Author Topic: Credit Card, Bank Card NFC. The most useless function every invented  (Read 15566 times)

0 Members and 1 Guest are viewing this topic.

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 6126
  • Country: au
Re: Credit Card, Bank Card NFC. The most useless function every invented
« Reply #25 on: March 03, 2022, 05:37:48 am »
  • NFC cards are orders of magnitude harder to duplicate or fake than the old mag-stripe cards.
  • Non-contact means less wear and tear on cards, particularly in places like Australia where card payments represented about 75% of consumer payments last year.
  • You can use your phone as an NFC payment device, negating the need to carry a physical card at all.
  • Payments can be completed much faster, for example, at parking station boom gates.
  • ATM/payment terminal skimmers traditionally read the magstripe data from cards and optically captured your PIN. Now that magstripe has been disabled (at least in the first instance when attempting to pay), these skimmers are now useless.
  • NFC card skimming although theoretically possible, it's not really practical. Instances of skimming in Australia fell by 37.3% in the last financial year alone and if you go back further, it just keeps falling year-on-year. Most banks (here) will reverse/refund disputed transactions without question.
  • NFC means I don't have to touch a grubby payment terminal that all and sundry have touched after picking their nose or adjusting their bollocks
 
The following users thanked this post: thm_w, tooki, DiTBho

Offline Berni

  • Super Contributor
  • ***
  • Posts: 5050
  • Country: si
Re: Credit Card, Bank Card NFC. The most useless function every invented
« Reply #26 on: March 03, 2022, 08:02:36 am »
Yep i find NFC payment cards useful too. It is more convenient without any major down side.

The one generation older chip with contacts uses the same kind of one time key exchange to sign a transaction, only difference being that the communication happens over gold plated pads rather than over a magnetic field. As others have said this means you must perform the transaction right there on the spot (so more work, less profitable and easy to get caught). It is impossible to clone a card this way.

The more important part now is that a device with NFC like a phone or smartwatch or whatever can emulate a NFC payment card. There is no need for a wanky new proprietary system to enable payment with these devices. Not even a need for a special service for this like ApplePay or GooglePay (Unless you own a device made by a manufacturer that actively takes steps for that to be impossible on there devices for the purpose of creating a monopoly...) Lots of large banks have mobile banking applications that can NFC emulate a regular Visa or MaserCard or whatever payment card.

Using a mobile phone is NOT the replacement for a wallet (like where would you keep your ID card, drivers license, registration...etc). It just provides a convenient alternative for a case where you might have forgot your wallet at home, in your car, at work..etc and it allows electronic banking to happen between mere mortals rather than only with companies. I can give the guy next to me 6.58€ exactly to the last digit by simply scanning a QR code, no need to muck about with finding change for the 50€ piece of paper i have in my wallet. This is the future of money.

 

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 6126
  • Country: au
Re: Credit Card, Bank Card NFC. The most useless function every invented
« Reply #27 on: March 03, 2022, 08:15:41 am »
Ultimately, it gives consumers another choice. I use NFC 99% of the time. If you don't like it, simply don't use it? It causes no harm having it there. Perhaps one day if the chip part of your card dies or for some reason the terminal has a fault, you can still pay for things.
 
The following users thanked this post: Someone

Offline BradC

  • Super Contributor
  • ***
  • Posts: 2129
  • Country: au
Re: Credit Card, Bank Card NFC. The most useless function every invented
« Reply #28 on: March 03, 2022, 09:10:18 am »
I'm surprised if it's new, I reckon it's been here for about 10 years, and nobody I know has ever been skimmed.

I've seen it done as a proof of concept. It's a one time thing. The device "skims" the card and can be used once only due to a "rolling code" (it's a bit more complex). Any transaction in Australia >= $100 requires a PIN. So the skim can be used once for a transaction < $100 and only if the card holder hasn't used the card between the skim and the attempt.

It's not incredibly secure in the traditional context, but it's secure enough to make the labour involved not worth the effort.
 

Offline retiredfeline

  • Frequent Contributor
  • **
  • Posts: 572
  • Country: au
Re: Credit Card, Bank Card NFC. The most useless function every invented
« Reply #29 on: March 03, 2022, 09:13:06 am »
Any transaction in Australia >= $100 requires a PIN.

Was raised to >= $200 at the beginning of the pandemic.
 

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 6126
  • Country: au
Re: Credit Card, Bank Card NFC. The most useless function every invented
« Reply #30 on: March 03, 2022, 09:22:34 am »
Any transaction in Australia >= $100 requires a PIN.

Was raised to >= $200 at the beginning of the pandemic.

That was supposed to be temporary but kept getting extended. I don't mind it though.
 

Online DiTBho

  • Super Contributor
  • ***
  • Posts: 4367
  • Country: gb
Re: Credit Card, Bank Card NFC. The most useless function every invented
« Reply #31 on: March 03, 2022, 09:29:57 am »
Not even a need for a special service for this like ApplePay or GooglePay (Unless you own a device made by a manufacturer that actively takes steps for that to be impossible on there devices for the purpose of creating a monopoly...)

Yup, and also Garmin-Pay to pay for your Ski-lift. Some ski resorts accept it.
I might buy a Garmin smartwatch but don't like this proprietary payment feature.
The opposite of courage is not cowardice, it is conformity. Even a dead fish can go with the flow
 

Offline Brumby

  • Supporter
  • ****
  • Posts: 12413
  • Country: au
Re: Credit Card, Bank Card NFC. The most useless function every invented
« Reply #32 on: March 03, 2022, 01:14:19 pm »
Any transaction in Australia >= $100 requires a PIN.

Was raised to >= $200 at the beginning of the pandemic.

That was supposed to be temporary but kept getting extended. I don't mind it though.
I wouldn't be at all surprised if it was a permanent change.

The non-contact thing has been a brilliant function within a Covid world.  Whether card or mobile device, reducing physical contact is the best infection control you could have in a retail setting.  I've seen people do a "hover" with their card, so even it doesn't touch the terminal.

From what I have observed, it's also faster processing a long line of customers than card insertion or swiping.

As far as risk is concerned, from what I understand, the financial institutions have policies in place to deal with fraudulent transactions ... something they have had to deal with since credit cards came into being.
 

Offline SeanB

  • Super Contributor
  • ***
  • Posts: 16385
  • Country: za
Re: Credit Card, Bank Card NFC. The most useless function every invented
« Reply #33 on: March 03, 2022, 05:29:32 pm »
NFC works well, and in general with almost 99% of the transactions they are online, with the card validating to the terminal, and the terminal validating to the bank immediately. Offline most of the time NFC will error out, or ask for you to insert the card, and require a PIN entry, so that it can store the transaction for later processing. Here the limit before NFC asks for the PIN is R500, roughly $33US, and pretty much every single merchant rund either NFC or chip and pin.

The only standout is the good old SA Post Office, still using XP as front end processing, and with terminals that have NFC and chip on them (as the old ones wore out and got replaced) that is unused, as the POS application they use has no ability to use those features, so they are still using swipe and PIN for transactions, though of course only for some, as most transactions you need to pay in cash.
 

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 6126
  • Country: au
Re: Credit Card, Bank Card NFC. The most useless function every invented
« Reply #34 on: March 03, 2022, 09:53:57 pm »
As far as risk is concerned, from what I understand, the financial institutions have policies in place to deal with fraudulent transactions ... something they have had to deal with since credit cards came into being.

Since getting rid of the old magnetic stripes here, cases of card fraud has fallen which ultimately save the banks a lot of money. As technology improved, fraudsters had to find new ways of stealing from people. As chips and NFC became more prevalent, the instances skimming dropped significantly, but instances of "card-not-present" fraud started increasing. By 2017-2018 financial year, CNP fraud accounted for 85% of all fraud on Australian cards. Basically, it's not the technology on the card itself that crooks are exploiting, rather stealing cards from mailboxes and selling those details online is a popular move.
 
The following users thanked this post: SeanB, RJSV, DiTBho

Offline rob77

  • Super Contributor
  • ***
  • Posts: 2087
  • Country: sk
Re: Credit Card, Bank Card NFC. The most useless function every invented
« Reply #35 on: March 04, 2022, 08:33:11 am »
rather stealing cards from mailboxes and selling those details online is a popular move.

that's something that can be solved by 3-D secure , it's being heavily implemented in europe.  once all card issuers, payment processors and merchants  will implement it , stealing the card itself or copying it will be pointless.

 

Offline Berni

  • Super Contributor
  • ***
  • Posts: 5050
  • Country: si
Re: Credit Card, Bank Card NFC. The most useless function every invented
« Reply #36 on: March 04, 2022, 10:16:54 am »
Yep these days most cards use additional authentication whenever used online. Be it enter a SMS code, approve the transfer trough the banks website, approve it via the banks phone app etc... Making it much more difficult to pull off something like this.

I still have a separate prepaid debit card for online stuff, so they can only steal how much is on that card.
 

Offline SilverSolder

  • Super Contributor
  • ***
  • Posts: 6126
  • Country: 00
Re: Credit Card, Bank Card NFC. The most useless function every invented
« Reply #37 on: March 04, 2022, 03:06:05 pm »

When cars were made more difficult to steal, car-jackings increased instead...   criminals will be criminals,  they just go for the lowest hanging fruit?
 

Offline BrokenYugo

  • Super Contributor
  • ***
  • Posts: 1214
  • Country: us
Re: Credit Card, Bank Card NFC. The most useless function every invented
« Reply #38 on: March 04, 2022, 05:05:23 pm »
I'd find mine more useful if it didn't autorun the transaction as debit and force me to manually punch in a pin number anyways.
 

Offline SiliconWizard

  • Super Contributor
  • ***
  • Posts: 15797
  • Country: fr
Re: Credit Card, Bank Card NFC. The most useless function every invented
« Reply #39 on: March 04, 2022, 05:36:12 pm »
So yeah. NFC is convenient, and reasonably secure. It only works reliably at very short distances, despite some lab experiments claiming to have shown communication with NFC devices at several meters - it's either bullshit or requires very expensive equipment. Contrary to RFID in general, NFC is tuned for very short distances.

Now there's still the possibilty of losing your card and anyone can use it for NFC payments - but as some have said, it's limited to a relatively low amount per day. Of course, it could still be pretty annoying if you're broke. But these days you can declare the loss of a card very quickly (as long as you are aware of it...) and it'll get blocked.

All in all, it's a relatively convenient feature with not that many downsides. What I personally find more concerning is the way it's linked to a completely cashless society, which is a big can of worms, and the topic largely beyond this thread.
 
The following users thanked this post: SilverSolder

Offline SilverSolder

  • Super Contributor
  • ***
  • Posts: 6126
  • Country: 00
Re: Credit Card, Bank Card NFC. The most useless function every invented
« Reply #40 on: March 04, 2022, 07:32:36 pm »
So yeah. NFC is convenient, and reasonably secure. It only works reliably at very short distances, despite some lab experiments claiming to have shown communication with NFC devices at several meters - it's either bullshit or requires very expensive equipment. Contrary to RFID in general, NFC is tuned for very short distances.

Now there's still the possibilty of losing your card and anyone can use it for NFC payments - but as some have said, it's limited to a relatively low amount per day. Of course, it could still be pretty annoying if you're broke. But these days you can declare the loss of a card very quickly (as long as you are aware of it...) and it'll get blocked.

All in all, it's a relatively convenient feature with not that many downsides. What I personally find more concerning is the way it's linked to a completely cashless society, which is a big can of worms, and the topic largely beyond this thread.

Not wishing to stray the topic off course, but I agree with that.  I think some form of cash (or cash equivalent) will always exist, even if people begin using cigarettes instead of bills etc.  :-)
 

Offline langwadt

  • Super Contributor
  • ***
  • Posts: 4857
  • Country: dk
Re: Credit Card, Bank Card NFC. The most useless function every invented
« Reply #41 on: March 04, 2022, 09:36:29 pm »
So yeah. NFC is convenient, and reasonably secure. It only works reliably at very short distances, despite some lab experiments claiming to have shown communication with NFC devices at several meters - it's either bullshit or requires very expensive equipment. Contrary to RFID in general, NFC is tuned for very short distances.

Now there's still the possibilty of losing your card and anyone can use it for NFC payments - but as some have said, it's limited to a relatively low amount per day. Of course, it could still be pretty annoying if you're broke. But these days you can declare the loss of a card very quickly (as long as you are aware of it...) and it'll get blocked.

All in all, it's a relatively convenient feature with not that many downsides. What I personally find more concerning is the way it's linked to a completely cashless society, which is a big can of worms, and the topic largely beyond this thread.

if for nothing else because if you have your card blocked or lost, you are totally screwed waiting for a new card arriving in
the post
 

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 6126
  • Country: au
Re: Credit Card, Bank Card NFC. The most useless function every invented
« Reply #42 on: March 05, 2022, 01:44:49 am »
rather stealing cards from mailboxes and selling those details online is a popular move.

that's something that can be solved by 3-D secure , it's being heavily implemented in europe.  once all card issuers, payment processors and merchants  will implement it , stealing the card itself or copying it will be pointless.

Some banks here implement 2FA for online purchases. My bank uses "Verified by Visa".

A lot of it comes down to personal security too. I treat my wallet like I would a wad of cash. I don't leave it laying around and I don't just chuck it at the front door when I arrive home. Gone are the days when crooks break into houses looking for electronic equipment of valuables, they go for your cards and identification (drivers licence etc...) and sometimes your car keys.

I also use a PO Box (I don't even have a mailbox at my house), that way, new cards are never sitting out on the street, unattended.

When cars were made more difficult to steal, car-jackings increased instead...   criminals will be criminals,  they just go for the lowest hanging fruit?

100%
 

Offline edtyler

  • Contributor
  • Posts: 38
  • Country: us
Re: Credit Card, Bank Card NFC. The most useless function every invented
« Reply #43 on: March 05, 2022, 02:19:03 am »
Defcon in 2018 and 2019 had several presentations where NFC cards were read from a distance of > 5 meters.

Are you suggesting that no one would ever attempt to steal money from a gullible hipster carrying NFC enabled cards?

Fortunately, the solution is easy. Simply drill a hole through the card, breaking the NFC antenna and rendering the "feature" inoperative.
 

Online ataradov

  • Super Contributor
  • ***
  • Posts: 11905
  • Country: us
    • Personal site
Re: Credit Card, Bank Card NFC. The most useless function every invented
« Reply #44 on: March 05, 2022, 02:20:41 am »
Can you link those presentation?

They may have read some aspect of the card, which is also questionable. But there is no way to perform a transaction without having a real bank account linked to the terminal. It is impossible to read and store some information from the card and use it later.

If anything, the weakness here is the fallback mode, which is how a lot of the abuse happened initially. I think this is going away now too.
« Last Edit: March 05, 2022, 02:23:00 am by ataradov »
Alex
 

Offline edtyler

  • Contributor
  • Posts: 38
  • Country: us
Re: Credit Card, Bank Card NFC. The most useless function every invented
« Reply #45 on: March 05, 2022, 02:22:21 am »
Sorry, but you are wrong. Cards can be "skimmed" from a relatively long distance. See the presentations at Defcon 2018 and 2019.

The chip feature is relatively more secure and requires physical contact, which will always be more intentional.
 

Online ataradov

  • Super Contributor
  • ***
  • Posts: 11905
  • Country: us
    • Personal site
Re: Credit Card, Bank Card NFC. The most useless function every invented
« Reply #46 on: March 05, 2022, 02:23:24 am »
Can you name specific presentations?

All I can find are passive relay attacks to extend the range. But ultimately the connection must terminate at the bank.
« Last Edit: March 05, 2022, 02:25:47 am by ataradov »
Alex
 

Offline edtyler

  • Contributor
  • Posts: 38
  • Country: us
Re: Credit Card, Bank Card NFC. The most useless function every invented
« Reply #47 on: March 05, 2022, 02:39:36 am »
Replying to both folks that asked for links.

Try using your favorite search engine to look for "defcon nfc hacking". It turned up stuff as far back as 2013. The proxy more is quite interesting, but the presentation I saw in 2019, if I recall correctly, was on a dish type antenna with high gain and a very narrow beamwidth used to activate a specific target.

Of course, there is more to this than simply stimulating the card to provide information. One needs a payment terminal that can be used to submit the fraudulent transactions.

However, simply waving one's hands and saying it "has never been done" does little to prove one's point.

As I said in another reply, if you don't like NFC, drill a small (4mm or so) hole through the card, breaking the antenna trace and the NFC function is disabled forever. If you like NFC and feel there is no problem, good for you.

I agree with the original poster - NFC offers ZERO value to me and pose an additional, unnecessary security risk. An even greater risk is putting all of this stuff on your mobile phone. I hope you never go to Defcon, because i suspect you will be on the "Wall of Sheep" or worse in less than an hour.
 

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 6126
  • Country: au
Re: Credit Card, Bank Card NFC. The most useless function every invented
« Reply #48 on: March 05, 2022, 02:44:00 am »
Defcon in 2018 and 2019 had several presentations where NFC cards were read from a distance of > 5 meters.

Are you suggesting that no one would ever attempt to steal money from a gullible hipster carrying NFC enabled cards?

Fortunately, the solution is easy. Simply drill a hole through the card, breaking the NFC antenna and rendering the "feature" inoperative.

Reading cards in a lab environment is one thing. Stealing card details to the point where you can use it for payment is entirely different. In Australia, almost all cards have NFC (that's over 50 million debit and credit cards in circulation), yet instances of fraud are lower than they have ever been. It goes to show that the technology is secure and stealing someone's details, especially in public and without being noticed just isn't feasible.

In my profession, part of my job is actually examining electronic devices in instances where card skimming devices have been used. In the last 10 years, I think I've seen maybe 3 or 4 of them and all of them have been designed for use with magnetic cards only. I'm not suggesting that it can't happen, but it would be akin to going to the effort of breaking into a Government building to steal a pen, why the hell would anybody bother? The risk and complexity involved is extremely high for something that has little to no reward.
« Last Edit: March 05, 2022, 02:52:39 am by Halcyon »
 

Online ataradov

  • Super Contributor
  • ***
  • Posts: 11905
  • Country: us
    • Personal site
Re: Credit Card, Bank Card NFC. The most useless function every invented
« Reply #49 on: March 05, 2022, 02:44:22 am »
All you will find are relay attacks. This does extend the range, but assumes that you have a terminal on the other side. You can talk to the card all you want, but you can't perform transactions without having that terminal liked to the bank account. You can risk doing so, and may be find some dodgy bank that won't report you immediately, but the risk is way too high.

But if anyone wants to drill their cards - do it, I don't really care.
Alex
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf