[ rss / options / help ]
post ]
[ b / iq / g / zoo ] [ e / news / lab ] [ v / nom / pol / eco / emo / 101 / shed ]
[ art / A / beat / boo / com / fat / job / lit / map / mph / poof / £$€¥ / spo / uhu / uni / x / y ] [ * | sfw | o ]
logo
economics

Return ] Entire Thread ] Last 50 posts ]

Posting mode: Reply
Reply ]
Subject   (reply to 5424)
Message
File  []
close
ContactlessHowTo10-2789.png
542454245424
>> No. 5424 Anonymous
24th January 2015
Saturday 10:51 am
5424 spacer
I've recently switched banks. Despite clearly saying that I don't want a contactless payment debit card, in their infinite wisdom, they have sent me one.

I'm going to be lumbered with it until the replacement card arrives, so is there anyway I can tamper with it to disable tbr contactless technology without fucking up the rest of the card?
Expand all images.
>> No. 5425 Anonymous
24th January 2015
Saturday 11:05 am
5425 spacer
>>5424

Why not use it as a normal chip and pin card? Shops always ask me if I want to pay contactless or by chip and pin when I make purchases in-store.

As long as you're going to receive a replacement then you shouldn't have much to worry about.
>> No. 5426 Anonymous
24th January 2015
Saturday 11:37 am
5426 spacer
Christ not another boolad. Try wrapping it in tinfoil, that ought to stop the government mind control rays bruh.
>> No. 5427 Anonymous
24th January 2015
Saturday 12:25 pm
5427 spacer
>>5426

Personally I find mine a lot more useful than I thought I would but I can perfectly understand why someone wouldn't want one. It makes things like tapping your wallet on the tube/busses impossible because along with your oyster you've got two contactless credit cards and contactless debit card in there too. I imagine there could also be some confusion if you attempt to pay with with the chip and pin and it reads the rfid at the same time, adding more kerfuffle to an already miserable trip to the shops.

Let's not forget that if you lose the fucker or get it stolen someone is going to run up a whole load of £20 charges before you cancel it - you don't need a pin to use it. That's fine if it's a credit card, but a whole load of misery if it's a debit card.

Basically you're a knob for being so short sighted as to think this is even about tinfoil. Rage and safe for trolled to tears so early into the weekend.
>> No. 5430 Anonymous
24th January 2015
Saturday 1:53 pm
5430 spacer
The way the contactless cards work is the same as the oyster cards. If you feel the card there should be a lump somewhere, making the card ever so slightly thicker than the rest. If you take a hammer to that lump you should be able to break the RFID contactless chip. Could also use a razor to carefully seperate the front and the back of the card, remove the chip and plastic-cement it back together.
>> No. 5431 Anonymous
24th January 2015
Saturday 2:05 pm
5431 spacer
>>5430

I've heard of people doing this, and even going so far as to get the RFID chip out of the oyster and be able to mount it on a watch or something and yet I've never been able to find the RFID chip in any oyster card I've owned.

I think with a bank card you'd want to start looking somewhere around where the contactless symbol is, although that's just a guess.
>> No. 5432 Anonymous
24th January 2015
Saturday 3:25 pm
5432 spacer

IMGP3713.jpg
543254325432
>>5431
The chip alone won't be much use as it relies on the induction loop for power and as an antenna. This method involves putting it in a glass of nail varnish remover to melt the card apart. I have no idea what that would do to the chip, but it's a clean separation.

http://olliepalmer.com/tag/diy/
>> No. 5433 Anonymous
24th January 2015
Saturday 3:35 pm
5433 spacer
>>5424
>Despite clearly saying that I don't want a contactless payment debit card, in their infinite wisdom, they have sent me one.
Multi-billion pound bank knows better than illiterate customer shocker.
>> No. 5434 Anonymous
24th January 2015
Saturday 3:40 pm
5434 spacer
>>5433
U wot m8? You get a choice, he chose, they didn't deliver his choice.
>> No. 5435 Anonymous
24th January 2015
Saturday 3:51 pm
5435 spacer
>>5427
As a merchant I am told I am liable for any misuse. I am happy with chip & pin (prefer cash)
>> No. 5436 Anonymous
24th January 2015
Saturday 4:03 pm
5436 spacer
>>5434
>You get a choice
You get a choice insomuch as you get to go back after the fact and ask, just like with the chip and signature cards. As far as I'm aware it's not as simple as just ticking a box on the application form, and in such a case it's not enough to just ask the warm body on the other side of the desk. With those you had to specifically ask for one after receiving the PIN card and had to demonstrate that you were really unable to use a PIN (not merely that you didn't want it), and when the thing eventually arrived you couldn't use it at a cash machine because there was no PIN programmed and the moment you set one you had to use it instead of signing.

Of course, if you deliberately choose to go for something less useful for no real reason whatsoever, then you quite rightly deserve whatever fuss that comes with.
>> No. 5438 Anonymous
24th January 2015
Saturday 4:41 pm
5438 spacer
>>5436
Contactless cards are unsecure, you corporate cock gobbling cuntbag

http://thehackernews.com/2014/11/hackers-can-steal-99999999-from-visa.html

There are plenty of good reasons for not wanting one, so you can take your attitude and penetrate your relatives with it.
>> No. 5439 Anonymous
24th January 2015
Saturday 4:48 pm
5439 spacer
>>5438
>Contactless cards are unsecure
Oh dear. Do you want to have another go, daftlad?
>> No. 5440 Anonymous
24th January 2015
Saturday 4:50 pm
5440 spacer
>>5438>>5439

Both of you, chill out, you arsey buggers.

Acting all crazy up in here, about God damn nothing.
>> No. 5441 Anonymous
24th January 2015
Saturday 5:06 pm
5441 spacer
>>5439

Contactless cards use Near Field Communication, which isn't as secure as chip and pin. There was a BBC documentary about it and to prove the point, the expert they had explaining why it wasn't secure brushed past the presenter at the bar with a device he passed over his wallet in his back pocket and he had is details.

To say it is unsecure isn't quite right, but it certainly isn't as secure are chip and pin. At least not at the moment.
>> No. 5443 Anonymous
24th January 2015
Saturday 5:17 pm
5443 spacer
>>5441
Since someone can apparently brush a magic wand past your wallet pocket and waltz off with your deets there's something pretty fucking awry here.

Exactly how I'd materially benefit from contactless payments hasn't been explained to me by anyone other than shithouse marketing companies. They are mistaken in thinking I'm itching to spend my wages on their spaffy Costa coffee and/or fast food and just can't bear the 15 second chip and PIN process. The idea is to goad John Bull into impulsively spending his more of his wedge on garbage. No thanks.
>> No. 5444 Anonymous
24th January 2015
Saturday 5:28 pm
5444 spacer
>>5443
>Since someone can apparently brush a magic wand past your wallet pocket and waltz off with your deets there's something pretty fucking awry here.
I'd suggest that the thing that's pretty fucking awry is an overstatement of both the practicality of the attack and the feasibility of doing anything useful with the information afterwards. You don't tend to be able to just throw a request at a finance system and get money out of it without any checks. There will doubtless be checks in place to ensure that a contactless transaction is at least carried out with the right card present (which is easier when this is actually handled on the card rather than the terminal).

You need to remember that when experts like that talk about things being "insecure" they're talking in extremes - for instance, noted security expert Ross Anderson believes chip and PIN to be insecure for reasons that quite technical but result in mostly theoretical attacks which are quite difficult to carry out in practice.
>> No. 5445 Anonymous
24th January 2015
Saturday 5:31 pm
5445 spacer
>>5444

So what you are saying is the guy didn't clone his card and buy a pint with it? Gotcha.
>> No. 5446 Anonymous
24th January 2015
Saturday 5:36 pm
5446 spacer
>>5444
OK, now continue on to the 'I don't fucking want a contactless card' bit please. The whole fucking thing is designed to incentivise impulse spending (which is in the interest of Visa and the banks) at the expense (however supposedly minor) of user security. The most reassurance I've heard from Visa et al is 'if you lose it don't worry, what's £20 anyway?', so they can do a running jump.
>> No. 5447 Anonymous
24th January 2015
Saturday 6:08 pm
5447 spacer
>>5444
> I'd suggest that the thing that's pretty fucking awry is an overstatement of both the practicality of the attack and the feasibility of doing anything useful with the information afterwards.

http://www.dailymail.co.uk/sciencetech/article-2818811/Major-flaw-discovered-Visa-s-contactless-cards-Thieves-bypass-20-limit-steal-999-999-99-long-s-foreign-currency.html

"[...] the £20 limit on transactions can be bypassed by setting the scanners to use foreign currencies, security experts from Newcastle University have found.

t means transfers could – in theory – be authorised up to a value of 999,999.99 in dollars, euros or any foreign currency.

Thieves could rig a mobile phone to act like a scanner, allowing them to trigger transfers of cash from a bank account just by passing the phone over a wallet or purse containing the card, the researchers said. "

So basically you program a smartphone with NFC enabled to act like a Point Of Sale device (Paypal already have someone similar for chip and pin so this is definitely possible: https://www.paypal.com/uk/webapps/mpp/credit-card-reader) and can waltz past someone and ring up £20 on their card. You're not cloning the card at all (this is indeed fucking difficult), just brushing past it with a virtual POS and tricking it into making a payment.

Then, by setting your scanner up to use a foreign currency you can rinse their bank account clean in one fell swoop because the £20 limit doesn't apply.

I don't know how much more practical and feasible you can get, lad.

Absolute, total, mirth.
>> No. 5448 Anonymous
24th January 2015
Saturday 7:05 pm
5448 spacer
>>5447
I'm not that poster, and the idea of someone swiping money out of my pocket just by being close enough is genuinely concerning, but:
>[...] the £20 limit on transactions can be bypassed by setting the scanners to use foreign currencies, security experts from Newcastle University have found.
Do you really think this loophole won't be closed?
>> No. 5449 Anonymous
24th January 2015
Saturday 7:10 pm
5449 spacer
>>5448

Oh, well that's fine then. Lets all switch over in the meantime, even though the loophole is still open, because they'll close the loophole eventually.
>> No. 5450 Anonymous
24th January 2015
Saturday 7:12 pm
5450 spacer
>>5448
Well that's bound to be the only loophole, it's not like problems only become apparent after a period of time.

Fucks sakes lad apply some critical thinking please.
>> No. 5451 Anonymous
24th January 2015
Saturday 7:19 pm
5451 spacer
>>5447
>transfers could – in theory – be authorised
See?

>So basically I haven't bothered reading the article or the paper, so I'm going to take a guess at how it works and recast it in a way that's practical and feasible so I can claim that it's practical and feasible.
Fixed your post for you, lad.
>> No. 5452 Anonymous
24th January 2015
Saturday 7:24 pm
5452 spacer

batman-and-robin.jpg
545254525452
>>5451

"Look out, Batman! It's that dastardly crook, The Strawman!"
>> No. 5453 Anonymous
24th January 2015
Saturday 7:33 pm
5453 spacer
>>5450
If we apply your standard of critical thinking, surely we shouldn't use any electronic money transfers at all, given that they're all bound to be flawed, and that those flaws will only become apparent once in use?
>> No. 5454 Anonymous
24th January 2015
Saturday 7:37 pm
5454 spacer
>>5453

There is reason they try and force them on people, it's called field testing. Your bank account can be the sacrificial lamb if you are so keen.
>> No. 5455 Anonymous
24th January 2015
Saturday 7:41 pm
5455 spacer
>>5453
You've both forgotten that you're on the Internet and therefore Five, Six and HQ know exactly what you're doing.

Yours, Doughnutlad.
>> No. 5456 Anonymous
24th January 2015
Saturday 8:03 pm
5456 spacer
>>5455
>Five

How come we don't have boy bands anymore?

https://www.youtube.com/v/qZUn-KtTNmA
>> No. 5457 Anonymous
24th January 2015
Saturday 8:06 pm
5457 spacer
The systems we use every day are absolutely riddled with security flaws, but most of them aren't of practical concern. Chip and Pin is badly broken in all sorts of important ways, but none of these vulnerabilities are used by criminals because it's far easier to skim the magstripe data. We're not concerned about hypotheticals, but actual risk - what vulnerabilities are actually being exploited, how easy those attacks are to detect, and how their risk can be mitigated.

At present, we have no evidence that contactless payment presents a real and significant risk, and few fraudulent transactions have been seen in reality. The vulnerability mentioned upthread (the absence of a transaction value cap for foreign currency spends) is extremely easy to detect and mitigate, because those sorts of transactions are far outside the norm. Few or no transactions for high value in foreign currency via contactless payment are likely to be legitimate, so it is trivial for fraud detection algorithms to highlight and block those transactions. Crucially, contactless transactions are covered by the same guarantees as chip and pin, so the customer bears no liability.
>> No. 5458 Anonymous
24th January 2015
Saturday 8:30 pm
5458 spacer
>>5443

I'm waiting on a reply to
>Exactly how I'd materially benefit from contactless payments hasn't been explained to me by anyone other than shithouse marketing companies. They are mistaken in thinking I'm itching to spend my wages on their spaffy Costa coffee and/or fast food and just can't bear the 15 second chip and PIN process. The idea is to goad John Bull into impulsively spending his more of his wedge on garbage. No thanks.

, in case anyone feels like sticking their neck out.
>> No. 5460 Anonymous
24th January 2015
Saturday 8:40 pm
5460 spacer
>>5457
But m8, gypos might cyber-nick my millions. Apply some critical thinking, eh?

There's a fascinating talk here about how flawed chip and pin is:
http://media.ccc.de/browse/congress/2010/27c3-4211-en-chip_and_pin_is_broken.html
It doesn't exactly inspire confidence.

>> No. 5461 Anonymous
24th January 2015
Saturday 8:41 pm
5461 spacer
>>5458
Well, you don't, currently, and most people probably won't. It does, for reasons you have stated, serve as a way to get people to part with their money more easily. However, I can see it being useful in the future as payment via NFC becomes more common. I could have my phone linked up to PayPal which is linked up to not only my PayPal balance but my bank account/s and credit cards. It means I don't need to carry any cards around to lose, and all my money is consolidated to one thing. Perhaps a combination of the two systems (Chip and Pin and NFC) could be imolemented where you swipe your phone on the machine, then enter a PIN (or even better a password) to pay. It means instead of owing someone a tenner or whatever and keeping forgetting it, you can just put your phones close to each other and transfer cash.
But as it stands, you're right.

>>5456
One Direction.
>> No. 5462 Anonymous
24th January 2015
Saturday 8:48 pm
5462 spacer
>>5461
Can you name a single One Direction song? For all their popularity I don't think they've had a poptastic classic along the lines of When the Lights Go Out, Everybody Get Up, If Ya Gettin' Down, Let's Dance or Keep On Movin'.
>> No. 5463 Anonymous
24th January 2015
Saturday 8:56 pm
5463 spacer
>>5451

Lad. The "In theory" bit applies to the $999,999.99 figure you utter moron. Because hardly anyone is ever going to have that in their account. The transactions per se can always be carried out. Always. Do you even understand how unauthenticated contactless payments work? Have you ever used one? How are you even using a computer after having dragged your primeval knuckles around the cold hard concrete ground all day?
>> No. 5464 Anonymous
24th January 2015
Saturday 9:05 pm
5464 spacer
>>5457
>Chip and Pin is badly broken in all sorts of important ways, but none of these vulnerabilities are used by criminals because it's far easier to skim the magstripe data.
Exactly. When people talk about attacks being practical, this is what they're on about. It's about how the combination of risk, reward, effort, cost, etc. compares to the five-dollar wrench attack. Nobody is going to rig up sophisticated systems if they could just as easily mug you in a back alley. As you point out, there are guarantees in place, so for any transaction carried out this way there's a risk that the transaction gets blocked or reversed. That they're theoretically capable of involving six figures (and I'm sure the paper explains why this and no more) of a foreign currency such as the Kuwaiti dinar, which would currently net you two to the pound might make it feasible if it could be carried out in large volume in the hope that a small fraction of attempted transactions succeed.
>> No. 5465 Anonymous
24th January 2015
Saturday 9:17 pm
5465 spacer
>>5462
More importantly, I don't think they've yet done a proper collaboration with Queen, which as we all know is the real mark of success. As always, Dappy is the exception that proves the rule.
>> No. 5466 Anonymous
24th January 2015
Saturday 9:28 pm
5466 spacer
>>5447
>dailymail
But more importantly, does NFC cause or cure cancer?
>> No. 5467 Anonymous
24th January 2015
Saturday 9:37 pm
5467 spacer
>>5464
>Nobody is going to rig up sophisticated systems if they could just as easily mug you in a back alley.

M8 have you never watched Enemy of the State?
>> No. 5468 Anonymous
24th January 2015
Saturday 9:48 pm
5468 spacer
>>5467

I've seen Enema of the State, if that counts.
>> No. 5469 Anonymous
24th January 2015
Saturday 10:29 pm
5469 spacer

BSJgJ.jpg
546954695469
>>5468
You want Enema of the Stace. The anal scenes are much better.
>> No. 5470 Anonymous
24th January 2015
Saturday 10:48 pm
5470 spacer
>>5469

Enemas applied using the buckets of salty tears she sheds at the drop of a hat, lending the whole thing a vaguely holistic feel, I hope?
>> No. 5471 Anonymous
24th January 2015
Saturday 10:56 pm
5471 spacer
>>5469

It's a moving spectacle from which she learns a valuable lesson.
>> No. 5472 Anonymous
25th January 2015
Sunday 12:02 am
5472 spacer
>>5471
A lesson which involves a golden bidet, I'm sure.
>> No. 5473 Anonymous
25th January 2015
Sunday 12:40 am
5473 spacer
>>5424
>Touch
>contactless
The mind boggles.
>> No. 5474 Anonymous
25th January 2015
Sunday 3:12 am
5474 spacer
>>5473

No electrical or mechanical contact is needed, hence contactless. Users are advised to tap their cards on the reader, because "place your card within 8cm of the front of the reader" is needlessly confusing and verbose. Contactless systems have the advantage of being immune to dirt, wear and moisture, and the card can be used without removing it from a purse or wallet.

Future upgrades will allow payments of higher value to be made (with PIN validation) and for mobile phones to be used for payment. The model for this development is Japan, where the FeLiCa/Osaifu-Keitai system is ubiquitous - a mobile phone can be used as payment in shops and at vending machines, to access public transport, and even as a library card or workplace ID.
>> No. 5475 Anonymous
25th January 2015
Sunday 9:39 am
5475 spacer
>>5462
I work in a supermarket during time off uni that plays generic, soft, family-friendly pop music where fun is banned -- only the most bland songs are allowed, so I hear a lot of One Direction.

You Don't Know You're Beautiful
Forever Young
Best Song Ever
You and I

Every time I hear them my mind rots a little more.

Occasionally they'll play The Zephyr Song by RHCP too, for some reason.
>> No. 5476 Anonymous
26th January 2015
Monday 12:47 am
5476 spacer
>>5475
Wonder if I work in the same place you do, or at least have our businesses use the same music company. You Make Me Feel So Young? Let It Go? Man in the Mirror? The World is Ours? Happy? Holding On by Lewis Watson? Forever by Painted Palms? One of Muse's many songs that all sound the same by Muse?
>> No. 5478 Anonymous
26th January 2015
Monday 8:59 am
5478 spacer
>>5476
Fortunately it's not that bad. I think I'd probably start to break things if Muse came on.
>> No. 5479 Anonymous
26th January 2015
Monday 9:22 am
5479 spacer
>>5475
Word to the wise: never, ever admit knowledge of One Direction. It never ends well.
>> No. 5480 Anonymous
26th January 2015
Monday 10:27 am
5480 spacer
>>5478
In what kind of backwards universe is one direction preferable to muse?
>> No. 5483 Anonymous
26th January 2015
Monday 12:48 pm
5483 spacer
>>5480
Because I know One Direction have the songs wirtten for them in an incredibly cynical and calculated plot to make the most money, but MUSE is an actual band, and they actually think they make good music.
>> No. 5484 Anonymous
26th January 2015
Monday 12:57 pm
5484 spacer
>>5483
>they actually think they make good music

Oh great wiselad, please tell me more on why this isn't so?
>> No. 5485 Anonymous
26th January 2015
Monday 1:55 pm
5485 spacer
>>5484

Not him but this article sums up all rational peoples feelings regarding Muse, I think: http://www.somethingawful.com/garbage-day/muse-resistance-sucks/1/
>> No. 5486 Anonymous
26th January 2015
Monday 1:58 pm
5486 spacer
>>5483
Is it bandist to say their songs all sound the same?
>> No. 5487 Anonymous
26th January 2015
Monday 2:05 pm
5487 spacer
>>5486

Skinny Puppy songs all sound the same. Muse songs can be differentiated.
>> No. 5488 Anonymous
30th January 2015
Friday 8:21 pm
5488 spacer
>>5485
Ah, I recognise the first song discussed by that article as the one played in my shop, Uprising. 'Weeeee willl beeeee viiiic TOOOOOORIOUUUUUUUS' he wails.
>> No. 5489 Anonymous
1st February 2015
Sunday 7:10 pm
5489 spacer
>>5488
Oh dear. Scrum V just ended with a male voice choir performing Muse's Muse Track That Sounds Like Lots Of Other Muse Tracks, mostly in reference to how Wales totally aren't going to get their arses handed to them by England next Friday. (We live in hope, but realistically it'll be a tough ask.)

Return ] Entire Thread ] Last 50 posts ]
whiteline

Delete Post []
Password