[LINK] refusing contactless cards
Craig Sanders
cas at taz.net.au
Thu Aug 1 14:18:04 AEST 2013
On Wed, Jul 31, 2013 at 11:34:41PM -0400, Scott Howard wrote:
> On Wed, Jul 31, 2013 at 10:45 PM, Craig Sanders <cas at taz.net.au> wrote:
>
> > because i don't want to carry something in my wallet that can be scanned
> > remotely to give an attacker my name, credit card number, CCV code (and
> > possibly other details including my address - i'm not sure about the
> > address but the other three pieces of data are certain) without any
> > action on my part and without even my knowledge that it has happened.
>
> FUD is fun, isn't it.
false claims of security are even more "fun"
> Modern contactless cards do not contain the card number on the chip.
> They also doesn't contain the CVV1 or CVV2 numbers (I'm presuming that's
> what you mean when you refer to the CCV code?!)
> They doesn't contain your address.
> And they likely doesn't contain your name (although they optionally can).
here's a video showing someone gaining exactly the details I mentioned:
http://www.youtube.com/watch?v=elBWoMXt3WY
see also:
Shmoocon 2012: Credit Card Fraud: The Contactless Generation
http://www.youtube.com/watch?v=HRXb-FZ6WFM
PDF version: http://www.shmoocon.org/2012/presentations/Paget_shmoocon2012-credit-cards.pdf
and googling reveals many more sites, videos, pdf presentations etc on
the topic.
> I hope that in addition to destroying the contactless chip/antenna
> you're also sanding off the physical numbers and painting over them.
> After all, a high-resolution camera is still cheaper than an RFID
> reader, and very simple to aim at the credit card reader in your local
> supermarket, capturing all of the same information as above.
some threats are more credible than others. given that my hand AND my
body AND the card-reader it's inserted into obscure most or all of the
card when i'm using it, i'm not particularly worried by cameras.
same when entering a PIN - i'm usually careful to use one hand to hide
what the other hand is typing in.
craig
--
craig sanders <cas at taz.net.au>
BOFH excuse #289:
Interference between the keyboard and the chair.
More information about the Link
mailing list