 Notice. New forum software under development. It's going to miss a few functions and look a bit ugly for a while, but I'm working on it full time now as the old forum was too unstable. Couple days, all good. If you notice any issues, please contact me. |
Forum Index : Other Stuff : "Tap and Go" EFTPOS and VISA cards...
Page 1 of 2   |
|||||
| Author | Message | ||||
Grogster Admin Group  Joined: 31/12/2012 Location: New ZealandPosts: 9306 |
NZ has introduced new "Tap and Go" payment methods for processing EFTPOS and CC transactions. You no longer need to swipe the card or enter a PIN. I think this is limited to less then $100, so you can't use this for large expensive items, only cheap things, but to me - where is the security in this idea? http://eftpos.co.nz/contactless-payments It would seem to me, that if someone steals your card(or many people's cards), they can then use them all over the place, as there is no PIN to enter, so as long as the card is valid, and there are funds in the account, it works. Seems dangerous to me. While stolen cards could only be used for low value purchases, if the theif uses the card in ten different shops, or any shop they can use the card in at all, they could rip you off for thousands of bucks in very little time. Does anyone know about this technology and how can you possibly have any security on a Tap and Go type card? Smoke makes things work. When the smoke gets out, it stops! |
||||
| grub Senior Member  Joined: 27/11/2007 Location: AustraliaPosts: 169 |
I have been reading about this kind of card on news forums and the thieves don't even have to steal your card. They set up the "shop" side of things via a computer program in a laptop and walk the streets and shops where these types of cards are likely to be found and then, when they get close enough, hit you with a "bill" and take the money. There are now special wallets that stop the signals when the card, or a phone, is in it thus stopping unwanted "transactions". There are even "how to" manuals on methods to kill the rfid chip so that it will never work again. Cavet Emptor (buyer beware) |
||||
| Grogster Admin Group Joined: 31/12/2012 Location: New ZealandPosts: 9306 |
So, you are confirming then, that there is absolutely no security on these cards? If that really is the case, then they are extremely DANGEROUS to own - I sure won't be getting one or recommending anyone I know have or use one. 
EDIT: You know what they really need to develop? Finger or thumb print ID for payment transactions. Finger-print recognition already exists for high security installations, and the technology must be getting cheaper by now, so this would be the way to do it, as everyone's print is unique, and also, it would allow them to build up a database of any crims who try to rip people off. Smoke makes things work. When the smoke gets out, it stops! |
||||
Downwind Guru  Joined: 09/09/2009 Location: AustraliaPosts: 2333 |
Perhaps, that might start thieft of thumbs then, and a little hard to get sent a replacement if you loose one. What ever happened to that method of yesteryear called CASH? All that any credit card do is allows you to be tracked like a dog, with what you buy, where and when you buy it, your average location, etc. Sometimes it just works |
||||
| Grogster Admin Group Joined: 31/12/2012 Location: New ZealandPosts: 9306 |
...and make lots of money for the banks through interest on the CC.  Smoke makes things work. When the smoke gets out, it stops! |
||||
| MOBI Guru Joined: 02/12/2012 Location: AustraliaPosts: 819 |
As an extra on the finger print sevurity, it should be up to the card holder to pick which finger/thumb they use. That way there is a degree of randomness to the print particularly if it was a finger not normally used in daily "handling of things) life. David M. |
||||
yahoo2 Guru Joined: 05/04/2011 Location: AustraliaPosts: 1166 |
I was very surprised when I used a credit card in a parking automated pay machine and it didn't need a PIN, after doing a bit of investigating it have found that retailers can opt in for a thing called "swipe and Go". Apparently they can choose to waive the requirement for a PIN on purchases up to $35 on a regular credit or debit card. I understand it was originally used in highway toll booths but is now very widespread. I use thumbprint scanners a bit, they are only as secure as you make them. If you wind the settings up to the max, it can take multiple tries to get recognized, and that pisses people off, if you leave them low there is a fair chance of a false positive. As for forensic matching Hmmmm a good tool under the right conditions, but by no means foolproof. I'm confused, no wait... maybe I'm not... |
||||
| Grogster Admin Group Joined: 31/12/2012 Location: New ZealandPosts: 9306 |
Looks like I might have been on the wrong track with the finger/thumb-print ID then...  Smoke makes things work. When the smoke gets out, it stops! |
||||
sPuDd Senior Member Joined: 10/07/2007 Location: AustraliaPosts: 251 |
Problem solved. Gold looking lines between holes are the RFID coils. Hold the card up to a bright light if you don't have a transperent edge. Mark it and drill through the wires. They pick up power & comms in the RFID field, just works as a normal card without it. You can blow holes in anything except the magnesium swipe and the smart chip. sPuDd.. It should work ...in theory |
||||
Tinker Guru Joined: 07/11/2007 Location: AustraliaPosts: 1904 |
Interesting... I was under the impression these cards (and I have one too) are passive devices, IOW, they do not constantly "send" out a signal that could be picked up from the street. Think about it, transmitting a signal over distances requires power and for that there needs to be a battery in the card. Yes, there possibly exist tin small batteries these days but I doubt they will hold charge for the 4+ years until the card expires. Anybody spotted any charging terminals on the card? So, what I think is they work similarly as the anti theft labels on expensive items but have a far more sophisticated data exchange. There is a 'field' around the tap & go box that interrogates the normally passive antenna loop in the card. A small charge is generated that powers up the on card chip to transmit its data and do the 'banking'. Once away from the very limited 'field around the reader box the card becomes numb and passive again. I doubt it works further than, say, 0.5m from the box. The train passes on our Perth train use intelligent cards, just tapping the wallet (with card inside) on the reader books the fare and also lets you know how much money is left on it. For security reasons its wise to handle the card as one would handle cash. Except, if somebody nicks your cash there is buckleys chance to get it back unless one records all the serial numbers and the thief is caught. With a nicked card, yes, the thief could make several purchases below $100 but you would have a good chance to get your money back, especially if you can show that you always keep the dockets for legit purchases and can prove to the bank you did not buy those things. Also, remember that you are most likely on CCTV camera and recorded as you use your card - as would be the thief. They keep a good record of your electronic shopping and were on the ball in my case when somebody overseas made purchases on my card that was way out of normal. As I was on holiday on a yacht at that time they stopped the card until I contacted them after they left a phone message. I got the money refunded about 6 weeks later. Anyway, you could do what I do, have a card with a rather low limit for such shopping, also good for e-bay etc. I think the lowest limit is $500. Klaus |
||||
| Grogster Admin Group Joined: 31/12/2012 Location: New ZealandPosts: 9306 |
They don't. They don't have charge terminals, as they don't have any internal battery. Absolutely correct. That is precisely how they work - magnetic induction to induce a flea-power voltage in the pickup coils in the card, which supply power to the PIC embedded in the card. You are 100% correct on how they work. 
Yes, good point. People SHOULD treat a CC or EFTPOS card like cash - but they don't! 
Good point... Smoke makes things work. When the smoke gets out, it stops! |
||||
| Georgen Guru Joined: 13/09/2011 Location: AustraliaPosts: 462 |
If it works up to 0.5m then thief doesn't have to even brush against us if is in posession of 'wave card' reader. Looks to me that some kind of metal shield might be good for extra security. Might start with thick al-foil. Would it work and be enough to protect 'wave card' owner? George |
||||
| Dogalot Newbie  Joined: 26/03/2013 Location: United StatesPosts: 2 |
Hey there... Our local news station did a report on just this subject: http://www.wthr.com/story/14001597/the-risk-inside-your-cred it-card I like the last suggestion on how to protect yourself -- cheapest is wrapping the card in aluminum foil... |
||||
| TronicSavyyJohn Newbie Joined: 31/03/2012 Location: AustraliaPosts: 20 |
bet me to it, A simple old schoo compass and a few stab marks later. presto! no more NFC. I read an article also where they have these mobile phone looking NFC readers and swipe and go past you, a teenager in a night club netted over $10k on night. Not my card  |
||||
| Downwind Guru Joined: 09/09/2009 Location: AustraliaPosts: 2333 |
From what i understand, 10 seconds in the microwave kills almost all RFID tags. It was from another news coverage on shoplifting some years back, where the skilled thieves would take a set of say, Nike shoes and visit the kitchen appliance section of the department store, and use a demo microwave for 10 seconds on the shoes, then put them on their feet and walk out through the RFID scanners. Free $200.00 shoes? If someone has a expired card and willing to give it a microwave test, i would be interested to know what happens. Most card replacements overlap in expiry date by about a month, so to test the theory of nuking the chip would be interesting. Pete. Sometimes it just works |
||||
| Grogster Admin Group Joined: 31/12/2012 Location: New ZealandPosts: 9306 |
I really can't understand the logic in this idea. Quick and easy, yes, but doubly so for those trying to steal your card details or just plain rip you off by charging lots of small amounts to as many cards as they can find in range. Perhaps this idea should have had a bit more of a rethink before they pushed it out? Smoke makes things work. When the smoke gets out, it stops! |
||||
| Georgen Guru Joined: 13/09/2011 Location: AustraliaPosts: 462 |
I think that there should be left something in a form of password, I know takes longer and is almost as it was before, but doesn't go through reader, so little improvement here. We would need better cooperation between banks, as money goes somewhere and somebody stands behind every bank account, so not that hard to investigate if there is enough will to catch the offender/s. George |
||||
| Grogster Admin Group Joined: 31/12/2012 Location: New ZealandPosts: 9306 |
I know that I won't be using any card like that, and I will disable it with the drill holes through the aerial coils as indicated in an earlier post, if I am ever sent one of these cards. I currently don't have any such card, but I guess that in time... Smoke makes things work. When the smoke gets out, it stops! |
||||
| JohnS Guru Joined: 18/11/2011 Location: United KingdomPosts: 3800 |
|
||||
MacGyver Guru Joined: 12/05/2009 Location: United StatesPosts: 1329 |
Crew Before leaving California (read that, regaining my sanity) I was told several municipalities had installed roadside "readers" that had the ability to read passing vehicles embedded with RFID chips. A tech buddy of mine, who purchased an FJ Cruiser, told me his new vehicle had no less than 9 of these chips and removing them disabled important stuff like the charging circuit, ignition circuit and transmission. That being said, the California DMV (Department of Motor Vehicles) began issuing drivers licenses with RFID chips embedded in them as well. They said it was so traffic officers could learn your life history when they pulled you over for a driving violation. I personally "cooked" my new California Drivers License in the microwave for about 5 seconds twice, so I didn't maybe melt the entire thing; some plastics heat up in a microwave oven just to be on the 'safe' side and sure as I'm a foot tall, I got pulled over for going too slow (wouldn't you know?) and the traffic officer told me my drivers license needed to be replaced, as he could not access my personal information from the card. So, apparently, the microwave oven trick works. Did I get a new drivers license? Hell no! I took it one step beyond all that; I moved to Texas! . . . . . Mac Nothing difficult is ever easy! Perhaps better stated in the words of Morgan Freeman, "Where there is no struggle, there is no progress!" Copeville, Texas |
||||
| Page 1 of 2 |
|||||
 Print this page |
