[LINK] RFI: Disabling an NFC Coil on PayPass/Wave

Kim Holburn kim at holburn.net
Sun Aug 17 11:51:02 AEST 2014

All the pictures I've seen on the internet are different and they are all different to my card.  I have disabled mine and tested that paywave is disabled.  I used a very bright LED torch to see the card wiring.  I will write it up after some more testing.  I used a very small drill bit. A  1/16th I think.  The hole is almost invisible unless you hold the card up to the light.

On 2014/Aug/17, at 8:20 AM, Roger Clarke wrote:

> Australian banks continue to refuse to provide basic consumer 
> protections in relation to NFC-based payment.  They have a choice of 
> ways of doing so, but falsely declare to all and sundry that Visa and 
> MasterCard dictate that they have to do what they do.  Some 
> countries' banks, on the other hand, have implemented sensible 
> schemes.
> There are guides available on how to drill through the card in order 
> to break the coil and prevent the undesired wireless mechanism 
> working.
> The trick is to do so without harming the (highly desirable) 
> contact-based functionality - which still requires, as it should, 
> that the card-holder demonstrate that they know the PIN associated 
> with the card.
> It's also important to avoid damaging the mag stripe and the hologram.
> And it's best if the hole is unnoticeable, so that merchants don't 
> perceive a need to steal a card because it's been tampered with 
> and/or its wireless capability isn't functioning.
> So the hole needs to be small, and precisely targeted at a point 
> where the coil can be cut without any other aspect of the card being 
> damaged.
> Has anyone seen any reliable information about the precise location 
> of the induction coil on the cards being imposed on Australian 
> card-holders?
> And is there is a single card-layout in use, or more than one?
> The location can be found using an x-ray machine, or perhaps with 
> very strong light.  But the job has doubtless already been done by 
> someone.
> Needless to say, this posting is not a suggestion that people remove 
> unwanted functionality from the cards they have issued to them, but 
> rather part of my ongoing research into the matter:
> http://www.rogerclarke.com/EC/CPS-12.html
> -- 
> Roger Clarke                                 http://www.rogerclarke.com/
> Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
> Tel: +61 2 6288 6916                        http://about.me/roger.clarke
> mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/
> Visiting Professor in the Faculty of Law            University of N.S.W.
> Visiting Professor in Computer Science    Australian National University
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link

Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request 

More information about the Link mailing list