# Semi-OT: Killing RFID credit card?

Z

#### [email protected]

Jan 1, 1970
0
My bank was recently acquired by Chase, and all our debit cards were
replaced with dual-tech magstripe/RFID ("blink") cards. I don't want,
and absolutely refuse to use or even carry, a contactless payment
token linked to my checking accounts - but I need to have a working
debit card.

While I do have the equipment to copy the magstripe onto a blank card,
I suspect that using such a card at a manned POS terminal could be
problematic

Is there a simple method to kill the RFID side of the card without
harming the magstripe? I've tried flexing it to break the bond wires,
but this hasn't worked (I have 13MHz readers, so I can see the card
powering up).

M

#### martin griffith

Jan 1, 1970
0
On 23 Apr 2007 05:08:36 -0700, in comp.arch.embedded
My bank was recently acquired by Chase, and all our debit cards were
replaced with dual-tech magstripe/RFID ("blink") cards. I don't want,
and absolutely refuse to use or even carry, a contactless payment
token linked to my checking accounts - but I need to have a working
debit card.

While I do have the equipment to copy the magstripe onto a blank card,
I suspect that using such a card at a manned POS terminal could be
problematic

Is there a simple method to kill the RFID side of the card without
harming the magstripe? I've tried flexing it to break the bond wires,
but this hasn't worked (I have 13MHz readers, so I can see the card
powering up).

How about RF heating systems, ISTR that some operate about 13MHz, you
could try it on an old mag stripe card first, to see if it wipes it.

<paranoia>
of batteries and pay for someone's $1200 TV set. I want this chip executed, not jailed. I #### ian field Jan 1, 1970 0 My bank was recently acquired by Chase, and all our debit cards were replaced with dual-tech magstripe/RFID ("blink") cards. I don't want, and absolutely refuse to use or even carry, a contactless payment token linked to my checking accounts - but I need to have a working debit card. While I do have the equipment to copy the magstripe onto a blank card, I suspect that using such a card at a manned POS terminal could be problematic Is there a simple method to kill the RFID side of the card without harming the magstripe? I've tried flexing it to break the bond wires, but this hasn't worked (I have 13MHz readers, so I can see the card powering up). About 3 seconds in the microwave should do it. V #### Viktor Jan 1, 1970 0 This isn't sufficient. There are numerous documented cases (for example) of POS terminals being placed too close together and cross- authenticating each others' transactions. I walk into Best Buy for$10
of batteries and pay for someone's \$1200 TV set.

I want this chip executed, not jailed.

Right you are.

I seem to recall that the gizmos at the counter for deactivating the
anti-theft RF stickers on smaller things like stationery work on the
principle of emitting strong magnetic fields that fry the tags.

Perhaps that could be used when the cashier isn't looking? Either that
or ferrite transformer with an airgap.

The OT can always read the magstripe contents beforehand, just in case
he needs to code it back.

BTW anyone tried putting a magcard in the microwave?

P

#### Paul Carpenter

Jan 1, 1970
0
On Monday, in article
<[email protected]>
About 3 seconds in the microwave should do it.

Would you like fries with that card....

"And today on Cooking Live we have 101 ways to cook your card."

P

#### Paul Carpenter

Jan 1, 1970
0
Well here's another one.. I used to work for an Internet bank. And what
came across our desks was the Executive's solution to everything. Another
company was trying to sell it to them.

Nothing worse than dumb executives/managers repeating the latest suit's sales
pitch when they obviously do not understand what is going on.
They wanted to push forward a project to hook up a GPS receiver to a PC, to
prove that the transaction was taking place in the expected geographic
location. This was their perfect solution, and some of these Directors sat
on the Boards of a particular UK/Global bank. These are the same people who
pushed forward Chip & Pin as the ideal solution.

Banks and security especially via electronic means is an Oxymoron. I have had
several run ins with banks/financial institutions and LACK of security

1/ Said company rings you up expecting all sorts of answers
to security questions, with NO means of verifying they are
who they say they are.

Oh look that is what the phone phishers do!

One girl said "but I am .... from .... bank" that was the
method of security verification.

2/ Expecting you to have different online ids and passwords for
each account at the same branch of the same bank.

3/ Expecting Different sets of security phrases when phoning them!

4/ Accept photocopies but not fax docuemnts as faxes were forgeable!
Photocopies can be forged just as easily as a fax is just a copier
with a phone line between the scan and print part.

5/ In UK banks once a staff member has a login to the network of ANY
transactions on ANY account of ANY customer. So the insurance
division can look at the day to day transactions on your personal
checking account.

There was recently many documented cases of UK banks leaving confidential
documents in rubbish sacks at the back door. All documents were UNshredded.
Identity theft warehouse....
We pointed out that a GPS module could easily have it's interface lines
hacked with a microcontroller, thus making the whole idea useless.

"Microcontroller, what's that!, living in a world of fantasy, that'll never
happen!"

Financial institutions having people who make decisions understand real world
would be anti-Dilbert.

Over 20 years ago a then colleague used a modem to sequentially dial numbers
close to the numbers of his bank branch until it found a modem, entered
two valid Bank Sort Codes and was IN!

Financial Institutions rely on obfuscation and volume of transactions for
security.

T

#### Terran Melconian

Jan 1, 1970
0
Is there a simple method to kill the RFID side of the card without
harming the magstripe? I've tried flexing it to break the bond wires,
but this hasn't worked (I have 13MHz readers, so I can see the card
powering up).

I haven't done much with 13 MHz, but I have with 125 kHz. Assuming that
there is a coil going around the circumference of the card on 13 MHz as
well, how about cutting that, perhaps just from one side with a razor
knife? A thin layer of electrically insulative material (e.g. glue)
could be applied to stop it from making contact again when the card
springs back together.

Alternatively, how about a 1/16" to 1/8" drill through the IC, perhaps
from the back and not fully penetrating through the front to minimize
visible damage?

I think that mechanical techniques are likely to produce *less* visible
damage than electrical ones, as anything strong enough to stop it
working is also likely to make it emit smoke unless you can control it
quite carefully.

L

#### Lostgallifreyan

Jan 1, 1970
0
[email protected] wrote in
Is there a simple method to kill the RFID side of the card without
harming the magstripe?

Pulsed coil gas ignitor? The type that snap a spark once per second or so.
If you pass the spark through the card at the right place it might be
enough. The holes would be too small to see unless the thing was brand new
and clean as a polished mirror. The main difficuty is making sure that you
manage to pass the arc into the silicon and not just along a bonding wire.
Tests are in order...

I

#### ian field

Jan 1, 1970
0
Paul Carpenter said:
On Monday, in article
<[email protected]>

Would you like fries with that card....

Fries (chips in English) are absolutely revolting microwaved.

A

#### Al Balmer

Jan 1, 1970
0
Contactless payment is even worse here. No PIN is required (in most
cases), it is treated as a "card not present" transaction. The
protections for _credit_ cards are fairly robust, but _debit_ cards
are not so well protected. Additionally, if someone scammed my credit
card, I'd simply not be able to use that card for a while. If someone
scams my debit card, my checks will start bouncing, which affects
every bill I pay.

It depends on the provider. I use Bank of America, which extends the
same protections to debit cards. In addition, they provide a service
which notifies me by email whenever a "card not present" transaction

I

#### ian field

Jan 1, 1970
0
Lostgallifreyan said:
[email protected] wrote in

Pulsed coil gas ignitor? The type that snap a spark once per second or so.
If you pass the spark through the card at the right place

You might be on the right lines there, gas igniters usually use a high
current gas discharge tube or a thyristor to dump the charge in a capacitor
into a HV pulse transformer, it might be possible to damage the card's
transceiver by dumping the charge into a few turns pressed against the
antenna.

P

#### Paul Carpenter

Jan 1, 1970
0
On 23 Apr, in article
<[email protected]>
Right you are.

I seem to recall that the gizmos at the counter for deactivating the
anti-theft RF stickers on smaller things like stationery work on the
principle of emitting strong magnetic fields that fry the tags.

Quite a lot of those suffered from the principle that the RF sticker
would work for ODD numbers of RF stickers, EVEN numbers together
often gave cancelling effects, at the door exit scanners.

The other principle that fooled a lot of exit scanners was put the RF
sticker at the same height as your heart, as some scanners assumed you would
be carrying the items in a bag near the floor, and did not want to
do anything at pacemaker height!.

M

#### Michael A. Terrell

Jan 1, 1970
0
ian said:
Fries (chips in English) are absolutely revolting microwaved.

I've heard that about a lot of British food.

--
Service to my country? Been there, Done that, and I've got my DD214 to
prove it.
Member of DAV #85.

Michael A. Terrell
Central Florida

Replies
4
Views
2K
Replies
6
Views
495
Replies
8
Views
1K
Replies
14
Views
944
Replies
10
Views
780