SAN FRANCISCO (KGO) -- Many credit cards today let you make a purchase just by tapping the card. It's convenient and quick, but is it secure? A Bay Area woman has doubts, after a card reader at the grocery store reached into her purse and charged her credit card -- without her knowing it!
I bought one of those special RFID blocking Titanium CC holders years ago. It acts in keeping the intrusive rays from entering and stealing data from the cards like my tin foil hat that keeps out the government's brain searching rays stealing my thoughts.
ReplyDeleteI built and live in a Faraday cage......
DeleteWe signed up for getting an email every time their is a purchase on our credit card. And I also put a couple of those rfid blockers in my wallet so my cards are sandwiched between them. At least with the email we can cancel our cards when someone walking around with a rfid reader steals the card info.
ReplyDeleteOne wonders how many people have been hacked by RFID readers. That's the thing that occurred to me when I first read about those credit cards.
ReplyDeleteSteve
The spec on those chips gives it a read range of a few inches, so she must have set her purse right near the reader. I try to use those things and it takes 5 tries jamming the card up against the reader to get it to work.
ReplyDeleteRange is a function of the reader power output, not the card's chip. Spec *should* limit it, but the reality is that specs aren't always followed. And if she'd set her purse on the counter near the reader, that would do it.
DeleteScammer don't follow specs either. I recall one several years who demonstrated a system is a briefcase that would read cards from 30 feet, just walking down the street, which is why I bought a shielded wallet.
Ken, you might remember an exchange we had about RFID or 'no-contact' credit cards a year or so ago. I believe I sent you a link to a method of disabling the RFID function by cutting the trace from the chip to the antenna. Right now I've been unable to locate that link again.
ReplyDeleteI cut that link and now my credit card is safe, no RF shields needed.
However here is a link to a video that shows WHY you might want to disable that function.
https://onthenorthriver.com/2022/03/01/cashless-society-may-not-mean-what-you-think-it-means/
Had to replace an RFID card a couple of times shortly after it got issued. Figured out is was scammers with a reader and got the blocker for my wallet (and the wife and daughter's purse). Haven't had any issue since then.
ReplyDeleteAt least 20 years ago now my parents came home one day and gave me this metallic plastic slip RFID blocker to put my credit card in, because this exact thing was happening back then. I've yet to have an issue like this. If you have a card with a chip, it really should be in something like that at all times.
ReplyDeleteWant scary? I can take my debit card out, tap it, and be on my way. No authentication of any type required. Some places like Costco even let me tap for over $100. Now THAT's a security nightmare. Steal my card and you don't need my PIN or anything.
And just wait til the banks all force biometrics on us. Those are in fact pretty easy to steal, and they cannot be changed.
That is why I cut the trace between the chip on the card and the embedded antenna. Your card is still vulnerable anytime and for as long as it's out of it's Blocker envelope, such as portable Card Terminals that thieves can carry in a coat pocket.
DeleteCriminals have even installed readers concealed near ATM machines and can capture your cards RFID response between the wallet to the terminal.
On my Visa card I cut a slit 1 mm from the chip and the end of the card, the end that is inserted into the card reader. My card hasn't worked wirelessly since. That's piece of mind!
I pit a couple of card sized aluminum shim stock in my wallet, works perfectly.
ReplyDeleteI've had an aluminum shield around my card's in my wallet since they started issuing cards with chips. I cut it out of the bottom of an aluminum pie plate that originally help a blueberry pie purchased at the grocery store.
ReplyDeletePhone's are another problem. I see people all the time at the grocery story waving their phones over the readers. Personally, I think putting your credit card number on your phone is asking for disaster, even though I do have my phone so equipped. That's just ONE of the reasons my phone is off when I'm out and about with it in tow. Also WiFi and Bluetooth are always disabled unless I need to use them for backups, nothing else. I put the CC# on the phone because that's the way my plan's bill is paid. If it wasn't required for that, it wouldn't be on there.
Paranoid? Who me? ;-))
Nemo
If you absolutely do not want to use contactless, the card issuer can turn it off,
ReplyDeleteor block its use, which, as far as I can tell, means the system won't accept a tap from that card. The scammers might be able to read the tap info, but its a red flag at the financial institution.
I had a couple of cards issued the didn't work contactless, and I had to get them turned on and choose a max amount, blag blah.
I did it over the phone, without doing anything to the card, a la a new pin number.