Lord777
Professional
- Messages
- 2,579
- Reaction score
- 1,471
- Points
- 113
Using bank cards is a convenient alternative to paying in cash. After all, a plastic rectangle in a pocket or purse will not take up much space, and its loss is not as critical as in the case of paper bills. But modern technologies go even further, offering new payment methods - including contactless ones. Is it as safe as it is convenient?
Vulnerability of contactless payment cards
Since when paying for services worth up to $ 15, a contactless bank card does not require a PIN code, hence the simplest and most obvious way to steal money from it - using a POS terminal. If its reading chip is at a distance of several centimeters from the transmitter of the card, then money can be easily debited from it without the participation of the owner.
Unlike a regular card, a contactless card has a microchip and an antenna that use RFID technology. They contact and "respond" to the signal of a radio transmitter built into a special terminal, which allows you to pay only by touch. The signal is rather weak, and therefore the receiver and transmitter must be at a distance of several centimeters from each other, which makes these types of payments, at first glance, quite safe.
But there is reliable data that scammers actively use this method in trains, subways, and other public places where it becomes possible to get close to a person without arousing any suspicion. Having a POS terminal, a fraudster can make one raid, "taking away" up to $ 15 inclusive from one plastic, and leave with a catch of several thousand (or several tens of thousands).
However, despite the apparent simplicity, the solution to this problem is not always available. First, the RFID chip is quite problematic to read. In order for the card and the terminal to interact with each other, it is necessary to bring them closer to a distance of several centimeters (if we are talking only about a POS terminal). But if other methods of data theft are used, then the amplification of the receiving antenna makes it possible to read the necessary information up to 1 m, and even the accuracy of contactless cards will not save in the presence of certain software. In this case, it is already quite problematic for holders of plastic cards with a contactless payment system to protect funds from intruders. However, there is a way - special wallets and cases . More on this later.
In addition, the variant of trivial deception in a store, restaurant or bar is more than likely. Especially if you decide to show unnecessary trust, and the card ends up in the hands of an unscrupulous seller or waiter. The disappearance of a small amount from the account may not even be noticed or noticed immediately. It will be impossible to return the money stolen in this way - no matter how you appeal to the bank later.
How is data stolen?
Radio Frequency IDentification technology uses a 13.56 MHz radio frequency, on which payment and identification information is exchanged between the card chip and the terminal transmitter. Some payment systems use different communication standards, but the essence of the process does not change from this. Physical protection allows you to save your money when using a standard terminal, because data exchange is possible only at a distance of a few centimeters. But what if you use more powerful (yet compact) transmitters?
Such scanners, working on RFID technology and able to "poll" contactless cards at a distance of up to 80 cm, already exist. Not so long ago, a similar device was demonstrated by British researchers from the University of Surrey who are actively working to combat fraud in this area. If you use the device instead of a POS terminal, you can easily “write off” amounts below the established limit from the accounts of contactless cardholders ($ 15 in Russia, $ 25 in the USA, 30 pounds in the UK, etc.). At the same time, the exact alignment of the transmitter-receiver and the chip with the antenna is no longer required, it is enough that they are at a distance of up to 80 cm from each other. Since the signal from the scanner is stronger than that of the terminal, interference from keys and mobile phones near the card will hardly matter.
Hackers went even further, offering an original way to steal funds without using sophisticated scanning equipment. Since the smartphone and the owner's card are often located nearby, it is possible to use the NFC-module of the phone as a relay, which transfers the payment data of the victim to the fraudster. For this, an Android Trojan is sent to the owner's smartphone and installed in a hidden mode - a virus that allows such operations to be carried out with the victim's phone.
As soon as the smartphone is near the card and identifies its chip, it “contacts” the fraudsters via the Internet. The attacker activates the POS terminal at his disposal and makes a payment using his phone with a specially installed application instead of a credit card. At the same time, the cardholder's smartphone acts as a kind of bridge or repeater.
Of course, such technologies of stealing information and money are rather complicated and are still of theoretical interest. After all, a credit card with a contactless chip has other levels of protection besides physical (more about them later). But forewarned means forearmed. So it is better to be prepared for the fact that in the near future - given the speed of development of science and technology - such technologies will become generally available. And to know how to protect a card with contactless payment is already a necessity.
Shielded wallets and cases are a simple and popular solution today. Outwardly, they do not differ from ordinary wallets, but they have a layer of a metallized film made of an alloy of metals inside, which blocks different radio frequency ranges, including 13, 56. Thanks to this, it will not be possible to read data from the card sensor even with a powerful scanner. The advantage of using a wallet is that you can carry several credit cards at the same time in it, as well as store cash, business cards, passes, passports with an RFID chip, access cards and transport cards.
RFID protection can be provided in different ways - depending on the design and construction features of a particular model. Usually, reflective or absorbent materials are used, which provide protection against scanning. Additionally, various microtransmitters can be used, providing active protection by generating "white noise" - a complex of radio waves of different frequencies, which prevents the reading of information. Although 100% protection cannot be guaranteed by any of the methods.
If there is no need to constantly carry a large number of cards, documents and money, then you can use more compact devices - special covers. They are usually made of leather, plastic, fabric and various synthetic materials and, like wallets, wallets, have a shielding pad. When paying, the credit card may not even be completely removed from the case - its edge with a chip is enough.
The convenience of using the shielded case is also that it is thin and small enough - the size of a credit card - and therefore can be carried in a wallet or wallet. However, the use of several of these covers will already become problematic.
Metal cases are convenient for carrying a large number of cards. To pay, you just need to extract the one you need. But, of course, you will have to carry such a cover separately - it is too big for a wallet or wallet.
Built-in contactless card security and bypass
In addition to protection at the physical level - the need for close positioning of the card and the terminal - there is also protection at the cryptographic level. The fact is that a bank card does not have a permanent CVV code. For each payment transaction, it is generated randomly. Therefore, reading the data in itself does not give anything to the fraudster, except for the opportunity to make a transaction once for up to $ 15 (or in another currency - in accordance with the restrictions set by banks).
Today, fraudsters, using special equipment, have learned to read a randomly generated CVV code and use it before the cardholder does it. In this case, the funds are debited from the victim's account, and the owner receives information about the error the next time he tries to pay for the purchase. In this case, the card can even be blocked, which will create certain difficulties.
But the loss, for example, $ 10 is also a nuisance. Especially if the fraudster manages to perform several similar transactions. By the way, this is also not always possible, since many banks today use protection against multiple withdrawals of small amounts that do not require confirmation with a pin code. However, the very fact of obtaining information on the card is sometimes enough, for example, to pay for purchases in some online stores. Therefore, having built-in protection is not at all a reason to completely trust it and lose your vigilance.
Making a duplicate SIM card
Separately, it is worth talking about this method of fraud, which at first glance does not directly concern finance. But after all, it is to the phone number that many users' cards are tied today. Having a copy of a SIM card, fraudsters will be able to make transactions so that the owner does not even know about them, as well as make payments and withdraw cash in cases where an SMS confirmation is required for the operation.
The fraud scheme is quite simple - the cardholder, whose passport data is known, is called and dropped or sent an SMS with a request to call back. In order not to arouse suspicion, fraudsters usually introduce themselves as employees of a bank, a pension fund, and various government organizations. Further, the attackers contact the service center of the telecom operator with a request to reissue the SIM card. To do this, you need to name the owner's passport data, the time and numbers of the last calls made, sometimes to top up the account.
Such calls and account replenishment are the first signs that virtual scammers are trying to rob you. Usually, after that, the number turns out to be blocked, and the money from the account is withdrawn to other cards or electronic wallets. In this case, you need to act as quickly as possible:
General recommendations
The most important thing to take care of is limiting unauthorized access to the card. Always pay by yourself and do not hand the credit card into the hands of waiters, sellers, employees of sales areas, etc. Before making a payment, check the amount entered on the terminal screen. In the event of an accidental mistake or a banal deception, if it is not detected immediately, it will be almost impossible to prove this fact and get a refund from the bank. Also, as in the case if someone outside uses your card to their advantage without your knowledge.
Be sure to use SMS notification, even if this service is paid. Usually the subscriber is not so large, but you can “lose” much more imperceptibly. The notification comes instantly - upon payment - this will allow you to immediately understand that you have either lost your card, or a fraudster with a terminal or a scanner that reads data through Radio Frequency IDentification is operating nearby.
For a fraudster, the easiest way to gain access to your finances is to steal the card itself. And even if he will not be able to withdraw cash, he will be able to use it to pay for purchases on the Internet or in regular stores. In this case, SMS-messages will notify you of the loss and the need for action.
You can block a lost or stolen card through a special banking application, by phone or by visiting the branch where you received the credit card in person. For remote blocking, you most likely need additional data - for example, a code word or passport information. Later, the card can be restored without any problems - free of charge or for a small reissue and maintenance fee.
Always try to keep the card in such a way that there is no direct access to it from outside, and there is always a distance of at least 10 cm between its chip and the nearest person.That is, hide it in your inner pocket, backpack, or briefcase. Lushe, if there are some metal shielding objects nearby - keys, a lighter, a penknife, a multitool.
If you have a credit card with you and the money is debited from it, then most likely, a fraudster is “working” nearby or remotely. Check if your card is lying next to the phone, which acts as a transmitter. Immediately turn off your smartphone and move the card away - to the inner pockets or bag. Remember that an attacker will not be able to gain access to your mobile phone if it is not rooted and its display is locked.
To protect your funds, you can reduce the payment limit without confirmation with a pin code. Today, many banking organizations provide this opportunity. You can configure this parameter in the application or on the official website - in the Personal Account. You can even cancel payments without entering a PIN, but this will limit the functionality of your contactless card. However, when it comes to safety and security of funds, convenience and functionality fade into the background.
Alternatively, you can refuse to physically use the card itself by installing a special payment application on your smartphone. Of course, here there is a possibility of theft of the phone itself. Therefore, this decision is justified for mobile phones equipped with a fingerprint sensor. In this case, even if the gadget is in the hands of intruders, it will not work to pay for the purchase.
An essential part of the security of your finances is to protect your smartphone and applications from malware, spyware and viruses. Therefore, antivirus should be on the list of required programs that you install on your mobile. But other applications, especially third-party ones, should be viewed with suspicion, as any of them can be the source of Trojans, thanks to which attackers gain access and steal payment data.
How to protect a contactless bank card?
In addition to general recommendations that can be used in relation to not only contactless, but also conventional cards, there are ways to physically protect them. You can try to block RFID data transmission with a thin layer of metal. This can be food foil or baking foil. The main thing is that it is completely metallized - the inner shell will not protect against a pack of cigarettes.
Shielding technology from electromagnetic signals is based on the simple principle of the Michael Faraday cage, and not all metal shields are capable of successfully blocking the reading of scanners' antennas.
Another method of shielding can be recommended. Carry multiple contactless cards together - in one compartment of your wallet. It is better if these are credit cards of different banks and types, operating at different frequencies, or non-payment cards, for example, transport cards. When trying to read information with a scanner, the device will receive a response from different chips, which significantly complicates the receipt and decoding of information. But this method will work only in the case of contact terminals, and special software and antenna-reinforced "grabbers" can easily bypass it.
Carrying a card wrapped in foil or a large number of credit cards together is quite inconvenient. After all, then the main advantages of the contactless payment method are lost - its speed. A sheet of foil or thin shielding metal can be tucked into pockets in a wallet or wallet to cover both sides of the card. Well, it is best to use specialized devices, since they have been on sale for a long time and are widely represented on the domestic market.
Shielding Wallets, Purses & Cases
Benefits of using shielded covers:
In addition, shielding cases and wallets are not only convenient, but also beautiful. They can be part of the overall style and image of the wearer.
It is recommended to buy all protective devices only in specialized stores with certification and other accompanying documents, which is a guarantee of the absence of defects, reliable protection and compliance with the declared protective properties of data blocking. One of these stores, where a large assortment of cardholders, wallets, passport covers, card cases, wallets and travel organizers with a high level of protection against burglary are presented. Enter the catalog, choose the products you like and feel more secure.
Externally, products with the protection system are no different from ordinary accessories. It is stylish and modern, perfect for a gift or as a wardrobe addition. Protection accessories are made in Germany, and the store itself is the exclusive representative of the German company on the territory of the Russian Federation. Therefore, you can rest assured of the quality and reliability of the accessories. In addition, products are certified by the expert organization TÜV and correspond to the declared quality of the functional features of the protection.
With any questions about the choice of protection accessories or technology, you can always contact our managers.
Vulnerability of contactless payment cards
Since when paying for services worth up to $ 15, a contactless bank card does not require a PIN code, hence the simplest and most obvious way to steal money from it - using a POS terminal. If its reading chip is at a distance of several centimeters from the transmitter of the card, then money can be easily debited from it without the participation of the owner.
Unlike a regular card, a contactless card has a microchip and an antenna that use RFID technology. They contact and "respond" to the signal of a radio transmitter built into a special terminal, which allows you to pay only by touch. The signal is rather weak, and therefore the receiver and transmitter must be at a distance of several centimeters from each other, which makes these types of payments, at first glance, quite safe.
But there is reliable data that scammers actively use this method in trains, subways, and other public places where it becomes possible to get close to a person without arousing any suspicion. Having a POS terminal, a fraudster can make one raid, "taking away" up to $ 15 inclusive from one plastic, and leave with a catch of several thousand (or several tens of thousands).
However, despite the apparent simplicity, the solution to this problem is not always available. First, the RFID chip is quite problematic to read. In order for the card and the terminal to interact with each other, it is necessary to bring them closer to a distance of several centimeters (if we are talking only about a POS terminal). But if other methods of data theft are used, then the amplification of the receiving antenna makes it possible to read the necessary information up to 1 m, and even the accuracy of contactless cards will not save in the presence of certain software. In this case, it is already quite problematic for holders of plastic cards with a contactless payment system to protect funds from intruders. However, there is a way - special wallets and cases . More on this later.
In addition, the variant of trivial deception in a store, restaurant or bar is more than likely. Especially if you decide to show unnecessary trust, and the card ends up in the hands of an unscrupulous seller or waiter. The disappearance of a small amount from the account may not even be noticed or noticed immediately. It will be impossible to return the money stolen in this way - no matter how you appeal to the bank later.
How is data stolen?
Radio Frequency IDentification technology uses a 13.56 MHz radio frequency, on which payment and identification information is exchanged between the card chip and the terminal transmitter. Some payment systems use different communication standards, but the essence of the process does not change from this. Physical protection allows you to save your money when using a standard terminal, because data exchange is possible only at a distance of a few centimeters. But what if you use more powerful (yet compact) transmitters?
Such scanners, working on RFID technology and able to "poll" contactless cards at a distance of up to 80 cm, already exist. Not so long ago, a similar device was demonstrated by British researchers from the University of Surrey who are actively working to combat fraud in this area. If you use the device instead of a POS terminal, you can easily “write off” amounts below the established limit from the accounts of contactless cardholders ($ 15 in Russia, $ 25 in the USA, 30 pounds in the UK, etc.). At the same time, the exact alignment of the transmitter-receiver and the chip with the antenna is no longer required, it is enough that they are at a distance of up to 80 cm from each other. Since the signal from the scanner is stronger than that of the terminal, interference from keys and mobile phones near the card will hardly matter.
Hackers went even further, offering an original way to steal funds without using sophisticated scanning equipment. Since the smartphone and the owner's card are often located nearby, it is possible to use the NFC-module of the phone as a relay, which transfers the payment data of the victim to the fraudster. For this, an Android Trojan is sent to the owner's smartphone and installed in a hidden mode - a virus that allows such operations to be carried out with the victim's phone.
As soon as the smartphone is near the card and identifies its chip, it “contacts” the fraudsters via the Internet. The attacker activates the POS terminal at his disposal and makes a payment using his phone with a specially installed application instead of a credit card. At the same time, the cardholder's smartphone acts as a kind of bridge or repeater.
Of course, such technologies of stealing information and money are rather complicated and are still of theoretical interest. After all, a credit card with a contactless chip has other levels of protection besides physical (more about them later). But forewarned means forearmed. So it is better to be prepared for the fact that in the near future - given the speed of development of science and technology - such technologies will become generally available. And to know how to protect a card with contactless payment is already a necessity.
Shielded wallets and cases are a simple and popular solution today. Outwardly, they do not differ from ordinary wallets, but they have a layer of a metallized film made of an alloy of metals inside, which blocks different radio frequency ranges, including 13, 56. Thanks to this, it will not be possible to read data from the card sensor even with a powerful scanner. The advantage of using a wallet is that you can carry several credit cards at the same time in it, as well as store cash, business cards, passes, passports with an RFID chip, access cards and transport cards.
RFID protection can be provided in different ways - depending on the design and construction features of a particular model. Usually, reflective or absorbent materials are used, which provide protection against scanning. Additionally, various microtransmitters can be used, providing active protection by generating "white noise" - a complex of radio waves of different frequencies, which prevents the reading of information. Although 100% protection cannot be guaranteed by any of the methods.
If there is no need to constantly carry a large number of cards, documents and money, then you can use more compact devices - special covers. They are usually made of leather, plastic, fabric and various synthetic materials and, like wallets, wallets, have a shielding pad. When paying, the credit card may not even be completely removed from the case - its edge with a chip is enough.
The convenience of using the shielded case is also that it is thin and small enough - the size of a credit card - and therefore can be carried in a wallet or wallet. However, the use of several of these covers will already become problematic.
Metal cases are convenient for carrying a large number of cards. To pay, you just need to extract the one you need. But, of course, you will have to carry such a cover separately - it is too big for a wallet or wallet.
Built-in contactless card security and bypass
In addition to protection at the physical level - the need for close positioning of the card and the terminal - there is also protection at the cryptographic level. The fact is that a bank card does not have a permanent CVV code. For each payment transaction, it is generated randomly. Therefore, reading the data in itself does not give anything to the fraudster, except for the opportunity to make a transaction once for up to $ 15 (or in another currency - in accordance with the restrictions set by banks).
Today, fraudsters, using special equipment, have learned to read a randomly generated CVV code and use it before the cardholder does it. In this case, the funds are debited from the victim's account, and the owner receives information about the error the next time he tries to pay for the purchase. In this case, the card can even be blocked, which will create certain difficulties.
But the loss, for example, $ 10 is also a nuisance. Especially if the fraudster manages to perform several similar transactions. By the way, this is also not always possible, since many banks today use protection against multiple withdrawals of small amounts that do not require confirmation with a pin code. However, the very fact of obtaining information on the card is sometimes enough, for example, to pay for purchases in some online stores. Therefore, having built-in protection is not at all a reason to completely trust it and lose your vigilance.
Making a duplicate SIM card
Separately, it is worth talking about this method of fraud, which at first glance does not directly concern finance. But after all, it is to the phone number that many users' cards are tied today. Having a copy of a SIM card, fraudsters will be able to make transactions so that the owner does not even know about them, as well as make payments and withdraw cash in cases where an SMS confirmation is required for the operation.
The fraud scheme is quite simple - the cardholder, whose passport data is known, is called and dropped or sent an SMS with a request to call back. In order not to arouse suspicion, fraudsters usually introduce themselves as employees of a bank, a pension fund, and various government organizations. Further, the attackers contact the service center of the telecom operator with a request to reissue the SIM card. To do this, you need to name the owner's passport data, the time and numbers of the last calls made, sometimes to top up the account.
Such calls and account replenishment are the first signs that virtual scammers are trying to rob you. Usually, after that, the number turns out to be blocked, and the money from the account is withdrawn to other cards or electronic wallets. In this case, you need to act as quickly as possible:
- Block all plastic cards linked to the number by contacting the bank.
- Call the operator with a request to block a duplicate SIM card.
- Write a statement to law enforcement agencies.
General recommendations
The most important thing to take care of is limiting unauthorized access to the card. Always pay by yourself and do not hand the credit card into the hands of waiters, sellers, employees of sales areas, etc. Before making a payment, check the amount entered on the terminal screen. In the event of an accidental mistake or a banal deception, if it is not detected immediately, it will be almost impossible to prove this fact and get a refund from the bank. Also, as in the case if someone outside uses your card to their advantage without your knowledge.
Be sure to use SMS notification, even if this service is paid. Usually the subscriber is not so large, but you can “lose” much more imperceptibly. The notification comes instantly - upon payment - this will allow you to immediately understand that you have either lost your card, or a fraudster with a terminal or a scanner that reads data through Radio Frequency IDentification is operating nearby.
For a fraudster, the easiest way to gain access to your finances is to steal the card itself. And even if he will not be able to withdraw cash, he will be able to use it to pay for purchases on the Internet or in regular stores. In this case, SMS-messages will notify you of the loss and the need for action.
You can block a lost or stolen card through a special banking application, by phone or by visiting the branch where you received the credit card in person. For remote blocking, you most likely need additional data - for example, a code word or passport information. Later, the card can be restored without any problems - free of charge or for a small reissue and maintenance fee.
Always try to keep the card in such a way that there is no direct access to it from outside, and there is always a distance of at least 10 cm between its chip and the nearest person.That is, hide it in your inner pocket, backpack, or briefcase. Lushe, if there are some metal shielding objects nearby - keys, a lighter, a penknife, a multitool.
If you have a credit card with you and the money is debited from it, then most likely, a fraudster is “working” nearby or remotely. Check if your card is lying next to the phone, which acts as a transmitter. Immediately turn off your smartphone and move the card away - to the inner pockets or bag. Remember that an attacker will not be able to gain access to your mobile phone if it is not rooted and its display is locked.
To protect your funds, you can reduce the payment limit without confirmation with a pin code. Today, many banking organizations provide this opportunity. You can configure this parameter in the application or on the official website - in the Personal Account. You can even cancel payments without entering a PIN, but this will limit the functionality of your contactless card. However, when it comes to safety and security of funds, convenience and functionality fade into the background.
Alternatively, you can refuse to physically use the card itself by installing a special payment application on your smartphone. Of course, here there is a possibility of theft of the phone itself. Therefore, this decision is justified for mobile phones equipped with a fingerprint sensor. In this case, even if the gadget is in the hands of intruders, it will not work to pay for the purchase.
An essential part of the security of your finances is to protect your smartphone and applications from malware, spyware and viruses. Therefore, antivirus should be on the list of required programs that you install on your mobile. But other applications, especially third-party ones, should be viewed with suspicion, as any of them can be the source of Trojans, thanks to which attackers gain access and steal payment data.
How to protect a contactless bank card?
In addition to general recommendations that can be used in relation to not only contactless, but also conventional cards, there are ways to physically protect them. You can try to block RFID data transmission with a thin layer of metal. This can be food foil or baking foil. The main thing is that it is completely metallized - the inner shell will not protect against a pack of cigarettes.
Shielding technology from electromagnetic signals is based on the simple principle of the Michael Faraday cage, and not all metal shields are capable of successfully blocking the reading of scanners' antennas.
Another method of shielding can be recommended. Carry multiple contactless cards together - in one compartment of your wallet. It is better if these are credit cards of different banks and types, operating at different frequencies, or non-payment cards, for example, transport cards. When trying to read information with a scanner, the device will receive a response from different chips, which significantly complicates the receipt and decoding of information. But this method will work only in the case of contact terminals, and special software and antenna-reinforced "grabbers" can easily bypass it.
Carrying a card wrapped in foil or a large number of credit cards together is quite inconvenient. After all, then the main advantages of the contactless payment method are lost - its speed. A sheet of foil or thin shielding metal can be tucked into pockets in a wallet or wallet to cover both sides of the card. Well, it is best to use specialized devices, since they have been on sale for a long time and are widely represented on the domestic market.
Shielding Wallets, Purses & Cases
Benefits of using shielded covers:
- Reliable protection of payment information from hacking and copying.
- Protects the card from demagnetization, even if it is in a strong electromagnetic field.
- Credit card protection from mechanical damage and wear.
In addition, shielding cases and wallets are not only convenient, but also beautiful. They can be part of the overall style and image of the wearer.
It is recommended to buy all protective devices only in specialized stores with certification and other accompanying documents, which is a guarantee of the absence of defects, reliable protection and compliance with the declared protective properties of data blocking. One of these stores, where a large assortment of cardholders, wallets, passport covers, card cases, wallets and travel organizers with a high level of protection against burglary are presented. Enter the catalog, choose the products you like and feel more secure.
Externally, products with the protection system are no different from ordinary accessories. It is stylish and modern, perfect for a gift or as a wardrobe addition. Protection accessories are made in Germany, and the store itself is the exclusive representative of the German company on the territory of the Russian Federation. Therefore, you can rest assured of the quality and reliability of the accessories. In addition, products are certified by the expert organization TÜV and correspond to the declared quality of the functional features of the protection.
With any questions about the choice of protection accessories or technology, you can always contact our managers.