Tuesday, November 03, 2009

PayWave Credit Card Cloned - Was My Ass Scanned?

In all the years I've been using credit cards I've not had a single incidence of credit card fraud until now.

Someone actually CLONED my Visa PayWave card and was using an actual physical copy of the card last weekend in person in Illinois, which is a long way from California.

The credit card fraud department caught the activity instantly, and shipped me a new card via UPS in 2 days.

I'm very careful about who has access to my card, always give the machines a quick look to make sure the swipe slots haven't been tampered with, general common sense stuff.

I never sign the back of my card, instead in big red letters it says "CHECK CARDHOLDER ID" so that the vendor will ask to see my drivers license in the event the card is ever stolen.

90% of my credit card activity is the same thing every month with trusted vendors but it's mostly all online activity which doesn't give you all the information you need to clone the card.

Typically I spend cash in restaurants, unless I'm picking up a tab, except a couple of places that I frequent all the time and know the people so it's not much of a risk there, been going there for years.

What possibly happened?

Recently we took a little trip and I've only used the card 3 times in places never before used, which would narrow down the search criteria quite a bit.

However, remember, this is my first ever Visa PayWave card.

I did some checking...

Did you know some claim you can have your RFID card scanned from as far as 20 feet away?

The credit card companies claim you only get the RFID number, not the actual card number, so the limited exposure is only $25 maximum payments using the RFID data.

The hackers disagree claiming some technology such as Amex is more secure than others like MasterCard PayPass.

OK, if the RFID technology is so secure then why was the Discovery Channel strong armed into not airing an episode of Mythbuster's censored by the credit card companies?

The hackers claim all you need is $8 in gear and you can start collecting RFID credit cards.

Therefore, having been burned for the first time EVER with a cloned card, I think I'm going to call the bank and get a new card without this PayWave nonsense because I don't need people scanning my ass to scrape credit cards out of my wallet.

FYI, this was the only RFID card I carry so if they were scanning my ass it makes sense that this was the only card that got cloned.


Jonas said...

Wow, what a story. I am also very careful, when it comes to credit cards and payment in places I do not know.


However...if you are interested in RFID: http://www.openpcd.org/, http://freeworld.thc.org/thc-epassport/

Anonymous said...

FYI, writing "CHECK CARDHOLDER ID", "SEE ID", or my favorite, "C.I.D.", is LESS secure than actually signing your card.

If you live in California, go ask any of the Mexicans standing out in front of your local Home Depot where you can get an ID card. For a few dollars ($10 last I checked), you can get a California ID that will fool most any cashier, especially the seasonal help that has trouble figuring out which end of the bag to open.

Anonymous said...

I was just sent an "upgrade" card with paywave technology from my bank. I cut it up right away. I'll happily spend the extra few seconds and use my PIN, thank you. I'll resist this technology as long as possible.

Anonymous said...

we just got the new paywave cards for our account without requesting them and tried to get it removed from our cards and were told we couldn't, it is now the industry standard. What a load of Bollox!!