With the advent of embedded contactless chips in bank cards, some Russians began to wrap them in aluminum foil. Is that another paranoia or a working life hack that can protect your money?
We guess all of you know what contactless payment is. Due to them, we don’t need to get a card from a wallet or from under a smartphone case. We only have to bring them a few centimeters closer to the terminal or ATM reader to make a purchase or withdraw the necessary amount.
Further reading: Apple Unleashes Tap To Pay Feature, Your iPhone Will Become A Contactless Payment Terminal
Unfortunately, there are two sides to the coin. And though contactless payment eases our lives a lot, there is a security problem.
How scammers operate
Attackers have always had a lot of ways to illegally withdraw funds with bank cards: from simple peeping over the shoulder and SMS phishing to well-planned cyber-attacks using high-tech equipment.
In the case of contactless cards, this is even easier to do. They just buy a POS terminal somewhere on the black market (aka “skimmers”). Then, they walk around in crowded places, quietly leaning it against the bags and pockets of people. It’s identical to the pickpocketing, but unlike it, does not require the same manual dexterity and long training.
However, it is important to understand that pulling off such a scam is not easy. Firstly, all POS terminals must be registered to a specific person with passport and TIN data. In order for the terminal to accept payment, it must be connected to a certain bank.
In addition, the amounts that can be stolen in this way without entering a pin code on the part of the cardholder are small enough. Contactless purchases, as a rule, are limited by the maximum amount per transaction (CVM limit). Also, due to push and SMS notifications, which are instantly displayed on the smartphone screen in case of debiting, the risk of being caught on the spot remains too great.
Nevertheless, back in 2017, FinCERT of the Bank of Russia recorded isolated cases of using devices capable of reading information from payment card chips. In some cases, the attackers even managed to copy the data to special card clones, simply “blanks”. Later, they just used those cards to get the whole money through ATMs.
How to protect your bank cards
Today, there are several ways to protect yourself from such attacks. The simplest of them is not to store a bank card in a wallet separately from other cards. The fact is that it is much more difficult to read data even from two cards that use a contactless chip. When the skimmer detects two chips, it cannot understand which card needs to be debited. So we highly recommend keeping a few contactless cards together.
When saying this, we do not mean two bank cards but any other card with a contactless chip. It could be a discount card from a supermarket or a loyalty card from a gas station. Thus, you will significantly reduce the risk of contactless theft of your funds.
The second way is to purchase a special protective cardholder. They usually carry printings such as “NFC protected” or “Protected from RFID”. As you guess, these are the two technologies that the reader and the radio chip use to exchange a radio signal between them.
The RFID chip in your card itself does not have a power source. So when you carry the card in your wallet, it is in sleep mode all the time. However, once you bring it closer to the terminal, the radio transmitter at the checkout forms a magnetic field making the chip switch to the “ON” state. Under a layer of leather or plastic, they have a foil material that is able to block the magnetic field from the reading equipment.
Knowing this, some Russians do it in an easier way – they make similar cardholders themselves. You just need to fold the usual food foil in several layers and put it in the wallet compartment where your cards are. And no one can say that this is not a working method.