Quite recently, a fundamentally improved version of the theft of funds was discovered - a new method of stealing money from cards equipped with PayWave and PayPass technologies - criminals intercept signals from such bank cards “over the air” using homemade readers.
Plastic cards with contactless RFID chips can be used simply by tapping them on a PoS banking terminal. At the same time, such cards are not “rolled” or inserted in the PoS terminal.
Last year, attackers already managed to steal about two million rubles using such hacking devices. In addition, methods have emerged to withdraw money from credit cards using the latest models of smartphones, which contain a modification of a type of RFID technology - an NFC device. To withdraw funds from a card, carders only need to know its full card number and the month/year of service expiration.
Cards of the international Mastercard system are equipped with PayPass chips, and cards of the Visa payment system are equipped with chips called PayWave. However, both companies allow their contactless technology to be used on both magnetic stripe cards and the newer square chip cards.
The convenience of using the Mastercard-PayPass and Visa-PayWave systems lies in simplifying and speeding up payments in stores. When making payments up to a thousand rubles with cards with RFID chips, there is no need to sign a cash receipt and enter your PIN code into the PoS terminal.
The point of the carding schemes is to intercept NFC signals using illegal reader devices. In terms of their technical content, RFID interceptors are highly advanced analogues of conventional contactless POS card terminals with increased functionality that capture and process electromagnetic waves. Such a device is usually equipped with an antenna, a special controller, and connectors for extracting information and pirated computer software from the reader.
To read payment data, it will be enough for a carder to bring the reader about ten centimeters to the victim’s card.
That is, in the metro or ground transport during rush hour it will be very easy and unnoticeable. The stolen information is subsequently passed on to other participants, who often do not even know the performer. And they are already producing clones and duplicates of bank cards, which are used for cashing out black cash.
The cost of an illegal RFID reader for attacking cards with PayWave and PayPass is about one hundred dollars, while “kulibins” can make them from components that can be ordered on eBay or Aliexpress.
You can purchase a special blocking RFID wallet with anti-reading protection. Or there are also cards that you need to place in your wallet next to your credit cards. It is also recommended to enable notification of changes in account balance using SMS messages or PUSH notifications. As an option, you can further reduce the amount that can be used when paying with a card without specifying a PIN code.
Another significant disadvantage of NFC readers is the fact that the fraudster needs to place this device almost close to the original bank card, which already allows for sufficient protection against reading. Well, if you have several contactless cards in your wallet, then this circumstance will also complicate the criminal plan.
Be careful!
(c) https://xn--e1afpuhk.com/kak-voruyut-dengi-s-beskontaktnyx-kart-rfid-i-nfc/
Plastic cards with contactless RFID chips can be used simply by tapping them on a PoS banking terminal. At the same time, such cards are not “rolled” or inserted in the PoS terminal.
Last year, attackers already managed to steal about two million rubles using such hacking devices. In addition, methods have emerged to withdraw money from credit cards using the latest models of smartphones, which contain a modification of a type of RFID technology - an NFC device. To withdraw funds from a card, carders only need to know its full card number and the month/year of service expiration.
Cards of the international Mastercard system are equipped with PayPass chips, and cards of the Visa payment system are equipped with chips called PayWave. However, both companies allow their contactless technology to be used on both magnetic stripe cards and the newer square chip cards.
The convenience of using the Mastercard-PayPass and Visa-PayWave systems lies in simplifying and speeding up payments in stores. When making payments up to a thousand rubles with cards with RFID chips, there is no need to sign a cash receipt and enter your PIN code into the PoS terminal.
The point of the carding schemes is to intercept NFC signals using illegal reader devices. In terms of their technical content, RFID interceptors are highly advanced analogues of conventional contactless POS card terminals with increased functionality that capture and process electromagnetic waves. Such a device is usually equipped with an antenna, a special controller, and connectors for extracting information and pirated computer software from the reader.
To read payment data, it will be enough for a carder to bring the reader about ten centimeters to the victim’s card.
That is, in the metro or ground transport during rush hour it will be very easy and unnoticeable. The stolen information is subsequently passed on to other participants, who often do not even know the performer. And they are already producing clones and duplicates of bank cards, which are used for cashing out black cash.
The cost of an illegal RFID reader for attacking cards with PayWave and PayPass is about one hundred dollars, while “kulibins” can make them from components that can be ordered on eBay or Aliexpress.
So how can you protect your money from a hacker attack on your contactless card?
The simplest and most effective way to protect your card from a contactless reader is to carry it together with other non-payment contactless cards, for example, with a Strelka or Troika transport card. When trying to read data, the fraudulent device will not be able to correctly copy the information, since the incoming signal will be sent simultaneously from several cards and it will not be processed correctly.You can purchase a special blocking RFID wallet with anti-reading protection. Or there are also cards that you need to place in your wallet next to your credit cards. It is also recommended to enable notification of changes in account balance using SMS messages or PUSH notifications. As an option, you can further reduce the amount that can be used when paying with a card without specifying a PIN code.
Another significant disadvantage of NFC readers is the fact that the fraudster needs to place this device almost close to the original bank card, which already allows for sufficient protection against reading. Well, if you have several contactless cards in your wallet, then this circumstance will also complicate the criminal plan.
Be careful!
(c) https://xn--e1afpuhk.com/kak-voruyut-dengi-s-beskontaktnyx-kart-rfid-i-nfc/
