Will you be a victim of digital pickpockets? Hacker reveals how easy it is to steal credit card numbers in seconds while you still have them in your hand

By Ellie Zolfagharifard For Dailymail.com 22:08 10 Feb 2015, updated 15:13 11 Feb 2015

  • Criminals use RFID and NFC wireless communication to steal numbers
  • The readers can be brought online or downloaded to phone via an app 
  • They have to stand six inches away while a transaction is being made
  • Within a matter of seconds, the technology can pick up and store data
  • A $300 machine can then replicate the card so it can be used elsewhere
  • It is estimated 70% cards will soon be vulnerable to digital pick pocketing
  • Cards can be protected from RFID skimmers by being wrapped in tin foil 

A new breed of digital pickpocket has been discovered lurking in stations and shopping centres.

They come armed with technology that can effortlessly steal credit and debit card details without so much as touching your wallet.

Standing just six inches (15cm) away, these criminals use radio-frequency identification (RFID) readers to harvest bank details in a practice known as ‘digital skimming’.

Scroll down for video

If a readers or RFID-app enabled smartphone is within range, it can pick up the wireless signals transmitted when that card is being used to buy a product (left). David Bryan (right), a security specialist at Chicago's Trustwave, stood by crowded shopping areas with a device stashed in his backpack to show how it works

If a readers or RFID-app enabled smartphone is within range, it can pick up the wireless signals transmitted when that card is being used to buy a product (left). David Bryan (right), a security specialist at Chicago's Trustwave, stood by crowded shopping areas with a device stashed in his backpack to show how it works

ABC7 I-Team recently revealed just how easily thieves steal personal details from cards that use ‘wave and pay’ radio technology.

David Bryan, a security specialist at Chicago's Trustwave, stood by crowded shopping areas with a device stashed in his backpack that could read card numbers.

More.

‘The technology is high-frequency RFID,’ Mr Bryan told DailyMail.com.

‘It uses 13.56 Mhz to communicate with the card and the reader.

‘In this instance, I used low power Embedded Linux Computer, and an easily purchasable RFID reader.

The technology in the card, known as radio frequency identification (RFID), transmits bank details via its own radio signal. A RFID reader can pick up these details in a matter of seconds

HOW DIGITAL PICKPOCKETS WORK

The technology in the card, known as radio frequency identification (RFID), transmits bank details via its own radio signal.

Standing just six inches (15cm) away, these criminals use RFID readers or apps to harvest bank details in a practice known as ‘skimming’.

If a readers or RFID-app enabled smartphone is within range, it can pick up the wireless signals transmitted when that card is being used to buy a product.

The information can then be input into a machine that can be purchased for $300-$400 to replicate the card.

Cards can be protected from RFID skimmers by being wrapped in tin foil or being kept in special foil-lined wallets.

‘This was then powered by a USB Battery, and stuck into a backpack.’

As well as a device, digital pickpockets can download an RFID app onto their phone.

If a reader or RFID-app enabled smartphone is within range, it can pick up the wireless signals transmitted when that

card is being used to buy a product.

The information can then be input into a machine that can be purchased for $300-$400 to replicate the card.

Security firm Norton says that this year 70 per cent of credit cards will be vulnerable to digital pick pocketing.

‘The device can read many different RFID tags- including MiFare Cards, EMV Cards, and many type of RFID tags,’ said Mr Bryan. ‘It works with many Near Field Communication tags and devices’

Because RFID is always switched on, some payment experts say it's more vulnerable to attack than NFC.

'This demonstration shows that contactless payment card reading technology is not a silver bullet for security,' said Mr Bryan.

RFID readers can be bought cheaply online. They can also be downloaded onto a smartphone from an app

'RFID payment cards need to be backed by a mobile device that generates one-time payment card numbers for that specific transaction- rather than having a static payment card that never expires.

'In a crowded train, if someone has an RFID payment card, I could easily pull that data if I get close enough - or have a large enough antenna'

As well as using it in his backpack, Mr Bryan successfully stole numbers by attaching the equipment to a laptop.

‘The three digit code on the back of the card could help,’ Marc Rotenberg, President of the Electronic Privacy Information Center (Epic) told DailyMail.com.

This code can’t be read by the device, but fake cards could be created without the three digit code and presented at shops.

‘We have some questions about the implementation [of the three digit code] because it wouldn’t make sense to implement it if you don’t require presentation of the product,’ said Mr Rotenberg.

Places to watch out for digital pickpockets include crowded shopping centres and busy stations where transactions are constantly being made

Special wallets that use foil can block these radio frequency signals, but the threat remains very real.

Apple Pay is attempting to overcome the problem by not storing any numbers on an iPhone.

A Chase Bank spokesperson also told the ABC7 I-Team that they are discontinuing the use of that radio technology on their cards.

‘It’s not necessary wrong to pursue these techniques, but more needs to be done to safeguard people,’ said Mr Rotenberg.

A PURSE THAT FIGHTS CRIME: CLUTCH PROTECTS YOU FROM DIGITAL THEFT

A tech-savvy accessories label has launched a clutch purse with built-in capabilities to protect against identity theft.

Articulate 's clutch costs $35 to pre-order and blocks RFID (Radio Frequency Identification) signals - the relatively new technology that allows us to simply wave our credit cards over a scanner to pay for goods.

According to the team behind the purse - entrepreneur Kevin and his sister Lindsay, based in San Diago, California - the clutch contains a 'special material' embedded into the design to help block these pesky RFID signals.

'Criminals with very minimal technical skills have created devices similar to the scanner which vendors such as grocery stores use,' the website description reads.

It comes in a range of colors and can also be worn over the shoulder thanks to the chain strap.

According to the United States Federal Trade Commission, identity theft had been holding steady for the last few years, having seen an increase of 21 per cent in 2008.

Source: www.dailymail.co.uk

Category: Credit

Similar articles: