Reply With QuoteAll they are selling is a metal case
I made a thread a while ago about CC details, I was scanning my credit cards with my mobile using NFC (it should come up in a search).
Credit Card anti Skimming Stuff
I was ch-surfing last night and came across TVSN (I know, I know, I'm sorry!), selling this anti skimming card that you put in your handbag/wallet/bag and it emits a 10cm+( sure the guy said 90cm!), field that stops any nasty person from skimming your CC and or other cards data.
They had a 'Security Expert' who displayed on a monitor screen who said [quote] "This is a free app, and no, I'm not going to tell you where to get it". When questioned by the sun tanned presenter if it was an app - app. The security guy confirmed it was indeed a free app...
This app seemed to display (when a CC was placed against it), all sorts of info including hexdec information and so on.
The show had one of these that the app could talk to - NFC ACR122u RFID $45ish on feebay.
NB: Dates aside this is what I have found:
A YT clip of a SFCard Reader seems to show a Yen Value which one assumes is from a CC.
I'm curious as to what data my CC's and other RFID cards carry and of course I'm assuming that NFC is the same as RFID in this nature of the post.
There appears to be a Armourguard ;
that does the same thing. Besides my wallet that was pick pocketed on holiday, it had a metal plate to (supposedly), prevent this sort of stuff.
One can buy sleeves that CC's go into to avoid skimming.
A report I read that all a nasty skimmer has to do is increase the scan strength making these standard skim blockers worthless.
I must say that the figures that the sales people were pushing out (one American in every 3seconds has their card skimmed), for example - might be wrong in that figure, in my drunken stupor, was pretty scary.
Any idea where to get this app as mentioned from?
And can phones with NFC read this stuff - with appropriate app?
And I am aware that there is a post running around on this site that shows (well, then anyway), how to cut the RFID antenna tracks. But this post is about getting some software/app that can show me what's on CC's and other RFID cards.
| Look Here -> |
All they are selling is a metal case
I made a thread a while ago about CC details, I was scanning my credit cards with my mobile using NFC (it should come up in a search).
GT250 (04-05-16)
Bah, I cant find it
But did go back through Google Play store and was playing with Jackless to read cards.
GT250 (04-05-16)
Next time you pay using your card, note the operator will ask you 'How you are Paying' and if by Card in anyway, they will most likely hit a key to activate the 'reader'.
I am sure you will have tried to wave or insert the card before the operator is ready and been asked to either remove and reinsert the card or to 'Wave' again.
This came up when a query was made regarding how close to the reader did a Card have to be read.
I am curious as to how these so called 'Reader Blockers Cards' that supposedly put a 'Shield' around the Card to prevent it being read or is it simply a case of this 'Card' has a chip with numbers in it and when a reader tries to read it and your Card at the same time, the 2 sets of numbers at once confuses the Reader?
I stand unequivicably behind everything I say, I just dont ever remember saying it !!
GT250 (04-05-16)
On the show they had the MKII version which actually had a small red LED in the card. As it was being scanned/read the light would illuminate.Originally Posted by gordon_s1942
The seller was saying that the Skimguard works by 'absorbing' the scanning energy and this also powers the LED.
I'm just curious about looking at my RFID cards with the mobile or a reader attached to the PC :-)
Admin: If you do come across that thread, let me know ok
Cheers.
I think it might be this one.Admin: If you do come across that thread, let me know ok
Cheers.
Yeah, I remember that one now. I don't fancy punching a hole or slicing the antenna wires, as one day I might have to use the wave stuffI think it might be this one.
A bit more research (don't want to repost or teach others how to suck eggs), but oen of my 'visions' was to use the iPhone 6+ NFC ability to do some reading of RFID cards and other stuff - for research purposes only! But from my readings the NFC in the iPhone(s), are only for Apple Pay - and it's hardware ONLY, no SW!
I'm still keen to get a NFC reader/software and to able to 'look' at my CC's and other RFID stuff - Including my driving license which now has a chip on board...
What State has gone so up market to include a chip in their Driving licenses ??
I stand unequivicably behind everything I say
NO NO NO and HELL NO !!!!!
They're selling you bullshit GT and the worst thing is that people buy it. It's not the fake product that is the problem, it's the bullshit story they use to scare the plebians.
You're card can't be scanned unless it has power supplied to it. That means it has to be in the near field of a reader, so if it is in your wallet it will NEVER be scanned.
You can stick an ordinary 3 leaf clover in your wallet and it works exactly the same way. IT DOESN'T !!!
The "scanblocker" is the one I see on TV. Wow... I want to hurt the people who write this twaddle !
"90% of credit card fraud is committed while the card is on the owner."
NO FVCKING SHIT captain obvious !!!
Either your purse is done in a snatch and grab and the gronk runs to the nearest bottlo and buys a case of beer before you call the bank and kill the card.
OR ... the gonk picks up the carbon paper out of the bin in the back alley (classic old example) and they get your card number and details and hit your card a few months later while you're sitting at home watching TV. Has nothing to do with NFC.
I'll have to watch the ad again and write down their bullshit claims and post them here.
In the mean time I'm going to offer you all my specially designed and patented tin foil hat which prevents alien abduction.
My hats are not like those other tin foil hats, we use "Aluminium" which is scientifically proven to be lighter and faster than tin.
So much so they use this special metal in military aircraft. The reason is that it's very alien resistant and to date, not one aluminium aircraft has ever been abducted even with their advanced alien technologies.
My tin foil hats also don't emit dangerous magnetic rays. In fact they are so anti magnetic that no magnet will stick to them!
Best of all, they fold up and you can store your foil hat in a safe secure place so that aliens cannot find them and remove them leaving you vulnerable to their mind probes.
Call now and we'll also send you a free "alien wallet blocker". This ultra think credit card sized sheet of aluminium is very thin and thinner than all those other "terrestrial blockers" which don't prevent aliens abducting your credit cards, scanning them off world and then returning them to your wallet while they rack up millions of Altairian dollars around the galaxy all in your name!
But wait there's more!
Pay with your credit card and we'll send you a bonus magnetic pillow case, a mobile phone radiation shield, and an electromagnetic pest repeller.
We're so confident that you won't be abducted by aliens that we'll offer you an 80% reduction on our alien abduction insurance!
Yes I am an agent of Satan, but my duties are largely ceremonial.
Mines QLD Gordon. But not sure on other states.
Only got mine 3 weeks ago. Apparently it's called a 'Smart License'.
Send you a photo if you want.
Err, I hope you don't think I'm buying one of these blockers?
You watch tvsn as well Trash? Shame...
Here's a RFID hand held scanner specs, commonly bought. I don't understand the freq and dBm stuff, but you will."90% of credit card fraud is committed while the card is on the owner."
I'll have to watch the ad again and write down their bullshit claims and post them here.
Range 20+ ft./ 6+ m
Frequency Range/
RF Output
US: 902-928MHz; 4 - 34 dBm (EIRP)
EU: 865-868MHz; 4 - 34 dBm (EIRP)
Japan: 916-921Mhz (w LBT), 4 - 34 dBm (EIRP)
Japan: 916-923Mhz, 4- 27 dBm (EIRP)
Yeah, as I said, I'm interested in getting a NFC reader with appropriate Windows based S/W so that I can look into my CC's internals.
All good fun :-)
Wrong!
When I tried to pay for fuel at Caltex and swiped my ATM card and it didn't respond, I was told I had paid already.
It had already picked up my DEBIT card that was INSIDE my wallet at least 20cm away.
The pay wave Debit card now stays at home.
Update: A deletion of features that work well and ain't broke but are deemed outdated in order to add things that are up to date and broken.
Compatibility: A word soon to be deleted from our dictionaries as it is outdated.
Humans: Entities that are not only outdated but broken... AI-self-learning-update-error...terminate...terminate...
I think this is why the register operator has to select how your going to pay to stop this from happening.
Somewhere there was a mention one time that the register scanner did have the capacity to 'read' a card' at a distance of up to a Yard or Metre which in most SuperMarket check outs, most 'Readers' are only just double that distance apart.
GT, I didnt think Queensland was that far advanced seeing they still register motor vehicles annually by mail without being being inspected.
Last edited by gordon_s1942; 06-05-16 at 03:37 PM.
I stand unequivicably behind everything I say
AFAIK they use 13.56 MHz .Err, I hope you don't think I'm buying one of these blockers?
You watch tvsn as well Trash? Shame...
Here's a RFID hand held scanner specs, commonly bought. I don't understand the freq and dBm stuff, but you will.
Range 20+ ft./ 6+ m
Frequency Range/
RF Output
US: 902-928MHz; 4 - 34 dBm (EIRP)
EU: 865-868MHz; 4 - 34 dBm (EIRP)
Japan: 916-921Mhz (w LBT), 4 - 34 dBm (EIRP)
Japan: 916-923Mhz, 4- 27 dBm (EIRP)
Yeah, as I said, I'm interested in getting a NFC reader with appropriate Windows based S/W so that I can look into my CC's internals.
All good fun :-)
As a kid i always wanted to make my own RC system and often messed around with 27.125Mhz transmitter circuits because that was in Germany a free frequency where you didn't need any license. 13.56Mhz is half of that and I believe that was also free to use too but the antennas were a bit too long to be practical for RC hobby. Anyhow I managed to get a torch light bulb to glow 10-20cm away from the transmitter just using loops . This may have been 100mW or more.
A credit card would probably work with thousand times less energy.
A monitor could pick up the signals from the card reader many metres away but the return signal from the card would be much weaker but a metre should be possible. I am unaware what anybody could do with this communication data.
Update: A deletion of features that work well and ain't broke but are deemed outdated in order to add things that are up to date and broken.
Compatibility: A word soon to be deleted from our dictionaries as it is outdated.
Humans: Entities that are not only outdated but broken... AI-self-learning-update-error...terminate...terminate...
20cm is stll near field Nomeat.
The ads take advantage of making their victims think that they can scan the cards from a much longer distance.
The card can only be read while it is being powered and to be powered it needs to be in the near field of a reader, any reader or something behaving as such.
So the card can be read from much further, there is no doubt of that, BUT not unless the card is being powered.
The scamblockers rely on their victims not understanding that.
So if the situation arises that you use your card and it is energised legitimately, it can be read remotely.
The card data is stolen and used.
How does this play out?
You know how it will go.
You take the scamblocker company to court because their product doesn't work and you suffered damages because of it.
NO.
You had your card out of your wallet at the time and not protected by their product so therefore they are not liable.
Yes I am an agent of Satan, but my duties are largely ceremonial.
GT250 (09-05-16)
I don't know about credit cards in particular but RFID tags don't actually transmit per se. They convey the information by drawing pulses of current off their receive coil/antenna which in turn alters the current flow in the readers transmit coil/antenna. Think along the lines of a metal detector. If the reader emits a large enough field to wake up the tag and cause it to do it's pulse / draw activity from 5 metres away it can potentially read it.
GT250 (07-05-16)
Just a bit more reading (even though I probably mislabeled the heading - my real intention was to try and obtain the App the security guy was showing on the show), I found a little bit more out about what scanners/readers can get.
1) They can't get the 3digit security code. (Which is what most companies will request). And doh! why it's written physically on the card.
2) And in some cases (most it seems), the PIN is not stored on the card, but by the bank. - Look up 'EMV'. Seems some cards/companies have the pin on the card either on the chip or the magnetic strip.
So the main risk/damage of having your card skimmed seems to be the Paywave issues.
Just do a search for "cardtest" on the Android app store.
The PIN data is stored on the card, but it is one way encrypted. There is no way to recover the card PIN except by brute force.
Though I'm not sure if there are variations that do no longer store this information. Since it's secure and always has been there is no security threat.
Typically the way the PIN numbers work is that nobody but you knows the PIN number, not even the bank. If you forget it, that pin is not recoverable.
The protocol is that the card is read and the user challenged with a PIN number.
That number is then encrypted with the algorithm the bank uses. Lets call it DES5.
The bank then reads the card and compares the answer to the encrypted data on your card. If they match, then both the card and the user are valid.
There's no end to the security of one way keys checks.
An example... lets say your PIN is 12345
It's DES encrypted with a key derived from the bank which itself is kept secret from bank employees. The computer can generate it and nobody needs to know.
To brute force the answer offline you would have to guess the bank key and the pin even if you knew the encryption algorithm being used.
Of the 1x10^47 key and PIN combinations there might be 5000 or so that give you the encrypted result stored on the card.
The bank is going to give you 3 attempts before it spits out the card. Repeated attempts with failure are going to have the card withheld.
Lets assume you can make the pirate cards at will.
The card was with held and you created a new card for a new attempt. Failure to enter the correct PIN first go is going to not only with hold the second card, as well as log the camera footage, but the bank will also lock the account. No transactions will be valid. By which time the owner is going to come calling.
The 3 digit CIC code is a defacto security feature. It's easily captured by anybody who can physically see the card or trick the owner into doing so for them.
Actually GT, I would think that paywave is actually the least of your worries.
By far the easiest way to skim credit cards is by old fashion methods.
A flashy web site which looks legit or is a clone of a real business.
You place an order online and enter credit card details. The web site mysteriously crashes and it tells you the payment was unsucessful, or it looks like the transaction worked but the item never gets delivered and you're never charged for the item. Or the site redirects you to the legit page and places the order for you and everything looks normal.
That CC information is then held for several months and then used so that you do not associate the fraud with the site that skimmed the details.
The other brute force method is just to use a hidden or candid camera and watch legit transactions.
Several service station owners had a dodgey cousin Habib who might work for them part time. He sets up a security cam above the counter focused on the reader.
Captures the PIN numbers and the card info. This used to be done by magnetic strip, I've not heard of it since the chip cards have been in circulation.
Habib would then stop working for his cuz and six months later hit some ATM's with copied cards.
The smart ones hit up small stores or locations for once of small transactions. The dumb ones hit ATM's for large sums and got caught.
Yes I am an agent of Satan, but my duties are largely ceremonial.
I read about that app (before), I made my OP. From 2012 and only worked on a particular model phone and even some people who had the same phone it didn't work.
I'll try and some more digging into that Jap app that I came across.
I'll get back to the post if I come across anything of interest with CC's and my Driving License.
Regards to all
This does it from 3 feet ~ 10 M
Trash is on the money, most vulnerable part of the cards is still the old mag strip or even just the card numbers for a CNP transaction. I've noticed some banks requiring two factor authentication now for CNP transactions which is moving in the right direction.
Posting Permissions
Bookmarks