[LINK] refusing contactless cards
Kim Holburn
kim.holburn at gmail.com
Thu Aug 1 15:02:32 AEST 2013
Whatever info they contain and however it is encrypted, it is enough to make purchases. All you need is that data.
It can be read from a distance. Of course if you use credit cards you need to check what has been purchased on it. Basic credit card management whatever kind you have I would have thought.
Kim
On 2013/Aug/01, at 1:34 PM, Scott Howard wrote:
> On Wed, Jul 31, 2013 at 10:45 PM, Craig Sanders <cas at taz.net.au> wrote:
>
>> because i don't want to carry something in my wallet that can be scanned
>> remotely to give an attacker my name, credit card number, CCV code (and
>> possibly other details including my address - i'm not sure about the
>> address but the other three pieces of data are certain) without any
>> action on my part and without even my knowledge that it has happened.
>>
>
> FUD is fun, isn't it.
>
> Modern contactless cards do not contain the card number on the chip.
> They also doesn't contain the CVV1 or CVV2 numbers (I'm presuming that's
> what you mean when you refer to the CCV code?!)
> They doesn't contain your address.
> And they likely doesn't contain your name (although they optionally can).
>
> I hope that in addition to destroying the contactless chip/antenna you're
> also sanding off the physical numbers and painting over them. After all, a
> high-resolution camera is still cheaper than an RFID reader, and very
> simple to aim at the credit card reader in your local supermarket,
> capturing all of the same information as above.
>
> Scott
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
--
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408 M: +61 404072753
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
More information about the Link
mailing list