- Files: GIF, JPG, PNG, Maximum:8000 KB, Thumbnails: 600x600 pixels
- Currently 1338 unique user posts. View catalogue
[ Return ] [ Entire Thread ] [ Last 50 posts ]
Posting mode: Reply[ Reply ]
Expand all images.
|>>|| No. 5424
I've recently switched banks. Despite clearly saying that I don't want a contactless payment debit card, in their infinite wisdom, they have sent me one.
I'm going to be lumbered with it until the replacement card arrives, so is there anyway I can tamper with it to disable tbr contactless technology without fucking up the rest of the card?
|>>|| No. 5425
Why not use it as a normal chip and pin card? Shops always ask me if I want to pay contactless or by chip and pin when I make purchases in-store.
As long as you're going to receive a replacement then you shouldn't have much to worry about.
|>>|| No. 5426
Christ not another boolad. Try wrapping it in tinfoil, that ought to stop the government mind control rays bruh.
|>>|| No. 5427
Personally I find mine a lot more useful than I thought I would but I can perfectly understand why someone wouldn't want one. It makes things like tapping your wallet on the tube/busses impossible because along with your oyster you've got two contactless credit cards and contactless debit card in there too. I imagine there could also be some confusion if you attempt to pay with with the chip and pin and it reads the rfid at the same time, adding more kerfuffle to an already miserable trip to the shops.
Let's not forget that if you lose the fucker or get it stolen someone is going to run up a whole load of £20 charges before you cancel it - you don't need a pin to use it. That's fine if it's a credit card, but a whole load of misery if it's a debit card.
Basically you're a knob for being so short sighted as to think this is even about tinfoil. Rage and safe for trolled to tears so early into the weekend.
|>>|| No. 5430
The way the contactless cards work is the same as the oyster cards. If you feel the card there should be a lump somewhere, making the card ever so slightly thicker than the rest. If you take a hammer to that lump you should be able to break the RFID contactless chip. Could also use a razor to carefully seperate the front and the back of the card, remove the chip and plastic-cement it back together.
|>>|| No. 5431
I've heard of people doing this, and even going so far as to get the RFID chip out of the oyster and be able to mount it on a watch or something and yet I've never been able to find the RFID chip in any oyster card I've owned.
I think with a bank card you'd want to start looking somewhere around where the contactless symbol is, although that's just a guess.
|>>|| No. 5432
The chip alone won't be much use as it relies on the induction loop for power and as an antenna. This method involves putting it in a glass of nail varnish remover to melt the card apart. I have no idea what that would do to the chip, but it's a clean separation.
|>>|| No. 5433
>Despite clearly saying that I don't want a contactless payment debit card, in their infinite wisdom, they have sent me one.
Multi-billion pound bank knows better than illiterate customer shocker.
|>>|| No. 5434
U wot m8? You get a choice, he chose, they didn't deliver his choice.
|>>|| No. 5435
As a merchant I am told I am liable for any misuse. I am happy with chip & pin (prefer cash)
|>>|| No. 5436
>You get a choice
You get a choice insomuch as you get to go back after the fact and ask, just like with the chip and signature cards. As far as I'm aware it's not as simple as just ticking a box on the application form, and in such a case it's not enough to just ask the warm body on the other side of the desk. With those you had to specifically ask for one after receiving the PIN card and had to demonstrate that you were really unable to use a PIN (not merely that you didn't want it), and when the thing eventually arrived you couldn't use it at a cash machine because there was no PIN programmed and the moment you set one you had to use it instead of signing.
Of course, if you deliberately choose to go for something less useful for no real reason whatsoever, then you quite rightly deserve whatever fuss that comes with.
|>>|| No. 5439
>Contactless cards are unsecure
Oh dear. Do you want to have another go, daftlad?
|>>|| No. 5440
Both of you, chill out, you arsey buggers.
Acting all crazy up in here, about God damn nothing.
|>>|| No. 5441
Contactless cards use Near Field Communication, which isn't as secure as chip and pin. There was a BBC documentary about it and to prove the point, the expert they had explaining why it wasn't secure brushed past the presenter at the bar with a device he passed over his wallet in his back pocket and he had is details.
To say it is unsecure isn't quite right, but it certainly isn't as secure are chip and pin. At least not at the moment.
|>>|| No. 5443
Since someone can apparently brush a magic wand past your wallet pocket and waltz off with your deets there's something pretty fucking awry here.
Exactly how I'd materially benefit from contactless payments hasn't been explained to me by anyone other than shithouse marketing companies. They are mistaken in thinking I'm itching to spend my wages on their spaffy Costa coffee and/or fast food and just can't bear the 15 second chip and PIN process. The idea is to goad John Bull into impulsively spending his more of his wedge on garbage. No thanks.
|>>|| No. 5444
>Since someone can apparently brush a magic wand past your wallet pocket and waltz off with your deets there's something pretty fucking awry here.
I'd suggest that the thing that's pretty fucking awry is an overstatement of both the practicality of the attack and the feasibility of doing anything useful with the information afterwards. You don't tend to be able to just throw a request at a finance system and get money out of it without any checks. There will doubtless be checks in place to ensure that a contactless transaction is at least carried out with the right card present (which is easier when this is actually handled on the card rather than the terminal).
You need to remember that when experts like that talk about things being "insecure" they're talking in extremes - for instance, noted security expert Ross Anderson believes chip and PIN to be insecure for reasons that quite technical but result in mostly theoretical attacks which are quite difficult to carry out in practice.
|>>|| No. 5445
So what you are saying is the guy didn't clone his card and buy a pint with it? Gotcha.
|>>|| No. 5446
OK, now continue on to the 'I don't fucking want a contactless card' bit please. The whole fucking thing is designed to incentivise impulse spending (which is in the interest of Visa and the banks) at the expense (however supposedly minor) of user security. The most reassurance I've heard from Visa et al is 'if you lose it don't worry, what's £20 anyway?', so they can do a running jump.
|>>|| No. 5447
> I'd suggest that the thing that's pretty fucking awry is an overstatement of both the practicality of the attack and the feasibility of doing anything useful with the information afterwards.
"[...] the £20 limit on transactions can be bypassed by setting the scanners to use foreign currencies, security experts from Newcastle University have found.
t means transfers could – in theory – be authorised up to a value of 999,999.99 in dollars, euros or any foreign currency.
Thieves could rig a mobile phone to act like a scanner, allowing them to trigger transfers of cash from a bank account just by passing the phone over a wallet or purse containing the card, the researchers said. "
So basically you program a smartphone with NFC enabled to act like a Point Of Sale device (Paypal already have someone similar for chip and pin so this is definitely possible: https://www.paypal.com/uk/webapps/mpp/credit-card-reader) and can waltz past someone and ring up £20 on their card. You're not cloning the card at all (this is indeed fucking difficult), just brushing past it with a virtual POS and tricking it into making a payment.
Then, by setting your scanner up to use a foreign currency you can rinse their bank account clean in one fell swoop because the £20 limit doesn't apply.
I don't know how much more practical and feasible you can get, lad.
Absolute, total, mirth.
|>>|| No. 5448
I'm not that poster, and the idea of someone swiping money out of my pocket just by being close enough is genuinely concerning, but:
>[...] the £20 limit on transactions can be bypassed by setting the scanners to use foreign currencies, security experts from Newcastle University have found.
Do you really think this loophole won't be closed?
|>>|| No. 5449
Oh, well that's fine then. Lets all switch over in the meantime, even though the loophole is still open, because they'll close the loophole eventually.
|>>|| No. 5450
Well that's bound to be the only loophole, it's not like problems only become apparent after a period of time.
Fucks sakes lad apply some critical thinking please.
|>>|| No. 5451
>transfers could – in theory – be authorised
>So basically I haven't bothered reading the article or the paper, so I'm going to take a guess at how it works and recast it in a way that's practical and feasible so I can claim that it's practical and feasible.
Fixed your post for you, lad.
|>>|| No. 5453
If we apply your standard of critical thinking, surely we shouldn't use any electronic money transfers at all, given that they're all bound to be flawed, and that those flaws will only become apparent once in use?
|>>|| No. 5454
There is reason they try and force them on people, it's called field testing. Your bank account can be the sacrificial lamb if you are so keen.
|>>|| No. 5455
You've both forgotten that you're on the Internet and therefore Five, Six and HQ know exactly what you're doing.
|>>|| No. 5457
The systems we use every day are absolutely riddled with security flaws, but most of them aren't of practical concern. Chip and Pin is badly broken in all sorts of important ways, but none of these vulnerabilities are used by criminals because it's far easier to skim the magstripe data. We're not concerned about hypotheticals, but actual risk - what vulnerabilities are actually being exploited, how easy those attacks are to detect, and how their risk can be mitigated.
At present, we have no evidence that contactless payment presents a real and significant risk, and few fraudulent transactions have been seen in reality. The vulnerability mentioned upthread (the absence of a transaction value cap for foreign currency spends) is extremely easy to detect and mitigate, because those sorts of transactions are far outside the norm. Few or no transactions for high value in foreign currency via contactless payment are likely to be legitimate, so it is trivial for fraud detection algorithms to highlight and block those transactions. Crucially, contactless transactions are covered by the same guarantees as chip and pin, so the customer bears no liability.
|>>|| No. 5458
I'm waiting on a reply to
>Exactly how I'd materially benefit from contactless payments hasn't been explained to me by anyone other than shithouse marketing companies. They are mistaken in thinking I'm itching to spend my wages on their spaffy Costa coffee and/or fast food and just can't bear the 15 second chip and PIN process. The idea is to goad John Bull into impulsively spending his more of his wedge on garbage. No thanks.
, in case anyone feels like sticking their neck out.
|>>|| No. 5461
Well, you don't, currently, and most people probably won't. It does, for reasons you have stated, serve as a way to get people to part with their money more easily. However, I can see it being useful in the future as payment via NFC becomes more common. I could have my phone linked up to PayPal which is linked up to not only my PayPal balance but my bank account/s and credit cards. It means I don't need to carry any cards around to lose, and all my money is consolidated to one thing. Perhaps a combination of the two systems (Chip and Pin and NFC) could be imolemented where you swipe your phone on the machine, then enter a PIN (or even better a password) to pay. It means instead of owing someone a tenner or whatever and keeping forgetting it, you can just put your phones close to each other and transfer cash.
But as it stands, you're right.
|>>|| No. 5462
Can you name a single One Direction song? For all their popularity I don't think they've had a poptastic classic along the lines of When the Lights Go Out, Everybody Get Up, If Ya Gettin' Down, Let's Dance or Keep On Movin'.
|>>|| No. 5463
Lad. The "In theory" bit applies to the $999,999.99 figure you utter moron. Because hardly anyone is ever going to have that in their account. The transactions per se can always be carried out. Always. Do you even understand how unauthenticated contactless payments work? Have you ever used one? How are you even using a computer after having dragged your primeval knuckles around the cold hard concrete ground all day?
|>>|| No. 5464
>Chip and Pin is badly broken in all sorts of important ways, but none of these vulnerabilities are used by criminals because it's far easier to skim the magstripe data.
Exactly. When people talk about attacks being practical, this is what they're on about. It's about how the combination of risk, reward, effort, cost, etc. compares to the five-dollar wrench attack. Nobody is going to rig up sophisticated systems if they could just as easily mug you in a back alley. As you point out, there are guarantees in place, so for any transaction carried out this way there's a risk that the transaction gets blocked or reversed. That they're theoretically capable of involving six figures (and I'm sure the paper explains why this and no more) of a foreign currency such as the Kuwaiti dinar, which would currently net you two to the pound might make it feasible if it could be carried out in large volume in the hope that a small fraction of attempted transactions succeed.
|>>|| No. 5465
More importantly, I don't think they've yet done a proper collaboration with Queen, which as we all know is the real mark of success. As always, Dappy is the exception that proves the rule.
|>>|| No. 5466
But more importantly, does NFC cause or cure cancer?
|>>|| No. 5467
>Nobody is going to rig up sophisticated systems if they could just as easily mug you in a back alley.
M8 have you never watched Enemy of the State?
|>>|| No. 5470
Enemas applied using the buckets of salty tears she sheds at the drop of a hat, lending the whole thing a vaguely holistic feel, I hope?
|>>|| No. 5471
It's a moving spectacle from which she learns a valuable lesson.
|>>|| No. 5474
No electrical or mechanical contact is needed, hence contactless. Users are advised to tap their cards on the reader, because "place your card within 8cm of the front of the reader" is needlessly confusing and verbose. Contactless systems have the advantage of being immune to dirt, wear and moisture, and the card can be used without removing it from a purse or wallet.
Future upgrades will allow payments of higher value to be made (with PIN validation) and for mobile phones to be used for payment. The model for this development is Japan, where the FeLiCa/Osaifu-Keitai system is ubiquitous - a mobile phone can be used as payment in shops and at vending machines, to access public transport, and even as a library card or workplace ID.
|>>|| No. 5475
I work in a supermarket during time off uni that plays generic, soft, family-friendly pop music where fun is banned -- only the most bland songs are allowed, so I hear a lot of One Direction.
You Don't Know You're Beautiful
Best Song Ever
You and I
Every time I hear them my mind rots a little more.
Occasionally they'll play The Zephyr Song by RHCP too, for some reason.
|>>|| No. 5476
Wonder if I work in the same place you do, or at least have our businesses use the same music company. You Make Me Feel So Young? Let It Go? Man in the Mirror? The World is Ours? Happy? Holding On by Lewis Watson? Forever by Painted Palms? One of Muse's many songs that all sound the same by Muse?
|>>|| No. 5478
Fortunately it's not that bad. I think I'd probably start to break things if Muse came on.
|>>|| No. 5479
Word to the wise: never, ever admit knowledge of One Direction. It never ends well.
|>>|| No. 5480
In what kind of backwards universe is one direction preferable to muse?
|>>|| No. 5483
Because I know One Direction have the songs wirtten for them in an incredibly cynical and calculated plot to make the most money, but MUSE is an actual band, and they actually think they make good music.
|>>|| No. 5484
>they actually think they make good music
Oh great wiselad, please tell me more on why this isn't so?
|>>|| No. 5487
Skinny Puppy songs all sound the same. Muse songs can be differentiated.
|>>|| No. 5488
Ah, I recognise the first song discussed by that article as the one played in my shop, Uprising. 'Weeeee willl beeeee viiiic TOOOOOORIOUUUUUUUS' he wails.
|>>|| No. 5489
Oh dear. Scrum V just ended with a male voice choir performing Muse's Muse Track That Sounds Like Lots Of Other Muse Tracks, mostly in reference to how Wales totally aren't going to get their arses handed to them by England next Friday. (We live in hope, but realistically it'll be a tough ask.)
[ Return ] [ Entire Thread ] [ Last 50 posts ]