EEVblog #889 – Credit Card RFID/NFC Theft Protection Tested

EEVblog #889 – Credit Card RFID/NFC Theft Protection Tested


hi you no doubt familiar with modern credit cards like this one that have an RFID chip embedded in the more tap and go as it’s called here in Australia might be called different things in other countries actually contain a radio frequency identification device and RFID chip in them and no it’s not this thing here that’s the secure chip and pin thing it’s actually embedded elsewhere in the card and it goes under various sat names could be Visa payWave or it could be MasterCard PayPass or various other names depending on which provider you’ve got but they all work on the same RFID technology we can just use your credit card like this just to tap and go as the name suggests you just tap it onto a reader like this if you’ve got a reader you can just go like that BAM hold it there for a second or two and you’ve instantly paid for your transaction in Australia at least it’s up to $100 no need to enter your PIN number no need to insert your card no need to swipe it on the back or anything like that tap and go beautiful but it’s not without its security concerns and my interest in this came about because mrs. a eevblog got a new handbag here it’s a giannotti brand for those playing along at home and it came with this look RFID blocking technology to assist you in protecting your credit cards against identity theft Sandler now uses data blocking technology concealed within this bag or backpack is an rfid protective fabric inside the credit card section that helps block illegal scanning devices and assists the prevention of data and identity theft fantastic but does it actually work let’s test it now let’s just talk briefly about the RFID technology in here there’s actually a coil all the way around the card in here that actually does not contrary to popular belief act as an antenna because this is not an RF based system it’s the term RFID is a little bit deceptive in this case it actually works like a transformer and if we have a look at another card here we can actually see the coil inside there check it out it’ll go around like that the chip will be embedded in there somewhere not exactly sure where it is matter you can see that there’s a couple of turns going around in there somewhere and what it’s doing is acting as a transformer like this let’s go to Dave CAD so this is the receiver part of it here this could be the phone like we’re going to use today it could be a legitimate device at the supermarket or on the bus that you want to tap and go and pay with or it can be a scamming skimming device that people can walk by you and actually once if they get close enough then they can actually potentially get your card details and actually do a transaction on your card they can’t actually get your credit card information but they can do an actual transaction as I said up to the value of $100 anyway this is the receiver like this and the receiver generates a constant 13 or packets of thirteen point five six megahertz sine wave and it’s a transformer coupled system the coil inside the credit card actually forms the secondary of a transformer here so even though it’s called RFID because it RF is used in some other variants of it it’s actually a magnetic field a traditional transformer coupled like this and the chip inside your credit card here actually gets power from this coil so once you get these two they’re close enough there’s a little our rectifier in there this is grossly simplified but hey this is basically how it works it generates our power for the chip and then the chip can drive a transistor which then can modulate the load on the secondary side and that will reflect back due to transformer action the magnetic fields you can actually get the modulation on here and it’ll send as we’ll see in a minute it’ll send like a packet of 13.5 six megahertz data like this and then if this chip if the protocol is right and everything matches up then this will use a transistor to put a load across the coil and modulate it and for the I so one triple four three protocol which we’re talking about here which is used in these types of modern credit cards then it’s going to modulate that amplitude modulated at a frequency of four hundred and forty seven point five kilohertz and then the reader can read back that data and they can communicate and transfer information easy but the important thing to note here is this is not an RF system these are not antennas this is a transformer it works on magnetic fields instead of an RF field so in take a modern smartphone and use this as an NFC reader they got NFC capability built-in thirteen point five six megahertz there are different frequencies for different RFID systems but the credit cards use thirteen point five six and that’s what the modern smart phones do at least I’m not aware of any smart phones that do the other frequencies but we can use this it’s just an app from my research lab Hagin burgers just to free up you can get to what read the information from these cards so we can put our tag in there and it’s just reading tag doesn’t take a minute new tag detected and we’ve ended we’ve got it we’ve read all the information that we can from this card of course I can’t get the money from it because I don’t have the ability to do transactions but hey criminals can potentially do this so I won’t go into the tag information it might reveal something about my card here but anyway it’s you know you can get like the hex dump data out of the card and everything else and you don’t actually have to have them touching and you can actually have them a distance apart but there is a limit to how far you can have them apart due to the transformer action losses because it’s a pretty poor transformer it’s an ear cord so the idea behind these are bags you can buy and you can get wallets as well with this RFID protection technology and does it work well I actually don’t necessarily doubt it because it’s not hugely hard to actually shield against this but as I said it’s not a Faraday cage issue it’s not an RF issue it’s a magnetic field issue so you know ideally you’d want our what’s called new metal which actually our shields out magnetic fields now take something like this side I cast aluminium box for example you’re used to using these to shield your electronics and stuff from our am i right now these are quite effective at RF and of course but for magnetic fields not so much but really the problem is with magnetic fields die cast aluminium like this or our foil or anything else um really is you know pretty decent at high-frequency art stuff but at low frequency low-frequency magnetic fields like down in the kilohertz and things like that these aren’t really effective against magnetic fields but the good news is is that these things operate at thirteen point five six megahertz so something like this diecast box force of airfoil is going to work a treat at those high frequencies even though at low frequencies even something this thick would actually be pretty useless at shielded magnetic fields so let’s not muck around let’s try it let’s get our credit card inside the outer sleeve of this bag and scanned it there we go no problems whatsoever this bag does not work in the outer pocket but it doesn’t claim to if we go back and read the fine print there’s a protective fabric inside the credit card section so only the credit card section so the rest of the bag if you’ve got this card inside your wallet inside the bag is not specifically inside the credit card section and you’re not protected at all and you’ll see inside this bag it looks kind of like magnetic II but if you put your credit card inside any part of this inside here or this outer pocket as we saw then it does absolutely nothing apart from a physical distance thing getting extra losses in the transformer you’ve got to actually put the card inside here and I’m not sure if you can hear that but it feels different it feels like there’s some metal foil or something inside this section so let’s whack our card in there shall we and we’ll try and read it here we go for the outside of the bag like this and you’ll see that it doesn’t scan at all so it works and that’s not terribly you know surprising there’s nothing magical about this but look if I put inside this other pocket over here and try and read it bingo it’s going through multiple layers no problems of this bag and right through there so it only works if you put it inside the section like this so that might protect you against a Wimpy little phone like this but what if are the criminal have some you know super high power transmitter / receiver that can you know generate a bigger magnetic field and read data back well how effective might this be well we can actually do it gets some our quantitative measurements with a near field H probe these are called because it’s a magnetic field this is not an electric field probe it’s a magnetic field you’ve seen this in my videos before it’s a dead giveaway to magnetic field because you can see the coil there and we can actually stick this in between the credit card and here and we can pick up the magnetic field and we’ll be able to see it on the scope beauty and of course you don’t need to buy one of these fancy pantsy expensive shield in handbags or wallets or whatever you can just use our foil like this and this is a common trick you see on the Internet so let’s see if we can read that tag under there no we can’t just a single layer of alpha or like that is more than enough if I take that away now bingo will read it no problems whatsoever so just a single layer of our foil is enough to attenuate that even though the magnetic field as I show you in a minute is actually still getting through there it attenuates it enough to actually cause a problem and there is a bit of a myth going around that if you have two credit cards in your wallet in close proximity or back-to-back like this that they’ll cancel out and they’ll get you know conflict and you won’t be able to read the data out of it and you’ll be completely safe you don’t need any magnetic shielding whatsoever well that’s not really true because the ISO standard one triple four three which are determines the protocol and everything to do with this RFID technology actually has an anti collision thing as part of the protocol for both type A and type B cards so we can hopefully it might it could make an edit it’s going to make a fool out of midnight there we go a new tag detected okay so you can actually get a point where they sort of do interfere with each other it causes a problem but you can still you can still do it you saw we could actually there we go we can get it to read that no problem so that really isn’t protected that myth-busting okay so let’s use our H field probe which goes from you know basically kilohertz up to several gigahertz so it should easily be able to read our thirteen point five six megahertz let’s put that on the back here and we’ll see that when you’ve got our NFC enabled on your phone it’s reading all the time periodically actually sending out these packets like this trying to wake up the card that’s in any card that’s in proximity to it and then looking sending out a code to enable it and they’re looking for modulation coming back and if we single-shot capture that and go in here you’ll see that this is basically bingo whoop there it is thirteen point five five thirteen point five six megahertz that’s our carrier frequency and it’s sinusoidal all right so let’s put our card behind our phone here and watch what happens when I put it in there bingo you should have seen some modulation there so let’s see if we can capture that and you’ll notice that it’s actually continually stayed on now that that card is in the field if we take it away BAM it goes back like that now if captured some data here and you can see that before this trigger point here here’s our thirteen point five six megahertz it’s actually the look it actually goes down to zero this is the receiver or in this case the transmitter actually doing that and we’ve got different types of data if we go over here and have a look we can see this is the return data coming from the card itself and this is the amplitude modulated data we can go in here and have a squiz at that there it is it’s just amplitude modulated so that is the credit card actually modulating that turning on the transistor loading down the coil and modulating that data back at what frequency well let’s measure it and bingo using our X cursors there we can get eight hundred and forty seven point four six kilohertz that’s exactly what I said the modulation frequency was before so yep the ISO standard is exactly as it says now if we have a look at the distance between the card the phone like this then we can actually I’m I not 200 millivolts per division be able to see the amplitude difference I’ll go down like this I’ve got that and a fair distance away will we be able to get something yep and it’s lower amplitude of course but even at that sort of distance you know there’s still something there it’s not enough to actually connect to the card but hey if you had a more powerful reader you know if you’re a criminal you had a more powerful reader you’re trying to skim cards and things like that you can do it at a greater distance okay so let’s try the alfoil now okay so I’m down at ten millivolts per division the absolute value doesn’t matter it’s just relative to 200 millivolts per division we were at before and yeah I’m able to you know get something but if I take away the alfoil of course then whammo we’re completely off scale now there we go alright so I’ve got my credit card inside the shielded thing I’ll whack my probe in there and we’ll give that a ball yeah we’re still getting something at 50 millivolts per division but you know it’s it’s really right down there you’d have to have a super-powerful you know transmitter side to actually you know generating a much larger magnetic field than this one’s capable of to actually get that I suspect but it’s probably not a hundred percent secure but you know I think it’s going to be good enough I think these sorts of shielded handbags and wallets will actually do what they claim and if you’re wondering about the die cast alloy box then yep that’s it two millivolts per division there’s just oh did we get something no that was just me mucking around yeah that’s going to be pretty effective I should expect but are not 100% effective against magnetic fields but in the case of the amount of field we’re talking about with the RFID here at that frequency then yeah these things do work okay just for kicks I’m going to see if we can capture the increase in magnetic field as we get closer so I’ll single-shot capture that and I’ll bring it in don’t like our chances but oh yeah that’s quite reasonable there we go we started here we could see it getting bigger and bigger but it wasn’t close enough to actually capture the dot like you know to sink and do the protocol and talk to the card and get the data before it got you know fairly close like an inch away or something like that so there you go I hope you found that interesting and whether or not you believe that you know you’re really a threat just walking around with your unexposed credit cards in your wallet and things like that and the odds are ridiculously low that somebody’s going to skim you or something like that but you know they don’t necessarily have to walk through you they could set it up in a doorframe for example yes you walk through they can get you because you can couple the magnetic field like that as you walk through and there’s many other ways to do it but they have to do a transaction it’s not like the money just magically vanishes from your account you know it’s got to be a transaction and things like that so yet not a hundred percent secure technology but hey confirmed are these bags and presumably the wallets they’ve probably just got our foil in them anyway and our phone does quite a reasonable job just a single layer of our foil can actually protect you cards pretty good so yes you’re paranoid about these things don’t wear it on your head just stick it in your wallet catch you next time hi it’s Teddy on Tuesday again it’s a little bit different it’s why is broad electric toothbrushes you’ve seen them it’s it’s on one of these charges Wireless our power transfer to charge the internal battery we crack it open and check it out not only what’s inside here but what’s inside the charger as well let’s take a look could be interesting there you go it drops down and if you remove another one it drops down again but actually it’s

Related Posts

CBC Vancouver News at 6 for Dec. 11 – Plane Crash, Christmas Bureau Theft, Squamish Kits Development

CBC Vancouver News at 6 for Dec. 11 – Plane Crash, Christmas Bureau Theft, Squamish Kits Development

SCP-1365 Bike Justice | Safe class | Vehicle / self repairing / autonomous scp

100 Replies to “EEVblog #889 – Credit Card RFID/NFC Theft Protection Tested”

  1. you don't have to put it all around, one layer of foil on any side is enough because it detunes the resonant frequency a lot.

  2. Dave, you didn't tear it apart this time! (the handbag) 😛 .. tear the handbag apart, and see what's in it! 😀

  3. Buy one of these.. work perfectly against perverts on the bus with a portable pin-machine.

  4. that's a thief bag in UK to stop the alarms activating. but in UK the skanks use tinfoil lined plastic bags

  5. So… what we have basically just witnessed is that Aluminium Foil Hats can/might actually work….. Bob is my uncle.

  6. yeah,I guess i would be more converned with the ones they are sticking to the front of gas pumps and at rest stops. seems here in Michigan,theives have targeted the main areas they know people in a hurry to travel stop. they have already hit up several gas stations and rest stop machines.

  7. A friend of mine was on the standards committee for the design of all RFID banking cards and he went through the maths regarding theft and RF levels both to activate the card and the RF from the card and the chance of someone stealing your data is very low. Anyway you'll get your money back as it was an unauthorised transaction.

  8. A tap and go skimmer was the first device I built with what I learned on EEVblog. It works like a charm and finances all my subsequent projects. Thank you dave.

  9. I've made a hat out of aluminium foil so that GCHQ can't see what I'm thinking when I touch myself

  10. From what I can tell, the only info that you can get out of these cards is the same info on the front of the card (card number and expiry date). It doesn't give you any of the crypto information needed to create a duplicate card using the modern EMV protocols, and it doesn't give you the CVV number you usually need to make online purchases. It might be possible to make a fake magnetic strip card, which may work if your card issuer and the store's card processor still allow magstripe transactions – though if you're in the US, that's likely the case.

  11. The black tape started out good but the man-handling of the card throughout the video made the numbers legible at the end!! Like an old Astro label.

  12. I wanted to totally disable the RFID function of my card. The answer was simple. A small notch in the bottom edge of the card, just a few mm, breaks the coil and stops it working.

  13. we JUST got chip and pin to be widespread in america … i got my first one recently
    10 more years we might get this RFID 😛

  14. could you use some gadgets in your lab to generate a more powerful transmitter? That would have been interesting. And to test the max distance with the phone's power and plot it out

  15. So when is somebody going to make a shoplifting RFID/NFC theft protection handbag with the lining over the main compartment?

  16. So if i find a card in Australia and if your NOT a nice person you can take a chance and buy up to $100 AUS dollars that seems a bit crap

  17. Now when you contactlessly purchase your tinfoil hat, you get a free shielded wallet too!

  18. Such a shield works while the card is in it. Remove the card to use with the RFID scanner at checkout and a black hat behind you in the checkout line doesn't even need to transmit anything to pick up the signal.

  19. Thats the REAL PERFECT way to really explain those "RFID" cards! Perfect, and Understandable.
    Indeed, It is a Inductively coupled system.

  20. You keep saying something like AAAH FOIL, it took a while before I realized that you were saying ALLLL FOIL. So I assume you are saying ALUMINIUM FOIL or for the Yanks ALUMINUM FOIL.

  21. I would like to see Dave take a look at the rfid Guardbunny created by Kristin Paget. First featured at schmoocon 2012 and later went openhardware and got an article on Hack a day.

  22. I don't know about Australia but many places in the US they have RFID tags in the cars for toll roads, the readers are over the road at least 16 feet in the air, they can record me passing even at 75mph. now i doubt the protocols are the same but i'm fairly sure the tech is. larger antenna and more power obviously, but since your not a criminal and not equipped with these toys I wouldn't discount the criminal elements ability to procure such devices.

  23. The ISO14443 standard calls for readers to have a minimum of 1.5A/m output. ISO15693 calls for 2.0 A/m. if anyone's interested. ISO10373 is concerned with the measurements of the readers.
    Your phone will be producing around 1.0A/m at 13.56MHz. the ISO14443A ID1 credentials can sometimes read somewhere around 0.3 to 0.4A/m depending upon the amount of processing involved. Actually you'll find that most cards won't be read over about 15cm with a reader producing 4A/m as the magnetic field just isn't strong enough. You won't find anything portable over 4A/m as you start needing a beefy RF amp
    It is quite possible for these cards to be read from this distance but like Dave said, it doesn't mean they can actually set the transactions up.

  24. I know of someone who used to chat with their victim. They worked in a shop with a card reader that they would put the card in and hand to the customer. They would get in to a surprised sorta reaction, put the card down on their touchless payment machine and and get an easy £30. Somehow it was also untraceable.

  25. I use my iphone to do the equivalent of the tap n go, but the iphone apple pay has extra layers of protection. Like it needs my thumbprint to work, and if I lose the iphone or it gets stolen(which would result in basically the card was also lost or stolen) I can just simply shutdown the phone with Find My Iphone and not worry about it.

    So now, all I carry is my iphone with me, all the credit cards stay at home.

  26. The fun thing to do is have a larger coil in the purse that also picks up this magnetic field and outputs random noise in the RFID bands. The best part is that under normal conditions it does nothing, only when you're being scanned by some thief.

  27. I feel like a simple solution to these cards would be a resistive sensor or something (such as two metal contacts that you place your finger over) and without your finger on them, the card doesn't talk.

  28. Dave Cad… classic 😀 Also, this technology is very similar to the QI standard for wireless charging for phones & tablets. Instead of sending the credit card data, the device sends information to the pad such as how much current to supply and when to stop by modulating the load on the phone's internal charging coils.

  29. If you are worried about people stealing your data you could always just disable the RFID functionality. I know that my bank has an option online to just turn the feature off. The same option is there to disable the magnetic strip. What this does is probably just declines any transactions made when using those technologies.

  30. I've had my card wrapped in "AL-foil" for about a month. Now I know I'm "mostly" safe. Thanks for this video and the knowledge it passes on to the public. My bank couldn't even give me a straight answer about this.

  31. you could just snap off or cut out a little piece where the coil goes through and be done with the whole rfid shit. I don't care if I spend 2 minutes standing in a queue and 5 seconds paying or standing 2 minutes in a queue and spend 20 seconds paying if the price for that is that anyone can use my card or the captured data to pay without entering a pin or even do as much as give a signature.
    Which fuckhead came up with that stupid idea anyway? I work in retail and 99.9% of our customers don't use it anyway.

  32. once u have used the app to read your card what's to stop the app squawking all your card details back to whoever wrote the app? This technology is called contactless payment here in the UK BTW.

  33. Its not the contactless you want to worry about , its the EMV protocol being broken as shit thats the problem.

  34. Tip: Last NFC transactions history is stored directly in most Visa cards. There are applications to read them also.

    This video focuses a lot on scanning aspect, but scan is useless without SE response. So the only way to actually steal money is to perform MitM attack with HCE endpoint to emulate SE.

    As for biometric passports – data is encrypted and key is generated from passport number, date of birth and date of expiration.
    That's why you have this
    <<<<blablabla<<<<bla<<<bla
    <<<bla<<<<bla
    section in them. It's for machine to run a dumb OCR to get required info for generating decryption key and then decode data. So scan alone is also useless.

  35. All magnetic fields have a electric field, an electro magnetic field is what we call RF. So technically wouldn't the transformer magnetic fields be just as much RF as traditional RF and if not please clarify?

  36. Oh, I have a slight issue with how you are thinking modulating a coil is not a radio? The difference between a transformer and a radio is the radio modulates the electromagnetic field (we call it electromagnetic radiation for a reason). My one transistor AM crystal radio works exactly the same way using the radio signal to provide enough current to run it, admittedly I do ground it rather than ground to the other end of the coil. I bet if I tune a heterodyne receiver to 50Hz I'll be able to here a continuous 50Hz radio signal. With a powerful enough radio signal one can in fact activate one of these cards.

  37. It'd be cool to see what's being passed between a Nintendo Wii U or 3DS and the Amiibo NFC figures, or between Skylanders and Disney Infinity figures and their respective NFC stands.

  38. I'd say that the reason people think that putting cards together will protect them is that a lot of implementations don't do anti-collision properly. Haven't tested it with Opal, but certainly the MyKi readers in Melbourne don't implement anti-collision, if it sees multiple cards it just gives up. So they've probably seen a message like "multiple cards detected, try again" and assumed that that means that the system can't read them if there are multiple cards there.

    As far as reading them from a distance, there's an application note, I believe on the TI website which covers building long range antennas for RFID, after a point you end up with something that looks like the anti-theft tag gates in shops.

    What I'd be more interested in (haven't got around to actually testing it though) is how much of the signal you could passively sniff while a transaction is in progress, because although the system is designed to use magnetic coupling, 13.5MHz propagates reasonably well so you're going to get some degree of RF leakage.

  39. hi Dave
    Actually RF's are magnetic waves so why are you bothering yourself to say its different from a typical RF cable that sends off data in form off some modulation of a RF pulse?

  40. How about cutting up an anti-static bag (the gray ones, not the pink ones)?
     Aluminum foil is VERY fragile, and will not last long.

  41. It was my understanding that RFID referred to card containing actual RF chips which also contained a coil. So when you slid your card through a magnetic field (think hotel room key) the RF chip would be able to send a code in a single RF burst, which was then read by the receiver. Is this technology also employed? Why is this not used in credit cards?

    Awesome video Dave!

  42. @eevblog RFID is still using rf. You say it uses a magnetic field when it is electromagnetic. Just because it is passive doesn't mean it's not using radio waves .

  43. I'd rather figure out how to fry the RFID chip in any card I have, as it's a feature I'd NEVER use specifically because it's so insecure.

    Perhaps a disposable camera's xenon flash circuit, but add an air-core inductor in series with the flashtube, and put the card on the coil?
    Idea is that it basically makes a tiny EMP every time the flashtube goes off due to the high pulse current. Intent is to overload the input of the RFID chip to the point of failure.

    Putting the card in a microwave for 5 seconds wouldn't work, as it'd also fry the security chip, which I DON'T want to happen.

  44. Hello +EEVBlog, the NFC TagInfo is a great software, but not suitable for credit cards or bank cards. Please take a look at (not advertisement here) JackLess which is designed for payment cards and can relevant data:
    https://play.google.com/store/apps/details?id=com.noSquare&hl=en

  45. They're still all un-encrypted. There's no way that it would work if it was. Think about it, if you encrypt the data, when you go to the Point of Sale, how will the reader interpret the data? It would have to take the encrypted data, decrypt it to process the transaction, and send it to the bank for verification. If it was encrypted, how would you determine any of the bank info? How would you securely transmit the private key to decrypt the card data? You'd have to pass sensitive un-encrypted info to protect the encrypted data, which is a fallacy as at that point the encryption is useless.

    Let's throw that out the window, and suggest it just uses weak encryption with a hardcoded password at POS. Then whats the point of that? I'm sure the keys are somewhere

  46. I'm sorry Dave, 13.56MHz qualifies as RF. In fact above 153kHz is the LW band and something around 67kHz is (was?) broadcast for RF clocks in Europe. The method of coupling into the receiver is not what decides whether it's RF, that is merely the transmission scheme and antenna coupling. Sure most transmission uses the 'E' field and this is predominantly 'M' field but what about AM receivers that have those dinky little ferrite rod antennas? They are really only a coupled transformer, or are they too not radios??

  47. "It's a Gianotti brand, for those playing along at home…" – 100.000 EEVblog bag-aficionados just got what they came for!
    It's a bobby dazzler!

  48. "This is NOT a RF system, it works on magnetic fields instead of RF-fields" o.O Well, what are RF-systems working on ?
    RF-systems are in theory a transformer system – and yes, they are called antennaes.

  49. Not an RF field? That's exactly what this is! That schematic you drew is equivalent to a good old fashioned crystal radio with a loopstick antenna.

    Generally, any of the antennas with circular elements work by coupling the magnetic (B) field, while dipoles and related things like yagi arrays couple the electric (E) field.

  50. From taking screenshots of your lovely scope I'm able to ascertain that your name is Dave..
    Joking aside I imagine with even just Al foil the eddy currents would produce enough noise to disguise the AM packets, although they are sent after the circuit is charged but at that freq it probably stops the induction to the receiver coil in the first place..
    I love how every second week these card are on the news as a "security risk" but never referring to the RFID technology itself. Anyhow great video mate..

  51. If they are using PKI then I would guess the risk to be a Man in the Middle attack. If the data to the card includes a time stamp then a replay attack should be difficult.

  52. Before freaking out about NFC creditcard technology, lets actually think about what's going on inside those cards. 1) You cannot actually read "creditcard data", like on those swipe type (magstripe) cards – there's a chip inside the card that encrypts the PAN and PIN of your card based on charged amount and other stuff. That chip actually uses the payment terminal as an intermediary when communicating with a payment system. All of the information that goes into the card and out to the payment system is encrypted. In other words, until this encryption scheme is not cracked, it can be considered safe. 2) Even if you build a device that communicates with a NFC creditcard, that gives you very little. You also would need to find an acquirer bank that will accept a transaction from an unauthorized device. And believe me, it is tough and expensive business. So, I can realy guarantee you, that, if such theft will ever be accomplished, it will probably be one off. 3) If you were thinking, that you could make a transaction by "channeling" from an NFC creditcard into a legit payment terminal, well, there is a protection too. So, if you were thinking to make a living out of stealing creditcard data from NFC cards – just get a job. If you are just an owner – stop freaking out and spending money on silly stuff like that bag in the video.

  53. i know that (at least SOME) Rfid readers can read multiple things at the same time, as the library where I live use RFID in the books, and on the self-service machine you can stack the books and it reads them fine

  54. You will find that the credit card details can be retrieved. If you had pressed the tag information, you would have seen the credit card number.

  55. A perfect solution to stop these cards being read without the owners permission would be to embed a photo diode into the body of the card that only allows the circuit within the card to activate when it is in ambient light (ie out of a persons wallet) then when it is in the wallet / bag, it would be unreadable.

  56. i thought that there has never been a case of someone scanning cards for RFID and that it would take a heavy duty one that would be hot and impractical if used from a distance, I could be wrong

  57. Hey EEVblog, I might not be absolutely correct but it seems RF communication works with the same principle as RFID cause you are still using the same electromagnetic field for TX and RX except that the distance has to be very closed for reception. The current that is oscillating in RF antenna induce the same magnetic field for long distance transmission, and at the destination end you surely do need the antenna where the same signal will be induce except that mechanism for reception is different, but basically the medium is still the same. Thanks for pointing this out.

  58. Good Lord! It works. Just two layers of aluminum foil inserted in my wallet and NFC can't read anything. Thank you very much for that advice!

  59. I remember in the 90 all the public phone use that chip for cards with credits. And we use a eprom with the software to emulate and call free.

  60. Guaranteed, I can scan your card through that bag with inexpensive equipment I built and use daily. I can read it through all passive shields tested to date, our database of failed shielding pockets, wallets, phone cases, and bags (airport luggage) is at 832 products with only 3 products actually causing significant issues extracting the information required to perform a transaction without visual or physical contact with the card. Be more careful about what security products you endorse as probably working, they only work on low power RFID readers. Criminals use high powered RFID readers. We believe there are a lot of criminals using these making it a HUGE concern with an ever increasing probability that any given individual will be targeted with an attack in a given timeframe. We will be probing many major metropolitan cities across the U.S. to discover the reality of how likely someone is to becoming the target of such a scam. We will post a site and post out data when we complete our studies. We are projecting study completion in November of 2020.

Leave a Reply

Your email address will not be published. Required fields are marked *