Connect with us

Semi-OT: Killing RFID credit card?

Discussion in 'Electronic Components' started by [email protected], Apr 23, 2007.

Scroll to continue with content
  1. Guest

    My bank was recently acquired by Chase, and all our debit cards were
    replaced with dual-tech magstripe/RFID ("blink") cards. I don't want,
    and absolutely refuse to use or even carry, a contactless payment
    token linked to my checking accounts - but I need to have a working
    debit card.

    While I do have the equipment to copy the magstripe onto a blank card,
    I suspect that using such a card at a manned POS terminal could be
    problematic :)

    Is there a simple method to kill the RFID side of the card without
    harming the magstripe? I've tried flexing it to break the bond wires,
    but this hasn't worked (I have 13MHz readers, so I can see the card
    powering up).
     
  2. On 23 Apr 2007 05:08:36 -0700, in comp.arch.embedded
    How about RF heating systems, ISTR that some operate about 13MHz, you
    could try it on an old mag stripe card first, to see if it wipes it.

    <paranoia>
    Just wait until they introduce 100€/$ bills with RFIDs in them, so the
    gubimint can trace where you spent your money/ muggers can select the
    person with the most cash carried
    </paranoia>


    martin
     
  3. Guest


    We have access cards like that- a powerful enough light allows you to
    see the chip and the antenna wires.
    On a colored credit card, it might take a powerful lamp.

    Then its a matter of inserting a push-pin in the right place.

    A microwave will fix it right, but there will be some carnage.

    Dave
     
  4. Aly

    Aly Guest

    <SNIP>

    I have to admit that I share your sentiments, particularly with Chip & Pin
    cards here in the UK.

    The law here has recently changed and money fraud is no longer the
    responsibility of the Police, but has been laid firmly at the doorstep of
    the banks. Who of course couldn't give a shit!! They just ignore everyone
    and set debt collectors onto them.

    There have been people who had literally thousands of pounds linked to their
    names, and the banks ain't interested.

    Getting to the point here.. Chip & Pin cards is the banks' latest saviour.
    If the Pin is used, then they wash their hands of all responsibility saying
    it's your fault. Cards have been used Malaysia, Spain, and allover the
    place, while people are sitting in their local bank branches trying to sort
    the problem out. Yet the banks still say they must of course be in Malaysia
    or wherever, natually of course we're all in Malaysia aren't we!! It's the
    popular place to withdraw the entire contents of your bank account.

    Point! Chip & Pin cards can be rendered useless by frying the chip. It's
    nothing more than a smart card.

    But I understand your sentiments entirely OP. I now use cash as is
    practical in all cases. My card is more often only ever used over the
    counter in the local branch to withdraw cash. I DON'T trust cash machine
    either, having tried to withdraw £60 and the machine crashed. It gave me my
    card back after about 5-minutes yet no money, and still debited my account
    for the amount. And THEN instead of correcting it, it debited another £60!!
    So £120 down and no money.

    Sorry. I grew up with all of this stuff and I don't trust it one bit.
    Oldest trick when 13-years old used to be to go from cash machine to cash
    machine withdrawing £100 before they had the chance to update. My bank
    didn't like as I was only 13 and not liable. Hey thanks Midland/HSBC :) A
    13-year old with £600 doesn't last long.

    Total agreement with you OP.

    Alison
     
  5. larwe

    larwe Guest

    Contactless payment is even worse here. No PIN is required (in most
    cases), it is treated as a "card not present" transaction. The
    protections for _credit_ cards are fairly robust, but _debit_ cards
    are not so well protected. Additionally, if someone scammed my credit
    card, I'd simply not be able to use that card for a while. If someone
    scams my debit card, my checks will start bouncing, which affects
    every bill I pay.
     
  6. Viktor

    Viktor Guest

    Why don't you just wrap your cards in aluminium foil while they're in
    your wallet.
    If anyone asks, you could just say you'd heard it was good against
    inflation.
     
  7. Aly

    Aly Guest

    Well here's another one.. I used to work for an Internet bank. And what
    came across our desks was the Executive's solution to everything. Another
    company was trying to sell it to them.

    They wanted to push forward a project to hook up a GPS receiver to a PC, to
    prove that the transaction was taking place in the expected geographic
    location. This was their perfect solution, and some of these Directors sat
    on the Boards of a particular UK/Global bank. These are the same people who
    pushed forward Chip & Pin as the ideal solution.

    We pointed out that a GPS module could easily have it's interface lines
    hacked with a microcontroller, thus making the whole idea useless.

    "Microcontroller, what's that!, living in a world of fantasy, that'll never
    happen!"

    Debit cards linked to your main bank account, yes, they're dangerous. None
    of this really happened 10-years ago. Banks (and people) just think that
    far fetched fantansy ideas are exactly that, fantasy.

    PWM controlled communications laser anyone??
     
  8. Aly

    Aly Guest

    Actually... I think you can actually buy shielded wallets/purses
    specifically designed to act as a Faraday case.

    Hold on... ...looking..

    Type into Google; faraday cage wallet
     
  9. larwe

    larwe Guest

    This isn't sufficient. There are numerous documented cases (for
    example) of POS terminals being placed too close together and cross-
    authenticating each others' transactions. I walk into Best Buy for $10
    of batteries and pay for someone's $1200 TV set.

    I want this chip executed, not jailed.
     
  10. ian field

    ian field Guest

    About 3 seconds in the microwave should do it.
     
  11. Viktor

    Viktor Guest

    Right you are.

    I seem to recall that the gizmos at the counter for deactivating the
    anti-theft RF stickers on smaller things like stationery work on the
    principle of emitting strong magnetic fields that fry the tags.

    Perhaps that could be used when the cashier isn't looking? Either that
    or ferrite transformer with an airgap.

    The OT can always read the magstripe contents beforehand, just in case
    he needs to code it back.

    BTW anyone tried putting a magcard in the microwave?
     
  12. On Monday, in article
    <455Xh.2677$>
    Would you like fries with that card....

    "And today on Cooking Live we have 101 ways to cook your card."
     
  13. Nothing worse than dumb executives/managers repeating the latest suit's sales
    pitch when they obviously do not understand what is going on.
    Banks and security especially via electronic means is an Oxymoron. I have had
    several run ins with banks/financial institutions and LACK of security

    1/ Said company rings you up expecting all sorts of answers
    to security questions, with NO means of verifying they are
    who they say they are.

    Oh look that is what the phone phishers do!

    One girl said "but I am .... from .... bank" that was the
    method of security verification.

    2/ Expecting you to have different online ids and passwords for
    each account at the same branch of the same bank.

    3/ Expecting Different sets of security phrases when phoning them!

    4/ Accept photocopies but not fax docuemnts as faxes were forgeable!
    Photocopies can be forged just as easily as a fax is just a copier
    with a phone line between the scan and print part.

    5/ In UK banks once a staff member has a login to the network of ANY
    division can get access to all the accounts details including
    transactions on ANY account of ANY customer. So the insurance
    division can look at the day to day transactions on your personal
    checking account.

    There was recently many documented cases of UK banks leaving confidential
    documents in rubbish sacks at the back door. All documents were UNshredded.
    Identity theft warehouse....
    Financial institutions having people who make decisions understand real world
    would be anti-Dilbert.

    Over 20 years ago a then colleague used a modem to sequentially dial numbers
    close to the numbers of his bank branch until it found a modem, entered
    two valid Bank Sort Codes and was IN!

    Financial Institutions rely on obfuscation and volume of transactions for
    security.
     
  14. I haven't done much with 13 MHz, but I have with 125 kHz. Assuming that
    there is a coil going around the circumference of the card on 13 MHz as
    well, how about cutting that, perhaps just from one side with a razor
    knife? A thin layer of electrically insulative material (e.g. glue)
    could be applied to stop it from making contact again when the card
    springs back together.

    Alternatively, how about a 1/16" to 1/8" drill through the IC, perhaps
    from the back and not fully penetrating through the front to minimize
    visible damage?

    I think that mechanical techniques are likely to produce *less* visible
    damage than electrical ones, as anything strong enough to stop it
    working is also likely to make it emit smoke unless you can control it
    quite carefully.
     
  15. wrote in
    Pulsed coil gas ignitor? The type that snap a spark once per second or so.
    If you pass the spark through the card at the right place it might be
    enough. The holes would be too small to see unless the thing was brand new
    and clean as a polished mirror. The main difficuty is making sure that you
    manage to pass the arc into the silicon and not just along a bonding wire.
    Tests are in order...
     
  16. ian field

    ian field Guest

    Fries (chips in English) are absolutely revolting microwaved.
     
  17. Al Balmer

    Al Balmer Guest

    It depends on the provider. I use Bank of America, which extends the
    same protections to debit cards. In addition, they provide a service
    which notifies me by email whenever a "card not present" transaction
    is made.
     
  18. ian field

    ian field Guest

    You might be on the right lines there, gas igniters usually use a high
    current gas discharge tube or a thyristor to dump the charge in a capacitor
    into a HV pulse transformer, it might be possible to damage the card's
    transceiver by dumping the charge into a few turns pressed against the
    antenna.
     
  19. On 23 Apr, in article
    <>
    Quite a lot of those suffered from the principle that the RF sticker
    would work for ODD numbers of RF stickers, EVEN numbers together
    often gave cancelling effects, at the door exit scanners.

    The other principle that fooled a lot of exit scanners was put the RF
    sticker at the same height as your heart, as some scanners assumed you would
    be carrying the items in a bag near the floor, and did not want to
    do anything at pacemaker height!.
     

  20. I've heard that about a lot of British food. :(


    --
    Service to my country? Been there, Done that, and I've got my DD214 to
    prove it.
    Member of DAV #85.

    Michael A. Terrell
    Central Florida
     
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Electronics Point Logo
Continue to site
Quote of the day

-