| General > General Technical Chat |
| Credit Card, Bank Card NFC. The most useless function every invented |
| << < (14/26) > >> |
| Bassman59:
--- Quote from: edtyler on March 05, 2022, 02:39:36 am ---Replying to both folks that asked for links. Try using your favorite search engine to look for "defcon nfc hacking". It turned up stuff as far back as 2013. The proxy more is quite interesting, but the presentation I saw in 2019, if I recall correctly, was on a dish type antenna with high gain and a very narrow beamwidth used to activate a specific target. --- End quote --- You are making the claim. You need to provide the evidence to support that claim. "Do your own research!" is not an acceptable response to a request for that evidence. |
| Bassman59:
--- Quote from: Haenk on March 10, 2022, 03:32:19 pm ---I think the "risk" part of contactless payment can be neglected - the PIN-less transactions are limited to AFAIK a combined 150 EUR. --- End quote --- All transactions should require a PIN, then. Anyone who says, "... but that takes too long!" is an idiot. |
| tom66:
--- Quote from: edtyler on March 05, 2022, 03:43:15 am ---One thing I have noticed about NFC transactions if that the user rarely gets a paper receipt showing the amount charged for later comparison against the bank statement. They are too concerned about convenience. I'd expect these folks don't even review their credit/debit card statements. So, there is a greater chance for undetected fraud. --- End quote --- Whenever I use a contactless card or Apple Pay I receive a notification on my phone within a minute of making the transaction. I can also easily dispute any contactless transaction and the max payment is £100 by contactless alone. |
| tooki:
Indeed, I usually get the confirmation within 5 seconds. |
| Infraviolet:
Where banks don't offer you cards without contactless functionality you can always take a scalpel or other sharp implement and make deep scratches at certain points on the card (this will vary by card manufacturer) so as to break the antenna loop. Chip and pin functionality will be unaffected. As far as arguments abouta need for always needing a PIN go, this is sensible. A PIN isn't perfectly secure, and maybe contactless RFID/NFC isn't so insecure, but contactless without a PIN is definitely extra attack surface (even if a PIN gets required on some proportion of transactions) and reduces security, even if only by a small amount, for no conceivable benefit. If paying quickly matters there is a thing called exact change, keep it in your pocket, price up your stuff before you're at the till, count it up in advance and hand over the coin/note pile as you walk up. cashiers love it, much faster than ****ing around with NFCs which always decide not to work when there's a big queue and a need to hurry. Really we should all be endeavouring to use actual cash as much as possible, to keep in circulation the one form of payment which is not under threat whenever infrastructure is disrupted by malicious (foreign governments, own governments, criminals...) or accidental (power cuts, broken fibre cables, software updates...) events. Card payments should be reserved for their true purpose, online or other purchases of the kind where the buyer and seller are physically separated such that exchanging physical cash is impractical. |
| Navigation |
| Message Index |
| Next page |
| Previous page |