Today, contactless payment cards are becoming more and more popular in world. Their difference from the usual "plastic" - in the ability to make transactions, simply by holding the card to the terminal. The fact that the card has such an opportunity is indicated by the corresponding icon on its front side. Now contactless payment technologies are actively "promoted" by organizations and banks working with Visa and MasterCard payment systems. Many new cards are equipped with a contactless payment chip by default, which, on the one hand, is convenient for users, and on the other hand, is a serious drawback and vulnerability.
What is a contactless payment card?
It looks like an ordinary bank card. But its main feature and distinguishing feature is the presence of an RFID tag - a microchip with an antenna, a receiver / transmitter and a memory module where payment information and identification data are stored. The tag is activated upon a request from the terminal and "responds" to it, providing the information necessary for identification and access to the client's account, from which the required amount is debited.
In general terms, the procedure for paying for purchases using a contactless bank card is as follows:
Thus, when making relatively small purchases (up to $ 15), the cardholder does not even enter the pin code - the payment is made automatically as soon as the RFID-tag of the card is in the electromagnetic field of the scanner and remains there for a short time (1-2 seconds).
Different payment systems using wireless payment technologies have their own standards for communication and data encryption. For interaction between the scanner (reader) and the RFID module, the frequency of 13.56 MHz is used, on which data is exchanged. This is the main vulnerability - after all, an attacker, possessing special equipment, theoretically has the ability to intercept this data, "polling" the chip in the same way as a payment terminal does. But we'll talk about this a little further.
Advantages of RFID cards
Contactless cards are convenient primarily for large stores, supermarkets, retail chains. After all, with a standard payment, you need to insert a card into the terminal of the terminal and enter a pin code, which takes some time. With RFID technology, the time spent on payment is significantly reduced. Even if it’s just a few seconds per customer, the savings seem more serious on a workday scale of several thousand customers.
Contactless payment cards are also convenient for their holders - also by saving time and being able to pay for purchases without even taking the card out of the wallet or purse. It is enough just to bring the accessory, in the pocket or in the inner compartment of which the card is located, to a sufficiently close distance to the scanner for the reader and the chip to “communicate” with each other. All - the payment has been completed. This method of payment is especially convenient in stores where your hands may be busy with bags and goods, or at a gas station, as it will allow you to pay without even leaving your car.
Disadvantages of contactless cards
Of course, the process of using contactless payment cards is not without a number of disadvantages. Today, not all retail outlets are equipped with RFID scanners, which requires the client to make a payment in the old fashioned way.
In addition, the loss of such a card can be a big problem. The person who found it will be able to make purchases and pay for services without the mandatory input of a pin code. The main thing is that the amount of one transaction does not exceed $ 15.
But the main disadvantage is the information vulnerability of the card data and the possibility of stealing information, funds from the account. In the past few years, billions of rubles from such cards have been stolen from every year. On a national scale, this figure does not seem so large, but this is due to the fact that so far RFID cards are not very common, and the owners themselves report to law enforcement agencies not all cases of fraud.
How is money stolen from contactless cards?
The easiest option, when the holder of a contactless payment card loses his money, is the loss of the card. The person who found the card can use it to pay for small purchases and can do this for a long time, especially if the owner does not have SMS-informing about the operations performed. Unfortunately, it is impossible to return the funds spent in this way, because it is almost impossible to prove that the card was lost and the transactions were not carried out by you. In addition, in order for the bank to consider the transaction legal, a correctly entered PIN code or automatic confirmation of payment information via an RFID module is sufficient. It doesn't matter who makes this payment.
The second option for the theft from a contactless payment card is also associated with the owner's carelessness and carelessness. In this case, the role of fraudsters is played by service personnel - sellers, waiters, bartenders - people to whom you give your card for payment. In addition to the amount that should be debited from your account, "extra" 600-700 rubles are often lost. A small amount, the withdrawal of which does not require confirmation with a pin code, and is quite invisible for the owner himself, who can simply forget what and how much he paid for.
Another, more complicated, but certainly no less common method of stealing funds from a card is using compact PoS terminals. It is enough to place it near the card, and it will automatically "interrogate" the module and the requested amount will be debited from the account. Debit amounts are usually small and do not exceed $ 15, so that you do not need to enter a pin code. Usually, the cardholder does not even immediately notice that money has been debited from his account. This happens most often in public transport, where there is a high density of people and the attacker has the opportunity, without arousing suspicion, to bring the terminal to the places where cards are most often stored. These are back and chest pockets, bags, briefcases, backpacks. Due to the tightness, the fraudster can bring the terminal close to the body or bag, so that even the thickness of the clothes will not always save from theft.
Instead of the terminal, other devices can also be used, such as, for example, a specially prepared smartphone with software installed on it. Finding it in an intruder's pocket or hands will not raise suspicion, which will only simplify the task of stealing money from a bank card.
Modern methods of fraud are developing as quickly as technologies for protecting against it, and therefore now even the use of PoS terminals and close contact between the scanning device and the RFID module is not necessary. So-called grabers and other scanning devices with powerful electromagnetic fields are capable of reading data from chips at a distance of several meters. The use of such units and modern software makes it possible to scan dozens of RFID tags on cards in a matter of seconds and steal money from the owners. Thus, one "walk" in a place of large gathering of people can bring tens and hundreds of thousands of rubles into the pockets of intruders. With such opportunities, the high cost of scanning equipment will not be an obstacle for fraudsters.
It is worth talking about another method of fraud that is already quite popular abroad, but so far not widespread in our country. It consists in intercepting control of a smartphone (by infecting it with a virus) and using the phone's NFC module as a signal repeater. Since contactless payment cards are often physically located next to a smartphone, fraudsters have the opportunity to write off funds at a fairly large distance and without using terminals and scanning devices.
How to protect a contactless bank card?
If the security situation for payment data is so depressing, maybe it is worth stopping the use of cards with RFID modules altogether? This is quite difficult to do for a number of reasons.
First, the convenience of using such bank cards is still evident, and not all users will prefer to exchange comfort for security.
Secondly, as mentioned above, many new cards (credit and debit) are issued with an RFID module, regardless of the wishes of the owner. To disable the technology, you must contact the bank that issued the card with an application. Even so, this is not always possible.
Thirdly, cards with contactless payment technology can still be used relatively safely if you follow a number of simple rules.
General recommendations on how to protect a contactless bank card
One of the first ways to protect yourself from uncontrolled debiting of funds is SMS notification of transactions. Be sure to connect it, even though it may be chargeable. The cost of services such as "mobile bank" is usually low, but in this way you can save much more money from theft.
In order not to miss SMS from the bank, activate not only sound, but also vibration on your phone. After all, attackers love the metro and public transport so much not only because of the crowded and crowded places, but also because the victim usually does not hear SMS notifications because of the surrounding noise.
If you find that money is being debited from your account and these are not some kind of automatic and scheduled payments, immediately block the card. This can be done quite simply through the application or by calling the bank.
The likelihood of fraudulent transactions with the card can also be reduced by carrying it in an inner pocket of clothes or in the inner compartments of a backpack or briefcase. Thus, you protect the chip as much as possible from external influences, removing it to the inaccessible for scanning using PoS terminals. But do not forget about the existence of other - more powerful - devices for which distance is not an obstacle.
Another method of protection (not 100%, but with some degree of probability) is to carry several cards with different chips together, as well as to find nearby metal objects that have shielding properties. This also does not guarantee protection against high-power modern grabers, but it may well save when trying to read information through a terminal or smartphone.
Protective wallets and cases
Today, there is no better way to protect against information theft using radio frequencies than shielding them. This fully applies to bank cards with RFID tags. No attacker with state-of-the-art hardware can steal your data and money if they cannot read the information from the chip. Special wallets, wallets and cardholders with RFID protection will help prevent him from doing this.
The essence of such protection is in the shielding of radio waves, which is achieved by using various metallized materials. These can be foil inserts and mesh screens, wire woven into the fabric of the wallet, as well as all-metal products for storing cards.
Unfortunately, it is also not always possible to guarantee 100% protection here, since many of these accessories available on the market have never been fully tested and do not have certification documents confirming the safety and reliability.
Technology as a way to protect a card with contactless payment
Technology is a reliable and proven RFID protection method developed by foreign experts. Initially, Optexx materials and products were created to protect the data of officials, representatives of government agencies, and large businessmen. After all, the leakage of information possessed by these people can turn into serious problems for state security, business, etc.
The essence of the technology is in the use of special shielding materials. They are based on an alloy of several metals with different physical and chemical characteristics. Due to the special structure of the crystal lattice, such a material becomes impervious to radio waves in a wide frequency range.
It is the different shielding properties of materials when working with different radio frequencies that are the main problem when creating accessories with RFID protection. It often turns out that a wallet that perfectly protects the card and chip when scanning at 13.56 MHz is not an obstacle when the signal frequency changes. Optexx material is free from such shortcomings, which is confirmed by the corresponding diplomas and certificates.
Accessories for bank card protection
If you don't know how to protect your contactless card, then use the proven technology. Our online store offers a wide range of specialized accessories:
The assortment includes products of different designs and colors, which will allow you to choose accessories as a gift, for a trip or permanent wearing, taking into account personal preferences, gender, financial capabilities.
Advantages of protective accessories:
All products have certificates of conformity and safety, which confirms the reliability of their protection and excellent performance demonstrated during testing.
What is a contactless payment card?
It looks like an ordinary bank card. But its main feature and distinguishing feature is the presence of an RFID tag - a microchip with an antenna, a receiver / transmitter and a memory module where payment information and identification data are stored. The tag is activated upon a request from the terminal and "responds" to it, providing the information necessary for identification and access to the client's account, from which the required amount is debited.
In general terms, the procedure for paying for purchases using a contactless bank card is as follows:
- the merchant activates the terminal or other payment device;
- the card holder brings it to the terminal screen at a distance of no more than 5 cm, orienting it so that the chip is close to the scanning device;
- the terminal and the chip are in contact with each other and data transfer occurs;
- if the purchase amount is less than $ 15, then the transaction is made and the money is debited from the client's account;
- if the purchase amount is more than $ 15, then the terminal asks the cardholder for a pin code;
- after checking the pin code, the purchase amount is debited from the client's account;
- the terminal issues a check confirming the transaction.
Thus, when making relatively small purchases (up to $ 15), the cardholder does not even enter the pin code - the payment is made automatically as soon as the RFID-tag of the card is in the electromagnetic field of the scanner and remains there for a short time (1-2 seconds).
Different payment systems using wireless payment technologies have their own standards for communication and data encryption. For interaction between the scanner (reader) and the RFID module, the frequency of 13.56 MHz is used, on which data is exchanged. This is the main vulnerability - after all, an attacker, possessing special equipment, theoretically has the ability to intercept this data, "polling" the chip in the same way as a payment terminal does. But we'll talk about this a little further.
Advantages of RFID cards
Contactless cards are convenient primarily for large stores, supermarkets, retail chains. After all, with a standard payment, you need to insert a card into the terminal of the terminal and enter a pin code, which takes some time. With RFID technology, the time spent on payment is significantly reduced. Even if it’s just a few seconds per customer, the savings seem more serious on a workday scale of several thousand customers.
Contactless payment cards are also convenient for their holders - also by saving time and being able to pay for purchases without even taking the card out of the wallet or purse. It is enough just to bring the accessory, in the pocket or in the inner compartment of which the card is located, to a sufficiently close distance to the scanner for the reader and the chip to “communicate” with each other. All - the payment has been completed. This method of payment is especially convenient in stores where your hands may be busy with bags and goods, or at a gas station, as it will allow you to pay without even leaving your car.
Disadvantages of contactless cards
Of course, the process of using contactless payment cards is not without a number of disadvantages. Today, not all retail outlets are equipped with RFID scanners, which requires the client to make a payment in the old fashioned way.
In addition, the loss of such a card can be a big problem. The person who found it will be able to make purchases and pay for services without the mandatory input of a pin code. The main thing is that the amount of one transaction does not exceed $ 15.
But the main disadvantage is the information vulnerability of the card data and the possibility of stealing information, funds from the account. In the past few years, billions of rubles from such cards have been stolen from every year. On a national scale, this figure does not seem so large, but this is due to the fact that so far RFID cards are not very common, and the owners themselves report to law enforcement agencies not all cases of fraud.
How is money stolen from contactless cards?
The easiest option, when the holder of a contactless payment card loses his money, is the loss of the card. The person who found the card can use it to pay for small purchases and can do this for a long time, especially if the owner does not have SMS-informing about the operations performed. Unfortunately, it is impossible to return the funds spent in this way, because it is almost impossible to prove that the card was lost and the transactions were not carried out by you. In addition, in order for the bank to consider the transaction legal, a correctly entered PIN code or automatic confirmation of payment information via an RFID module is sufficient. It doesn't matter who makes this payment.
The second option for the theft from a contactless payment card is also associated with the owner's carelessness and carelessness. In this case, the role of fraudsters is played by service personnel - sellers, waiters, bartenders - people to whom you give your card for payment. In addition to the amount that should be debited from your account, "extra" 600-700 rubles are often lost. A small amount, the withdrawal of which does not require confirmation with a pin code, and is quite invisible for the owner himself, who can simply forget what and how much he paid for.
Another, more complicated, but certainly no less common method of stealing funds from a card is using compact PoS terminals. It is enough to place it near the card, and it will automatically "interrogate" the module and the requested amount will be debited from the account. Debit amounts are usually small and do not exceed $ 15, so that you do not need to enter a pin code. Usually, the cardholder does not even immediately notice that money has been debited from his account. This happens most often in public transport, where there is a high density of people and the attacker has the opportunity, without arousing suspicion, to bring the terminal to the places where cards are most often stored. These are back and chest pockets, bags, briefcases, backpacks. Due to the tightness, the fraudster can bring the terminal close to the body or bag, so that even the thickness of the clothes will not always save from theft.
Instead of the terminal, other devices can also be used, such as, for example, a specially prepared smartphone with software installed on it. Finding it in an intruder's pocket or hands will not raise suspicion, which will only simplify the task of stealing money from a bank card.
Modern methods of fraud are developing as quickly as technologies for protecting against it, and therefore now even the use of PoS terminals and close contact between the scanning device and the RFID module is not necessary. So-called grabers and other scanning devices with powerful electromagnetic fields are capable of reading data from chips at a distance of several meters. The use of such units and modern software makes it possible to scan dozens of RFID tags on cards in a matter of seconds and steal money from the owners. Thus, one "walk" in a place of large gathering of people can bring tens and hundreds of thousands of rubles into the pockets of intruders. With such opportunities, the high cost of scanning equipment will not be an obstacle for fraudsters.
It is worth talking about another method of fraud that is already quite popular abroad, but so far not widespread in our country. It consists in intercepting control of a smartphone (by infecting it with a virus) and using the phone's NFC module as a signal repeater. Since contactless payment cards are often physically located next to a smartphone, fraudsters have the opportunity to write off funds at a fairly large distance and without using terminals and scanning devices.
How to protect a contactless bank card?
If the security situation for payment data is so depressing, maybe it is worth stopping the use of cards with RFID modules altogether? This is quite difficult to do for a number of reasons.
First, the convenience of using such bank cards is still evident, and not all users will prefer to exchange comfort for security.
Secondly, as mentioned above, many new cards (credit and debit) are issued with an RFID module, regardless of the wishes of the owner. To disable the technology, you must contact the bank that issued the card with an application. Even so, this is not always possible.
Thirdly, cards with contactless payment technology can still be used relatively safely if you follow a number of simple rules.
General recommendations on how to protect a contactless bank card
One of the first ways to protect yourself from uncontrolled debiting of funds is SMS notification of transactions. Be sure to connect it, even though it may be chargeable. The cost of services such as "mobile bank" is usually low, but in this way you can save much more money from theft.
In order not to miss SMS from the bank, activate not only sound, but also vibration on your phone. After all, attackers love the metro and public transport so much not only because of the crowded and crowded places, but also because the victim usually does not hear SMS notifications because of the surrounding noise.
If you find that money is being debited from your account and these are not some kind of automatic and scheduled payments, immediately block the card. This can be done quite simply through the application or by calling the bank.
The likelihood of fraudulent transactions with the card can also be reduced by carrying it in an inner pocket of clothes or in the inner compartments of a backpack or briefcase. Thus, you protect the chip as much as possible from external influences, removing it to the inaccessible for scanning using PoS terminals. But do not forget about the existence of other - more powerful - devices for which distance is not an obstacle.
Another method of protection (not 100%, but with some degree of probability) is to carry several cards with different chips together, as well as to find nearby metal objects that have shielding properties. This also does not guarantee protection against high-power modern grabers, but it may well save when trying to read information through a terminal or smartphone.
Protective wallets and cases
Today, there is no better way to protect against information theft using radio frequencies than shielding them. This fully applies to bank cards with RFID tags. No attacker with state-of-the-art hardware can steal your data and money if they cannot read the information from the chip. Special wallets, wallets and cardholders with RFID protection will help prevent him from doing this.
The essence of such protection is in the shielding of radio waves, which is achieved by using various metallized materials. These can be foil inserts and mesh screens, wire woven into the fabric of the wallet, as well as all-metal products for storing cards.
Unfortunately, it is also not always possible to guarantee 100% protection here, since many of these accessories available on the market have never been fully tested and do not have certification documents confirming the safety and reliability.
Technology as a way to protect a card with contactless payment
Technology is a reliable and proven RFID protection method developed by foreign experts. Initially, Optexx materials and products were created to protect the data of officials, representatives of government agencies, and large businessmen. After all, the leakage of information possessed by these people can turn into serious problems for state security, business, etc.
The essence of the technology is in the use of special shielding materials. They are based on an alloy of several metals with different physical and chemical characteristics. Due to the special structure of the crystal lattice, such a material becomes impervious to radio waves in a wide frequency range.
It is the different shielding properties of materials when working with different radio frequencies that are the main problem when creating accessories with RFID protection. It often turns out that a wallet that perfectly protects the card and chip when scanning at 13.56 MHz is not an obstacle when the signal frequency changes. Optexx material is free from such shortcomings, which is confirmed by the corresponding diplomas and certificates.
Accessories for bank card protection
If you don't know how to protect your contactless card, then use the proven technology. Our online store offers a wide range of specialized accessories:
- Covers for cards. Thin and compact, they nevertheless reliably protect the kata module from scanning. You can be sure that your data and money will remain intact, since an attacker simply cannot read the information. At the same time, the case is so thin and light that you can easily mark it along with the card in a regular wallet or wallet.
- Cardholders. These devices are designed to store several bank cards at once (from 3 to 22 pieces), as well as other ISO-format documents, for example, business cards, passes or driver's license. When you press the trigger located at the bottom of the accessory, all the cards are thrown up in a way convenient for you so that you can get the one you need.
- Wallets. On sale there are models of different sizes and with a different number of compartments, with a zipper and a button, designed for storing bank cards, cash, documents. It will not be difficult for you to choose an accessory that will completely suit you in appearance, spaciousness and functionality. Metallic inserts are located both on the outside of the accessories and on the inside, which provides reliable protection even when the wallet is open.
- Wallets. Ideal for storing bank cards, documents and cash while traveling. Wallets of different models can hold up to 12 credit cards and up to 3 passports of standard sizes. All internal compartments are shielded, making it impossible to scan even with the wallet open.
- Passport covers. Universal accessories that can be used to protect chipped documents, and also have additional internal compartments for storing bank cards, cash, and some other documents.
The assortment includes products of different designs and colors, which will allow you to choose accessories as a gift, for a trip or permanent wearing, taking into account personal preferences, gender, financial capabilities.
Advantages of protective accessories:
- Reliable protection of RFID chips from being read using terminals, scanners, grabers and other specialized equipment operating in a wide frequency range.
- Good performance. Despite the presence of shielding inserts, all wallets, wallets, cardholders are compact and easy to use. They can also be used as regular wallets.
- High degree of mechanical stability. The use of high quality materials makes it possible to protect cards and documents not only from electromagnetic radiation, but also from mechanical damage, adverse weather conditions, etc.
- Attractive appearance. Optexx products will be a wonderful gift that will surprise and delight you not only with functionality, but also with its aesthetic qualities.
All products have certificates of conformity and safety, which confirms the reliability of their protection and excellent performance demonstrated during testing.
