Barclaycard pay-by-bonk fraud risk exposes Amazon's security Channel 4 News has found out that pay-by-wave phones are compatible with pay-by-wave cards, and wants something done about it, but it's web bazaar Amazon that's lacking basic security. The investigation, which was carried out by viaForensics at Channel 4's behest, discovered that one can lift the credit card number, expiry …
@Jan 0 - A bicycle frame is not a Faraday Cage, in that it allows signals in the top and bottom. The idea of these wallets/envelopes is that the completely enclose the card (and also don't touch it, thereby inadvertently making it an aerial). This would make the wallet/envelope function as a Faraday Cage which no signal can pass into/out of.
The seat post, bottom bracket and head tube block the holes in a bicycle frame. Given that the shortest wavelength used for RFIDS is ~30mm (10GHz), a bicycle frame doesn't need to be hermetically sealed.
How good a Faraday Cage can a foil or mesh lined wallet be if it's not earthed?
That was a corrupt group of individuals, not a bank as a whole. It was very serious, but is not something which could happen these days due to the vastly increased use of audit, also the use of third party hardware appliances rather than in house coded apps for key generation/random number generation etc.
If you aren't going to trust your bank, who do you trust with your money? I would wager a mattress stuffed with tenners is not as secure as a bank, also doesn't have a guarantee from the Government that you'll get your money back.
This post has been deleted by its author
>> Any losses incurred by this kind of fraud would be refunded by Barclaycard, once the customer has jumped through the required hoops
And the required hoops ? No doubt prove the unprovable. They will claim that their system is secure (as they do with Chip&PIN), and therefore show that the transaction had to have been made with your card. Since you still have the card and it's never been out of your possession then you must have used it. QED - required hoops attempted and failed. I know someone who had his bank account maxed out just after pay day - and the hoops his bank made him jump through (how do you prove that you didn't make purchases in your home town ?) It caused him a not inconsiderable amount of hassle - and the Police were actively unhelpful and even threatened to arrest him for trying to get evidence preserved (he went to one place the card had been used to ask if they had CCTV of the purchase and could they preserve it - something the Police weren't prepared to do).
I too got a contactless Barclaycard - I too wrote to them and said I don't want it and **won't** carry it. Needless to say, they won't provide a card without, so I don't carry it (I have other cards without that). I was tempted to see what a few seconds exposure to 850W of 2.4GHz (standard domestic microwave) would do to the chip !
As for the "convenience", well I tend to find that it's convenient to hand over a small sheet of paper with a portrait of the Queen on it and/or a few small metallic tokens. They've served me well enough over the years, I can control the exposure to risk (I can't lose more than I'm carrying), and I've yet to find an establishment that doesn't take this old fashioned payment method.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
