6 comments on “Contactless Card Skimming – You could be next !

  1. wow!! Well I wasn’t comfortable with the idea of these new cards as it was and now I despise it! I will definitely not getting one! I’m paranoid as it is. With one of those I’d be scared to go out anywhere with it! Very good and important post.

  2. “‘RFID Skimming’ is already a major problem Stateside”

    No, it isn’t. I bet you can’t link to a reputable source of single example of it _ever_ happening. So why do you claim it is a “major problem”? I’m genuinely curious as to why you would say this.

    P.S. It’s also an outright lie to claim that you can read the cards from 20 feet away. If you will let me record you on video accurately reading the contactless card details from my lovely new Amex contactless card from 20 feet away I will buy you afternoon tea at the Ritz.

    P.P.S. Do you have any theory as to why — if it’s trivial to clone cards and you can read them from 20 feet away — the banks would be introducing a new technology that would cause the entire payment card system to collapse within weeks?

    P.P.P.S. It’s also a lie to say that you can read biometrics passports this way. Again, I challenge you to read the biometric passport in my pocket from a foot away, let alone from 20 feet away. In order to read a biometric passport contactlessly, you need to read the machine-readable strip first.

  3. Also, the list of things that cannot be read from a contactless card includes the cryptographic keys used in payments, so the statement “Instantly, someone else can create a clone ‘contactless card’ with your data on it and go on a shopping spree at your expense” is absolutely incorrect. You simply cannot clone contactless cards in this way, and as Dave Birch notes above there is no evidence at all that it’s been done by anyone other than publicity-hungry security researchers or people flogging tinfoil wallets.

  4. If you’re in any doubt as to whether or not RFID skimming is possible, then perhaps watch the video evidence at e-pickpocket.com

    There you’ll find a video by UK broadcaster ITN Channel 4 News, in which Thomas Cannon, of ViaForensics, demonstrates how an ‘electronic pickpocket’ can skim personal information remotely from RFID enabled bank cards using a custom smartphone application. Cannon later goes on to make a purchase using this info, and with no requirement to submit a secure CVV number.

    Wrapping ‘contactless’ credit-cards in standard tin foil may be a temporary solution for some; although it’s not particularly elegant and defence contractors opt instead for alternative RFID screening materials, – i.e. one’s that specifically shield against 13.5 MHz frequencies; such as those supplied by rfidprotect.co.uk

    Whilst certainly not in the hands of criminals at present, perhaps what Thomas Cannon gives us is perhaps a vision of things to come…

    Forewarned is forearmed as they say.

  5. Pingback: Are contactless credit cards safe? see constablechaos blog | Wiganshale's Blog

  6. What on earth is going on here? Is it SUCH a huge task to key a four digit pin? They did away with signatures and now the pin is going too. How long will the £20 limit last I wonder. Want my card to NOT be contactless but seems that is not possible. A licence for credit card misuse. Returning to cash leaving the card at home seems a pity but I don’t like this at all.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s