General > General Technical Chat

Credit Card, Bank Card NFC. The most useless function every invented

<< < (11/26) > >>

edtyler:
Overall, I'd agree that the risk is low and does require a terminal to submit the fraudulent transactions. The fact that detected fraud has gone down does not necessarily mean that undetected fraud is not present.

One thing I have noticed about NFC transactions if that the user rarely gets a paper receipt showing the amount charged for later comparison against the bank statement. They are too concerned about convenience. I'd expect these folks don't even review their credit/debit card statements. So, there is a greater chance for undetected fraud.

I advise people that are concerned about this issue to either request non-NFC cards or drill a hole to break the antenna. My (45 and 30) kids love the ease of use. I am much more concerned about security than they are. To each, their own...

edtyler:
Relay attacks are demonstrated in some of the Defcon talks. But, there were others with focused RF energy that allowed reading from greater distances.

One can trade convenience for security. I choose more security. Others choose convenience. The only thing that is important is to recognize there is a trade-off and to be able to properly asses one's risk and decide if mitigation is needed.

I'm not claiming that everyone should drill their cards, just that people should be able to make an informed choice.  When banks claim "NFC is super secure", I beg to differ.

Halcyon:

--- Quote from: edtyler on March 05, 2022, 03:43:15 am ---Overall, I'd agree that the risk is low and does require a terminal to submit the fraudulent transactions. The fact that detected fraud has gone down does not necessarily mean that undetected fraud is not present.

One thing I have noticed about NFC transactions if that the user rarely gets a paper receipt showing the amount charged for later comparison against the bank statement. They are too concerned about convenience. I'd expect these folks don't even review their credit/debit card statements. So, there is a greater chance for undetected fraud.

I advise people that are concerned about this issue to either request non-NFC cards or drill a hole to break the antenna. My (45 and 30) kids love the ease of use. I am much more concerned about security than they are. To each, their own...

--- End quote ---

I also think the cases of "undetected fraud" are also decreasing as consumers are becoming more and more aware of scams and are more vigilant in checking their bank accounts/transaction statements. Particularly as apps have made this process so much easier. Many banks will even notify you via push notifications when a transaction occurs.

As for receipts, that behaviour hasn't changed (at least here). Receipts are still printed by the card terminal, but for me, I say "no" to them as I don't have any use for them. It's just scrap paper to me.

austfox:

--- Quote from: BradC on March 03, 2022, 09:10:18 am ---
--- Quote from: SmallCog on March 02, 2022, 03:08:22 am ---The device "skims" the card and can be used once only due to a "rolling code" (it's a bit more complex). Any transaction in Australia >= $100 requires a PIN. So the skim can be used once for a transaction < $100 and only if the card holder hasn't used the card between the skim and the attempt.

--- End quote ---

--- End quote ---

I realise NFC via phones are active, and hence can have a 'rolling code', but wouldn't a passive card always have the same code?

langwadt:

--- Quote from: austfox on March 05, 2022, 09:46:20 am ---
--- Quote from: BradC on March 03, 2022, 09:10:18 am ---
--- Quote from: SmallCog on March 02, 2022, 03:08:22 am ---The device "skims" the card and can be used once only due to a "rolling code" (it's a bit more complex). Any transaction in Australia >= $100 requires a PIN. So the skim can be used once for a transaction < $100 and only if the card holder hasn't used the card between the skim and the attempt.

--- End quote ---

--- End quote ---

I realise NFC via phones are active, and hence can have a 'rolling code', but wouldn't a passive card always have the same code?

--- End quote ---

the chip cards are not passive, they get power from the communication to run a processor on the card

Navigation

[0] Message Index

[#] Next page

[*] Previous page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod