And because contactless payments tend to be under a hundred bucks per purchase, the charges aren’t likely to appear as if anyone has taken your money, or a lot of it, anyway. Add it up, though, and this could end up being a small fortune for some people, especially if the dodgy charges continue.
Testing it out for ourselves and skimming our own cards, we found that you have to get pretty close with a phone to do this.
In fact, if we were to try this on someone else’s back pocket, we’d pretty much be tapping their backside with our phone and then coming up with a stupid excuse as to why we would ever do such a thing, a conversation that could well get us knocked out, arrested, or both.
So the phone isn’t likely to be a big skimming tool, but a bigger device possibly could, with a small tablet or laptop computer paired with a relatively inexpensive radio frequency and Near-Field Communication reader, one that produces just a large enough field to pick up on card signals within a metre distance, or possibly further.
With that, all it takes is the communication of the reader and a specialised application to grab details from your contactless cards, and this could happen anywhere. Close proximity if the NFC reader is low-power, or further back if it isn’t, and since we’re all receiving these contactless cards, whether or not you actively use them, we all may be at risk.
It’s this set of concerns that led people to measures that could be seen as preventative.
In the past few years, we’ve seen those aforementioned specialised wallets and card holders designed to ward against this sort of threat, often with metals built into the design that apparently stop the NFC attack from taking place, which isn’t technically an attack, but rather a cold read or an NFC tap from afar.
The success of these doesn’t appear to be proven, and so a couple of Australians came up with an alternative concept, creating a jammer for your wallet that sits inside and blocks any would be scammers from stealing those details when the attempt is made.
“We originally started ArmourCard a couple of years ago,” said Tyler Harris, Director of ArmourCard. “I was reading a lot of stuff about radio frequency identification, [and] I was a little concerned about our own privacy.”
These concerns, followed by some tinkering, resulted in a credit-card like gadget that aims to block any would-be scammers by interrupting the 13.56MHz frequency RFID-based cards communicate on and blocking it outright.
“We jam 50mm on either side,” said Harris, adding “when it gets interrogated by someone trying to skim you or you’re near a check out terminal, and it will instantly power up.”
Once the specialty card is powered up, it will block the signal, meaning you can’t scan the wallet directly to a PayWave or PayPass terminal, so if you want to use the Tap and Go functionality to pay for something, you’ll need to either temporarily disable the ArmourCard by touching the right corner’s disable button, or alternatively, take out the card and tap it directly to the terminal bypassing the ArmourCard altogether.
According to ArmourCard’s people, the technology isn’t powered on all the time, only switching on when it is needed. Because of this, it’s expected to be usable for at least two years, with benching of the technology and its battery suggesting that used ten times a day, it would last for those two years. Used less, and you could possibly get a year or two more without any problems.