggest you just send it to me. No one will have access to it that way. :-\
There are only 10 types of people in the world, those who understand binary and those who don't.
-
There is a story going around that there is a device that can read your credit card information through your billfold, pocket book, and clothing. The information on the cards are on a magnetic strip and/or a chip. I've had to swipe my card more than once to get a reader at a store to read it. The more I think about it reading the strip or chip through all the above and not even rubbing up against the person carrying the card would be unlikely at best. An episode of NCIS had a girl doing just that. Okay you knowers of all things tech, is this possible?
-
RUs123 wrote:
While I understand it might be handy, I'm not going for that. I'm already paranoid about having it on my computer, let alone on my cell phone.
If you are that worried about access to your money then I suggest you just send it to me. No one will have access to it that way. :-\
There are only 10 types of people in the world, those who understand binary and those who don't.
-
Your solution is akin to wearing a full wet suit in a light shower. The details available from the RFID are not the full card details and for some time actually use a dummy card number that will only work with contactless. This means that the maximum exposure you have is £30 to a registered merchant. Fraud readers cannot put the valid messages into the system as they are outside the network and do not have authentication keys.
veni bibi saltavi
Indeed - but £30's add up. It wouldn't be difficult for a perp to get a couple of dozen £30 a day on the Tube in Londinium, and that's tidy money which is unlikely to be spotted quickly, and unlikely to be reported if it is spotted. Nice pay if you can get it...but I'd rather not be a victim.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
-
Indeed - but £30's add up. It wouldn't be difficult for a perp to get a couple of dozen £30 a day on the Tube in Londinium, and that's tidy money which is unlikely to be spotted quickly, and unlikely to be reported if it is spotted. Nice pay if you can get it...but I'd rather not be a victim.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
Doesn't work that way. Each device on the network is registered with the server, so when a request is made for a payment it's not automagically paid down the wire, but it goes to the registered owners account. If a device is not on the network it can read the cards but, crucially, not send in payment requests. Now with the contactless, the details only work for a contactless device making a payment request. It's not like I can read your card # from a contactless reader and then use it yo shop on Amazon, the details are different.
veni bibi saltavi
-
They can do it, it you have Contactless payment[^] cards - as all new ones in the UK seem to be. The contactless payment bank cards just need to be offered to the shop reader for sums up to about £30, and RFID reads the card details and executes the transaction with no further input (such as PIN id). If you have the RFID reader then close proximity to the card in your wallet is sufficient. Crowded spaces (tube trains and so forth) ad good hunting grounds apparently.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
-
If criminals truly could do that then they would be better of starting a company to sell these super readers.
China has been doing it for ages for card swiping devices. In India, ATMs have been discovered to have an extra card reader attached to them by criminals (usually, IT folks who think they are smarter than the rest of the world). These are so thin and are attached to the slot where you put in your ATM card so users don't notice something is amiss. These devices can be had for a few tens of dollars from China. As to the need to input PIN codes, the thieves usually attach a tiny camera so that the users' PIN codes can be captured too!
-
There is a story going around that there is a device that can read your credit card information through your billfold, pocket book, and clothing. The information on the cards are on a magnetic strip and/or a chip. I've had to swipe my card more than once to get a reader at a store to read it. The more I think about it reading the strip or chip through all the above and not even rubbing up against the person carrying the card would be unlikely at best. An episode of NCIS had a girl doing just that. Okay you knowers of all things tech, is this possible?
My first such card, many years ago, was from AMEX. It came with a chip. In order to improve security I undertook a simple procedure:
Carefully placed a screwdriver over the center of the chip, taking care that it didn't overlap into the card, itself
Even more carefully, but extremely firmly, appling a hammer to the other end of the screw driver
This significantly enhanced the security with respect to remote scanning.
"The difference between genius and stupidity is that genius has its limits." - Albert Einstein
"As far as we know, our computer has never had an undetected error." - Weisert
"If you are searching for perfection in others, then you seek disappointment. If you are seek perfection in yourself, then you will find failure." - Balboos HaGadol Mar 2010
