Jump to content

RFID Credit Cards...


Arsenic
 Share

Recommended Posts

I knew it was coming...but I saw a commercial the other day, and I can't believe they are actually doing it...

I'm not an RFID nut, but theoretically can't you record the signal that a chip gives off and have all the data needed to reproduce a point of sale transaction?.... what are they doing to secure this?  It's ridiculous...

Link to comment
Share on other sites

They still need your autograph on the receipt, no?

Basically, they're shooting themselves in their own foot. Or am I missing something?

The autograph on recipts mean nothing... I started signing in glyphs, symbols, and my own art work a couple months ago... no one says anything.

On one of my purchances I even wrote 'And its not even me' and the cashire dident say anything. 

There is no protection... this just means all a crook has to do is point a laser at your wallet insted of taking it.

Link to comment
Share on other sites

Another thing is if you knew what signal to send the cards you could set them off in someone's pocket and "steal" there credit card with out them knowing just by wandering past with a correctally configured RFID reader. This is scary if your bank sends you one go and buy an RFID shielded wallet from here: http://www.difrwear.com/products.shtml

Link to comment
Share on other sites

It is really easy to setup a ultra mobile laptop in a briefcase with a RFID scanner mounted against the lid and set up the software to remember every single RFID broadcast it receives. Potentially you don't even have to use a full on laptop, you could use some thing like a PDA if you can get a RFID scanner that works with it.

Link to comment
Share on other sites

They still need your autograph on the receipt, no?

The autograph on recipts mean nothing...

Did you bother to contest the charge on the card?

There was an article a while back about some guy who decided to start signing with 'Service sucks', vulgar artwork and worse as time went by. He claims he got all the purchases refunded (which basically means the place that sold the stuff to him gets the bill as they accepted the clearly invalid autograph.

Here it is: http://www.zug.com/pranks/credit/ and part 2 http://www.zug.com/pranks/credit_card/

A coworker of mine went to Turkey on holiday, and paid with credit card there in a number of locations. When he got back and saw his statement, he noticed an extra charge. He contested it and they refunded it because there was no signature on the receipt. I would expect them to not only check that there was an actual signature on the receipt, but also that it sort-of matches your own signature.

Link to comment
Share on other sites

You don't even need a signature.  There are coffee shops around here advertising the convenience of purchases "under $25" not needing to be signed.  Just pull into the drive though, flash the card... and bob's your uncle.

Not only do you not need a signature... but these devices are mounted OUTSIDE in the drive through...

If my bank were to send me one of these cards in the mail... they'll cease to be my bank, very quickly.

I'm with DarkBlueBox...  it's safer to post my PIN number in the paper.

Does anyone have any true insight into how actively card issuers monitor things?...  ie: how does the algorithm work?  I wonder if a transaction under $25 even hits the radar?

Link to comment
Share on other sites

I wonder if a transaction under $25 even hits the radar?

I doubt it as this is one of the ways that a cracker or phisher will test or use a credit car by making these small payments. I think there was some talk about this on the Network Security podcast.... at least I think that is what I was listening to.

Link to comment
Share on other sites

I wonder if a transaction under $25 even hits the radar?

I doubt it as this is one of the ways that a cracker or phisher will test or use a credit car by making these small payments. I think there was some talk about this on the Network Security podcast.... at least I think that is what I was listening to.

I'm going to go with no... http://www.mastercard.com/us/personal/en/a...rcards/paypass/

* Signature is not required for purchases under $25 at participating locations. PIN may be required for debit transactions
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...