Jun 22 2012

Disabling Contactless Cards

Recently there has been much press coverage of the security flaws around contactless credit and debit cards and how the card details can be read without your knowledge.

I wanted to find a simple and effective solution that disabled this contactless feature.

Today I read that this task has been made simple for Android phone owners with a convenient app to read these cards.

There are many forums and threads out there about people asking their banks to provide cards without this feature to no avail.

You even have STUPID people drilling out or damaging the chip used for ‘Chip and PIN’ purchases – not very clever if you live in the UK since just about all in-store purchases and ATMs use this chip. Also this leaves the contactless feature intact! (OK, he is an Aussie I suppose – maybe they still use the magnetic stripes there).

If you really are a paid-up member of the tin-foil-hat brigade then you could use some to shield your cards in your purse or wallet. Yes, this mostly works but it’s too much trouble for my liking and there is a risk that a fat wallet without foil coverage at the sides might ‘leak’ enough to allow the card to still be read up-close.

I decided to do some research of my own. I had cards from Santander, Barclays and MBNA to play with.

Normally these cards have a second chip for the contactless feature that is independent from the chip-and-PIN chip. This chip must have a loop antenna connected to it to allow remote energisation from an RFID reader. This loop in normally a coil of 4-5 wires.

I thought it would be easy to find this second chip and drill it out but on my cards there was no indent or easy way to determine where it was hidden without totally destroying the card. And of course it could be different on each card.

So plan B was to break the loop antenna. I started by cutting some of my debit and credit cards. I then looked for any severed wires inside of the cuts. I found one place where all my cards had these wires and it was at the top centre of the card approximately 4-7 mm below the top edge. Incidentally, I could find no place on the card where the antenna was closer to the edge.

So all you need to do is to use a pair of scissors and make a vertical cut at the top approximate centre of the card. It only needs to be around 7mm. You can check by closely looking for severed wires in the cut. If your eyesight is good and you cannot see any shiny cut wires then there is a chance your card is different from all of mine. The Chip-and-PIN part still works for me and so do ATM transactions.

If you are totally paranoid I recommend you test the effectiveness of your work by going to the nearest ‘wave and pay’ outlet to see if it can detect your card.

