Categories: all aviation Building a Biplane bicycle gadgets misc motorcycle theater
Ages ago now (so it seems) someone got hold of my debit card number, and rang up a few inconsequential purchases. My bank (WaMu/Chase) caught it and called me up. I said they weren't mine, and they cancelled the card. At the time, they also said they were placing the order for the new card, and I should expect it in 7-10 business days (up from 3-5 in the WaMu days, as I recall).
So, I started making a lot more trips to the bank, and carrying a checkbook with me. Turns out I use a debit card a lot. I knew this already, but it was really driven home after it was shut off this time.
As I neared the end of my 7-10 business day purgatory, I happened to think to ask the teller if he had any insight into when the card had been sent. He looked over my account records on his screen, then looked up with an innocent expression, and said, "I don't see an order for a new card here..." Sigh. He placed another order for a new card. Apparently the person I was talking to in the fraud department either didn't do it, or messed it up somehow.
Finally, last night, I got my new card in the mail. Something like a child at Christmas, I ripped open the envelope to pull it out. Imagine my horror and surprise when I saw that my new card was "enabled with Blink[tm]!" The little radiating-waves icon told me all I needed to know: my new card contains an RFID chip.
Companies that insist on pulling this kind of stunt invariably say that their RFID stuff is completely unhackable. Invariably, within a week of its release (sometimes much sooner), the system is hacked and the hackers gain access to the supposedly encrypted information.
Now, this is all fine and good if we're talking about a magnetic stripe or something. You have to pry the card physically away from me to read that. But RFID can be read at a distance. In fact, at quite a distance, as far away as 30 feet. All your basic hacker needs to do is get within 30 feet of your RFID credit card, passport, etc. to read the data from it. That data will almost always be encrypted in some way, but history has taught us that it won't be encrypted very well.
So, here I am, sitting with essentially a ticking time bomb in my hands, practically a give-away to any criminal with a laptop and a jacked-up RFID reader. I'm sure Mastercard won't tell anyone what exactly is contained in the data, but it's enough that I can wave it in front of one of their terminals, and complete a transaction.
There are ways to prevent this scenario, ranging from professional RFID-proof wallets to very basic homemade wallets and even comparatively high-art steel-cloth wallets. The theory is always the same, though: wrap a layer of metal around the RFID chip in question, and it can't receive the energizing radio waves, and can't respond with the sensitive information inside. Even keeping your card in the same pocket as your keys can have the same effect.
Rather than spend much money or time when I already have a perfectly serviceable wallet (and one that I actually quite like, one of these extremely thin wallets), I decided to take a much more... homemade approach (but not as bad as the duct-tape wallet). I made a tinfoil envelope for the card.
This has the advantage of being as effective as the RFID blocking wallet, while costing no more than the price of a small piece of tinfoil and some packing tape. It also fits in whichever wallet you may prefer at the time. In truth, I now carry 4 RFID cards, and could probably stand to have a full wallet with RFID blocking capability, but the only one I care about is that damn debit card.
Honestly, the chance of my getting scanned by a malicious hacker is relatively remote. But it annoys me to no end that companies like Chase are willing to build in fraud-enabling tools like this. And for the price of a little bit of tinfoil and packing tape, I'd rather be a slightly paranoid safe than sorry.
Posted at 14:41 permanent link category: /misc
Categories: all aviation Building a Biplane bicycle gadgets misc motorcycle theater