 Notice. New forum software under development. It's going to miss a few functions and look a bit ugly for a while, but I'm working on it full time now as the old forum was too unstable. Couple days, all good. If you notice any issues, please contact me. |
Forum Index : Microcontroller and PC projects : Killing Tap-and- Go Credit Card
Page 1 of 2   |
|||||
| Author | Message | ||||
| Ray B Senior Member  Joined: 16/02/2007 Location: AustraliaPosts: 219 |
Gizmo I'm stuck this topic in if you don't mind as it relates to microcontroller technology & I'm sure will be of common interest. Currently in Australia banks etc are reissuing credit & debit cards automatically with the inbuilt chip which allows the "Wave & Go or "PayWave" feature using RF technology so you can deduct to a maximum of $100 per swipe. Banks don't seem to allow you to opt out of this feature. The cards still have the traditional magnetic strip on the back which work in "non-wave" terminals. Problem is people are finishing up with several of these cards in their wallet which if lost or stolen gives the bad guys access to access to your cash with no limit other than when you report it to your bank or your credit runs out or maybe the bank having a daily limit. QUESTION - It seems to me that it would be a simple matter to just score across the face of the imbedded gold IC card with a sharp knife a couple of times & destroy its functionality. If it stuffs up the bank will always send a new card at no charge. Comments RayB from Perth WA |
||||
Grogster Admin Group  Joined: 31/12/2012 Location: New ZealandPosts: 9638 |
Don't get me started on this one..... You are correct in all you say, and here in NZ, the bank will still hold you to the amount that a crook clocks up on your card, up to the point you realise you have lost it - during which time, they could have been in and out of many shops, and maxed out your card even - all of which YOU are liable for. You are also correct - the banks will not let you opt-out of this, which is f-ing insane, IMHO. There is a thread on here, in the other topics forum about this, and there is a nice easy way to fix the problem - permanently - but lawyers would probably argue that you are "Defacing bank property" or something - would not surprise me. I will find it now, and link to it. Smoke makes things work. When the smoke gets out, it stops! |
||||
Zonker Guru  Joined: 18/08/2012 Location: United StatesPosts: 772 |
Humm... I think the only way to stop this "crap" is to tell the bank to turn OFF the "feature" or you will take you banking bizz elsewhere... If enough people hop on this, the banks will get the idea... We are the customer... |
||||
| Grogster Admin Group Joined: 31/12/2012 Location: New ZealandPosts: 9638 |
Here is the link: Tap-And-Go Credit Cards Smoke makes things work. When the smoke gets out, it stops! |
||||
| Grogster Admin Group Joined: 31/12/2012 Location: New ZealandPosts: 9638 |
Heh, heh - wishful thinking perhaps?(rhetorical) They have so many customers, that they really don't care about anyone, unless there is a bank-wide boycott of something!  Smoke makes things work. When the smoke gets out, it stops! |
||||
Gizmo Admin Group Joined: 05/06/2004 Location: AustraliaPosts: 5129 |
Yeah I'm ok with this post Ray, so long as no particular bank or financial institution is named. I also agree, "wave and go" is a bad idea. Glenn The best time to plant a tree was twenty years ago, the second best time is right now. JAQ |
||||
BobD Guru Joined: 07/12/2011 Location: AustraliaPosts: 935 |
Ray I'm all for what you suggest except that I think that the chip is also used in the push in the socket readers now. These readers still have the traditional swipe the stripe slot but they are all heading for the push / pull socket. Supposedly, this chip also gives better security. This security benefit may be against card duplication. It is of no use in online purchasing. I have seen a few blog posts in the USA where the writers are going crook at the US banks for being slow to implement this technology. Bob |
||||
| Grogster Admin Group Joined: 31/12/2012 Location: New ZealandPosts: 9638 |
I may well be wrong, Bob, but I would have thought that the push-in readers use the smart-chip contacts rather then the RFID coils? ...as I say, I might be wrong on that one, but that would be how I figured those push-in readers would work. I think it is still the same problem though, if you still don't need to enter in any kind of PIN or otherwise verify the card is your one. Smoke makes things work. When the smoke gets out, it stops! |
||||
| Grogster Admin Group Joined: 31/12/2012 Location: New ZealandPosts: 9638 |
Photo in that old thread I linked to, shows bank name. Suggestions? It's an old thread, so perhaps it does not matter? Advise please. Smoke makes things work. When the smoke gets out, it stops! |
||||
| BobD Guru Joined: 07/12/2011 Location: AustraliaPosts: 935 |
Grogster, no disagreement with you. Just terminology differences. We need the chip, not the antenna. |
||||
| Ray B Senior Member Joined: 16/02/2007 Location: AustraliaPosts: 219 |
Grogster's link identified a solution from sPuDd as I paste below. I can't see the antenna wires on a Westpac card but on a Qantas card they are very clear to see. ******* quote follows **** Posted: 04 February 2013 at 9:41am | IP Logged Report Post Quote sPuDd Problem solved. Gold looking lines between holes are the RFID coils. Hold the card up to a bright light if you don't have a transperent edge. Mark it and drill through the wires. They pick up power & comms in the RFID field, just works as a normal card without it. You can blow holes in anything except the magnesium swipe and the smart chip. ***** end of quote **** It seems this technology is being trialed in Australia & NZ before they risk it in USA where someone may take then to court. RayB from Perth WA |
||||
psergiu Regular Member  Joined: 09/02/2013 Location: United StatesPosts: 83 |
You actually need a single small hole - just to cut the circuit of that single coil. With large and multiple holes you can risk scaring the store clerks who will not know what "rfid disabling" is and you'll get reported for using "fake credit cards". Those RFID Credit Cards are a huge pain in the bottom. It's easy to read them from ~25 cm or even more. http://www.eng.tau.ac.il/~yash/kw-usenix06/ http://www.bishopfox.com/resources/tools/rfid-hacking/attack -tools/ And i think with a high-power reader, with a good directional antenna, one would be able to activate and read those from a few meters away. Here in TX you the highway "TollTag" readers are able to read from 5+ meters above the road a RFID sticker smaller than a credit card glued to your windshield without you having to slow down - so it can be done. |
||||
| Ray B Senior Member Joined: 16/02/2007 Location: AustraliaPosts: 219 |
To destroy the on-board chip may work at the moment as the card may work with the magnetic strip on the back and with a PIN as a conventional card BUT in the future the banks may depend more on data controlled & stored in the chip BUT that may depend on power from the wire loop which may also be the same loop or in parallel to the loop being used for RFID communications so if you cut that you loose the whole card. Interesting, if only the banks would listen to their customers, it would be relatively simple at their front end software to disable on request the RFID withdrawal feature, but when do banks ever listen..... Thanks for the feedback RayB from Perth WA |
||||
| JohnS Guru Joined: 18/11/2011 Location: United KingdomPosts: 4071 |
We've had these "NFC" (near field comms) aka Wave etc cards here for a while - long enough that consumer programs on TV & radio have already covered problems with them. They can be seen by the reader from much further away than the banks claim and people have already paid with the wrong card that they didn't even get out of their (wallet or whatever). People have been advised to wrap the cards in metal (e.g. aluminium foil). There's a backlash in the brewing, maybe. John (... going to look for RFID wires) |
||||
| Grogster Admin Group Joined: 31/12/2012 Location: New ZealandPosts: 9638 |
They claim that the range of the reader is only 2 inches or so - any further away then that, and the card is out of range. That's what they say, but even if that IS true, why the hell would you want to have a credit-card with absolutely no security WHATSOEVER! God knows that the 4-digit PIN is not the most secure in the world, but it sure is better then nothing at all....... Smoke makes things work. When the smoke gets out, it stops! |
||||
| JohnS Guru Joined: 18/11/2011 Location: United KingdomPosts: 4071 |
Have been found to work over a few FEET :( John |
||||
| BobD Guru Joined: 07/12/2011 Location: AustraliaPosts: 935 |
Not sayin' exactly how many but I run a pin that is significantly more than 10 digits on my cards. You can see the counter staff eyes glaze over when I'm keying it in. |
||||
| Grogster Admin Group Joined: 31/12/2012 Location: New ZealandPosts: 9638 |
Owwwwww - you're lucky. We can only have 4-digit PIN's on our cards here(as far as I am aware). More digits would be more secure, and more difficult to crack. Brute-force PIN cracking would not actually take that long these days with 4-digit PIN's, but that's "Progress" if you want to call it that.  Smoke makes things work. When the smoke gets out, it stops! |
||||
| BobD Guru Joined: 07/12/2011 Location: AustraliaPosts: 935 |
I had been running 6 digits for years and I only increased the length of the pin about 6 months back. I had a rough time using it at first. I stuffed the pin entry 3 times buying fuel and had the card blocked for 24 hours. IIRC I changed the pin using the online banking web site but I can also change it at the ATM, phone banking, and the counter. I gotta have a look for the antenna wires today. |
||||
Lou Senior Member Joined: 01/02/2014 Location: United StatesPosts: 229 |
Guys, About killing the Tap-and Go chip, 10 or 15 seconds in the microwave ought to do it... and it won't hurt the mag stripe. Lou Microcontrollers - the other white meat |
||||
| Page 1 of 2 |
|||||
 Print this page |
 |
The Back Shed's forum code is written, and hosted, in Australia. | © JAQ Software 2025 |
