Become a fan of Slashdot on Facebook


Forgot your password?
Slashdot Deals: Cyber Monday Sale! Courses ranging from coding to project management - all eLearning deals 25% off with coupon code "CYBERMONDAY25". ×

Submission + - Hacker Demos Easy Wireless Credit Card Fraud (

Sparrowvsrevolution writes: At the Shmoocon hacker conference, security researcher Kristin Paget aimed to indisputably prove what hackers have long known and the payment card industry has repeatedly downplayed and denied: That RFID-enabled credit card data can be easily, cheaply, and undetectably stolen and used for fraudulent transactions. With a Vivotech RFID credit card reader she bought on eBay for $50, Paget wirelessly read a volunteer’s credit card onstage and obtained the card’s number and expiration date, along with the one-time CVV number used by contactless cards to authenticate payments. A second later, she used a $300 card-magnetizing tool to encode that data onto a blank card. And then, with a Square attachment for the iPhone that allows anyone to swipe a card and receive payments, she paid herself $15 of the volunteer’s money with the counterfeit card she’d just created. (She also handed the volunteer a twenty dollar bill, essentially selling the bill on stage for $15 to avoid any charges of illegal fraud.)

The payment industry often claims that contactless credit cards are more safe than traditional cards, and that any data a hacker could wirelessly read from them can't be used for fraud. But with 100 million of the RFID-enabled credit cards now in circulation, Paget wanted to undisputably show that's not the case. A stealthy attacker in a crowded public place could easily scan hundreds of cards through wallets or purses.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Hacker Demos Easy Wireless Credit Card Fraud

Comments Filter:

C'est magnifique, mais ce n'est pas l'Informatique. -- Bosquet [on seeing the IBM 4341]