Maker Pro
Maker Pro

Semi-OT: Killing RFID credit card?

My bank was recently acquired by Chase, and all our debit cards were
replaced with dual-tech magstripe/RFID ("blink") cards. I don't want,
and absolutely refuse to use or even carry, a contactless payment
token linked to my checking accounts - but I need to have a working
debit card.

While I do have the equipment to copy the magstripe onto a blank card,
I suspect that using such a card at a manned POS terminal could be
problematic :)

Is there a simple method to kill the RFID side of the card without
harming the magstripe? I've tried flexing it to break the bond wires,
but this hasn't worked (I have 13MHz readers, so I can see the card
powering up).
 
M

martin griffith

Jan 1, 1970
0
On 23 Apr 2007 05:08:36 -0700, in comp.arch.embedded
My bank was recently acquired by Chase, and all our debit cards were
replaced with dual-tech magstripe/RFID ("blink") cards. I don't want,
and absolutely refuse to use or even carry, a contactless payment
token linked to my checking accounts - but I need to have a working
debit card.

While I do have the equipment to copy the magstripe onto a blank card,
I suspect that using such a card at a manned POS terminal could be
problematic :)

Is there a simple method to kill the RFID side of the card without
harming the magstripe? I've tried flexing it to break the bond wires,
but this hasn't worked (I have 13MHz readers, so I can see the card
powering up).

How about RF heating systems, ISTR that some operate about 13MHz, you
could try it on an old mag stripe card first, to see if it wipes it.

<paranoia>
Just wait until they introduce 100€/$ bills with RFIDs in them, so the
gubimint can trace where you spent your money/ muggers can select the
person with the most cash carried
</paranoia>


martin
 
My bank was recently acquired by Chase, and all our debit cards were
replaced with dual-tech magstripe/RFID ("blink") cards. I don't want,
and absolutely refuse to use or even carry, a contactless payment
token linked to my checking accounts - but I need to have a working
debit card.

While I do have the equipment to copy the magstripe onto a blank card,
I suspect that using such a card at a manned POS terminal could be
problematic :)

Is there a simple method to kill the RFID side of the card without
harming the magstripe? I've tried flexing it to break the bond wires,
but this hasn't worked (I have 13MHz readers, so I can see the card
powering up).


We have access cards like that- a powerful enough light allows you to
see the chip and the antenna wires.
On a colored credit card, it might take a powerful lamp.

Then its a matter of inserting a push-pin in the right place.

A microwave will fix it right, but there will be some carnage.

Dave
 
A

Aly

Jan 1, 1970
0
My bank was recently acquired by Chase, and all our debit cards were
replaced with dual-tech magstripe/RFID ("blink") cards. I don't want,
<SNIP>

I have to admit that I share your sentiments, particularly with Chip & Pin
cards here in the UK.

The law here has recently changed and money fraud is no longer the
responsibility of the Police, but has been laid firmly at the doorstep of
the banks. Who of course couldn't give a shit!! They just ignore everyone
and set debt collectors onto them.

There have been people who had literally thousands of pounds linked to their
names, and the banks ain't interested.

Getting to the point here.. Chip & Pin cards is the banks' latest saviour.
If the Pin is used, then they wash their hands of all responsibility saying
it's your fault. Cards have been used Malaysia, Spain, and allover the
place, while people are sitting in their local bank branches trying to sort
the problem out. Yet the banks still say they must of course be in Malaysia
or wherever, natually of course we're all in Malaysia aren't we!! It's the
popular place to withdraw the entire contents of your bank account.

Point! Chip & Pin cards can be rendered useless by frying the chip. It's
nothing more than a smart card.

But I understand your sentiments entirely OP. I now use cash as is
practical in all cases. My card is more often only ever used over the
counter in the local branch to withdraw cash. I DON'T trust cash machine
either, having tried to withdraw £60 and the machine crashed. It gave me my
card back after about 5-minutes yet no money, and still debited my account
for the amount. And THEN instead of correcting it, it debited another £60!!
So £120 down and no money.

Sorry. I grew up with all of this stuff and I don't trust it one bit.
Oldest trick when 13-years old used to be to go from cash machine to cash
machine withdrawing £100 before they had the chance to update. My bank
didn't like as I was only 13 and not liable. Hey thanks Midland/HSBC :) A
13-year old with £600 doesn't last long.

Total agreement with you OP.

Alison
 
L

larwe

Jan 1, 1970
0
I have to admit that I share your sentiments, particularly with Chip & Pin
cards here in the UK.

Contactless payment is even worse here. No PIN is required (in most
cases), it is treated as a "card not present" transaction. The
protections for _credit_ cards are fairly robust, but _debit_ cards
are not so well protected. Additionally, if someone scammed my credit
card, I'd simply not be able to use that card for a while. If someone
scams my debit card, my checks will start bouncing, which affects
every bill I pay.
 
V

Viktor

Jan 1, 1970
0
Is there a simple method to kill the RFID side of the card without
harming the magstripe? I've tried flexing it to break the bond wires,
but this hasn't worked (I have 13MHz readers, so I can see the card
powering up).

Why don't you just wrap your cards in aluminium foil while they're in
your wallet.
If anyone asks, you could just say you'd heard it was good against
inflation.
 
A

Aly

Jan 1, 1970
0
The
protections for _credit_ cards are fairly robust, but _debit_ cards
are not so well protected. Additionally, if someone scammed my credit
card, I'd simply not be able to use that card for a while.

Well here's another one.. I used to work for an Internet bank. And what
came across our desks was the Executive's solution to everything. Another
company was trying to sell it to them.

They wanted to push forward a project to hook up a GPS receiver to a PC, to
prove that the transaction was taking place in the expected geographic
location. This was their perfect solution, and some of these Directors sat
on the Boards of a particular UK/Global bank. These are the same people who
pushed forward Chip & Pin as the ideal solution.

We pointed out that a GPS module could easily have it's interface lines
hacked with a microcontroller, thus making the whole idea useless.

"Microcontroller, what's that!, living in a world of fantasy, that'll never
happen!"

Debit cards linked to your main bank account, yes, they're dangerous. None
of this really happened 10-years ago. Banks (and people) just think that
far fetched fantansy ideas are exactly that, fantasy.

PWM controlled communications laser anyone??
 
A

Aly

Jan 1, 1970
0
Viktor said:
Why don't you just wrap your cards in aluminium foil while they're in
your wallet.
If anyone asks, you could just say you'd heard it was good against
inflation.

Actually... I think you can actually buy shielded wallets/purses
specifically designed to act as a Faraday case.

Hold on... ...looking..

Type into Google; faraday cage wallet
 
L

larwe

Jan 1, 1970
0
Why don't you just wrap your cards in aluminium foil while they're in
your wallet.

This isn't sufficient. There are numerous documented cases (for
example) of POS terminals being placed too close together and cross-
authenticating each others' transactions. I walk into Best Buy for $10
of batteries and pay for someone's $1200 TV set.

I want this chip executed, not jailed.
 
I

ian field

Jan 1, 1970
0
My bank was recently acquired by Chase, and all our debit cards were
replaced with dual-tech magstripe/RFID ("blink") cards. I don't want,
and absolutely refuse to use or even carry, a contactless payment
token linked to my checking accounts - but I need to have a working
debit card.

While I do have the equipment to copy the magstripe onto a blank card,
I suspect that using such a card at a manned POS terminal could be
problematic :)

Is there a simple method to kill the RFID side of the card without
harming the magstripe? I've tried flexing it to break the bond wires,
but this hasn't worked (I have 13MHz readers, so I can see the card
powering up).

About 3 seconds in the microwave should do it.
 
V

Viktor

Jan 1, 1970
0
This isn't sufficient. There are numerous documented cases (for
example) of POS terminals being placed too close together and cross-
authenticating each others' transactions. I walk into Best Buy for $10
of batteries and pay for someone's $1200 TV set.

I want this chip executed, not jailed.

Right you are.

I seem to recall that the gizmos at the counter for deactivating the
anti-theft RF stickers on smaller things like stationery work on the
principle of emitting strong magnetic fields that fry the tags.

Perhaps that could be used when the cashier isn't looking? Either that
or ferrite transformer with an airgap.

The OT can always read the magstripe contents beforehand, just in case
he needs to code it back.

BTW anyone tried putting a magcard in the microwave?
 
P

Paul Carpenter

Jan 1, 1970
0
Well here's another one.. I used to work for an Internet bank. And what
came across our desks was the Executive's solution to everything. Another
company was trying to sell it to them.

Nothing worse than dumb executives/managers repeating the latest suit's sales
pitch when they obviously do not understand what is going on.
They wanted to push forward a project to hook up a GPS receiver to a PC, to
prove that the transaction was taking place in the expected geographic
location. This was their perfect solution, and some of these Directors sat
on the Boards of a particular UK/Global bank. These are the same people who
pushed forward Chip & Pin as the ideal solution.

Banks and security especially via electronic means is an Oxymoron. I have had
several run ins with banks/financial institutions and LACK of security

1/ Said company rings you up expecting all sorts of answers
to security questions, with NO means of verifying they are
who they say they are.

Oh look that is what the phone phishers do!

One girl said "but I am .... from .... bank" that was the
method of security verification.

2/ Expecting you to have different online ids and passwords for
each account at the same branch of the same bank.

3/ Expecting Different sets of security phrases when phoning them!

4/ Accept photocopies but not fax docuemnts as faxes were forgeable!
Photocopies can be forged just as easily as a fax is just a copier
with a phone line between the scan and print part.

5/ In UK banks once a staff member has a login to the network of ANY
division can get access to all the accounts details including
transactions on ANY account of ANY customer. So the insurance
division can look at the day to day transactions on your personal
checking account.

There was recently many documented cases of UK banks leaving confidential
documents in rubbish sacks at the back door. All documents were UNshredded.
Identity theft warehouse....
We pointed out that a GPS module could easily have it's interface lines
hacked with a microcontroller, thus making the whole idea useless.

"Microcontroller, what's that!, living in a world of fantasy, that'll never
happen!"

Financial institutions having people who make decisions understand real world
would be anti-Dilbert.

Over 20 years ago a then colleague used a modem to sequentially dial numbers
close to the numbers of his bank branch until it found a modem, entered
two valid Bank Sort Codes and was IN!

Financial Institutions rely on obfuscation and volume of transactions for
security.
 
T

Terran Melconian

Jan 1, 1970
0
Is there a simple method to kill the RFID side of the card without
harming the magstripe? I've tried flexing it to break the bond wires,
but this hasn't worked (I have 13MHz readers, so I can see the card
powering up).

I haven't done much with 13 MHz, but I have with 125 kHz. Assuming that
there is a coil going around the circumference of the card on 13 MHz as
well, how about cutting that, perhaps just from one side with a razor
knife? A thin layer of electrically insulative material (e.g. glue)
could be applied to stop it from making contact again when the card
springs back together.

Alternatively, how about a 1/16" to 1/8" drill through the IC, perhaps
from the back and not fully penetrating through the front to minimize
visible damage?

I think that mechanical techniques are likely to produce *less* visible
damage than electrical ones, as anything strong enough to stop it
working is also likely to make it emit smoke unless you can control it
quite carefully.
 
L

Lostgallifreyan

Jan 1, 1970
0
[email protected] wrote in
Is there a simple method to kill the RFID side of the card without
harming the magstripe?

Pulsed coil gas ignitor? The type that snap a spark once per second or so.
If you pass the spark through the card at the right place it might be
enough. The holes would be too small to see unless the thing was brand new
and clean as a polished mirror. The main difficuty is making sure that you
manage to pass the arc into the silicon and not just along a bonding wire.
Tests are in order...
 
A

Al Balmer

Jan 1, 1970
0
Contactless payment is even worse here. No PIN is required (in most
cases), it is treated as a "card not present" transaction. The
protections for _credit_ cards are fairly robust, but _debit_ cards
are not so well protected. Additionally, if someone scammed my credit
card, I'd simply not be able to use that card for a while. If someone
scams my debit card, my checks will start bouncing, which affects
every bill I pay.

It depends on the provider. I use Bank of America, which extends the
same protections to debit cards. In addition, they provide a service
which notifies me by email whenever a "card not present" transaction
is made.
 
I

ian field

Jan 1, 1970
0
Lostgallifreyan said:
[email protected] wrote in


Pulsed coil gas ignitor? The type that snap a spark once per second or so.
If you pass the spark through the card at the right place

You might be on the right lines there, gas igniters usually use a high
current gas discharge tube or a thyristor to dump the charge in a capacitor
into a HV pulse transformer, it might be possible to damage the card's
transceiver by dumping the charge into a few turns pressed against the
antenna.
 
P

Paul Carpenter

Jan 1, 1970
0
On 23 Apr, in article
<[email protected]>
Right you are.

I seem to recall that the gizmos at the counter for deactivating the
anti-theft RF stickers on smaller things like stationery work on the
principle of emitting strong magnetic fields that fry the tags.

Quite a lot of those suffered from the principle that the RF sticker
would work for ODD numbers of RF stickers, EVEN numbers together
often gave cancelling effects, at the door exit scanners.

The other principle that fooled a lot of exit scanners was put the RF
sticker at the same height as your heart, as some scanners assumed you would
be carrying the items in a bag near the floor, and did not want to
do anything at pacemaker height!.
 
M

Michael A. Terrell

Jan 1, 1970
0
ian said:
Fries (chips in English) are absolutely revolting microwaved.


I've heard that about a lot of British food. :(


--
Service to my country? Been there, Done that, and I've got my DD214 to
prove it.
Member of DAV #85.

Michael A. Terrell
Central Florida
 
Top