Swipe Card Vulnerability
The swipe and go revolution is here, and like all things new this technology has already been exploited by attackers who can secretly scan your card in a second without you even knowing. Many Australians have already become unfortunate victims of this crime.
The swipe and go technology consists of a kind of credit card that utilizes a small capacitor which is embedded into a chip on the card. When this card is held in close proximity to a card reader, the capacitor is energised releasing a small charge that enables the chip to transmit your credit details to the scanner or card reader.
The reader is connected to a terminal that interfaces the internet and connects to your banking institution, thus once your card has been read and the amount charged, your credentials are computed and the transaction is authorised dispersing the funds to the merchant with the card reader. This process is not always instant, but the transmission of the credentials written to the chip on your card is, and this is the part that attackers have exploited to gain unauthorised access to your funds and in some cases your identity.
Because the "swipe and go card or wave and pay" (proximity cards) only need to be held close to a card reader, it is very easy for an attacker to stow a mobile card reader in their bag or purse or briefcase, and hold it close enough to your wallet to record the financial credentials on your card. This is an electronic pick-pocket crime.
Obviously crowded public places where some queuing may be involved are ideal locations for such theft, train stations at peak hour that use this new 'swipe and go' technology are prime for this kind of theft. Crowed elevators, escalators, long cues and public transport all provide an excellent hunting ground for this kind of crime.
Obviously crowded public places where some queuing may be involved are ideal locations for such theft, train stations at peak hour that use this new 'swipe and go' technology are prime for this kind of theft. Crowed elevators, escalators, long cues and public transport all provide an excellent hunting ground for this kind of crime.
It only takes a second or so and someone can simply bump into you or even stand close enough to quickly scan your card or even walk past to perform a scan.
You may be asking how you can circumvent such crime, well there are two very easy ways, the first, never get one of these cards, the second involves a rather crude yet effective means of shielding your card from these hidden scanners by wrapping it in tin foil. An even better method invovles lining either side of your purse or wallet with foil, or better still, simply purchase them pre-installed with foil lining, a simple google search should yield some results on where to purchase these items or refere to the link below.
You can purchse them online here: CITY BEACH
A card reader or scanner is unable to read through aliminium foil and the scanners signal will simply be reflected back.
You can purchse them online here: CITY BEACH
A card reader or scanner is unable to read through aliminium foil and the scanners signal will simply be reflected back.
Before the inception of the swipe and go cards, many people used a standard key card that makes use of a magnetic strip that holds your credentials and account information. These cards also require the use of a PIN or a secret 'personal identification number' that becomes a second factor of authentication that is needed to complete transactions. It is this multifactor authentication mechanism
that makes the older style cards safer than chipped cards that use scanner technology.
that makes the older style cards safer than chipped cards that use scanner technology.
Attackers can and do place skimmers (card readers) in and on teller machines and also portable card readers such as those found in many convenience stores. When your cards magnetic strip is read or 'skimmed' all of your account details may in some cases transmitted wirelessly to a nearby laptop or stored on the skimmer to be later used by the attacker. The attacker must have your pin number to use these credentials, without it he cannot make any transactions, this is why a two-factor authentication security mechanism is more valuable than a single-factor authentication method used with 'swipe and go' cards.
Always make sure you cover the keypad when you enter your PIN, try and make sure no one can see the numbers you enter, and if possible try and avoid using the ATMs mounted in the wall at shopping centers, as these are often the kind specifically targeted. ATM's situated in a dark places that make it easy for criminals to insert skimmers at night are perhaps the hottest targets for skimming attacks. If anything, at the momment it is perhaps safest to withdraw cash from inside your bank much like the old way, or if you make use of your keycard (still cover the keypad) or use the cashout facility when checking out at the register, and always be sure to keep your reciepts!
We often recommend our customers use a separate account for online and other transactions that make use of this technology, if you can afford to loose a few hundred dollars, then have an account that is setup for these transactions only so as to reduce your risk of having your main account emptied.
Remember also that card theft should be reported immediately and have the account frozen until a new card and credentials have been issued. If you loose your swipe and go card anyone can use it as no signature or PIN is required, again ring your bank and cancel it immediately or as soon as you think it has been stolen or compromised.
Unfortunately swipe card technology is steadily being implemented across Australia, it serves consumers with a greater convenience, but with that also comes fraudulent activity.
With advancing technologies we must excersie even more vigilance and routinely change our own habits and behaviours to help mitigate our security vulnerabilities. Simple things such as regularly checking bank statements, covering your PIN, wrapping swipe cards in foil, regularly changing passwords for online banking and increasing your password strength are all good starting points to increasing your security and protecting your personal information.