Your Credit Card Needs a Tin Foil Hat

By Frank Forte

I recently discovered something interesting about how PayPass works. I was testing out NFC tags for my website, when i learned that NFC tags can be read AND written by a smartphone (specific phones that are NFC enabled like the Samsung Galaxy Nexus).

I was immediately intrigued and decided to do a thought experiment. If I could read the data from a credit card that uses NFC, like those with PayPass, and then write it to a new NFC tag, I could use that NFC tag to pay for things. There is no reason that the copy would not work at a payment terminal! So, i tested it out. I had to try a number of free apps. Some could not understand the protocol, but i found one quickly. Soon after i found one that allows the smartphone to read, then immediately write the data, effectively making a copy. I have yet to test out my new Tag at the grocery store, but i am sure it will work. I wonder if the cashier will give me a funny look.

Okay, getting past the "scientific" value of what I just discovered, let’s talk about this in practical terms…  this is a huge security concern! If someone wanted to copy your “PayPass” they need to hold the phone right against the card. I tried through my wallet but it did not work. But people have been known to go the extra length to copy credit card magnetic strips, so i don’t see why someone wouldn’t develop a stronger reader that could go through your purse or pocket.

So how does this all relate to the title of the article?  I am now selling Tin Foil Hats for your credit card. Only $5 plus shipping and handling. Contact me for ordering details.

This entry was posted on Monday, May 7th, 2012 at 1:20 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.