At the Shmoocon hacker conference, Paget aimed to indisputably prove what hackers have long known and the payment card industry has repeatedly downplayed and denied: That RFID-enabled credit card data can be easily, cheaply, and undetectably stolen and used for fraudulent transactions. With a Vivotech RFID credit card reader she bought on eBay for $50, Paget wirelessly read a volunteer’s credit card onstage and obtained the card’s number and expiration date, along with the one-time CVV number used by contactless cards to authenticate payments. A second later, she used a $300 card-magnetizing tool to encode that data onto a blank card. And then, with a square attachment for the iPhone that allows anyone to swipe a card and receive payments, she paid herself $15 of the volunteer’s money with the counterfeit card she’d just created. (She also handed the volunteer a twenty dollar bill, essentially selling the bill on stage for $15 to avoid any charges of illegal fraud.)

---

@Anonymous wrote:

At the Shmoocon hacker conference, Paget aimed to indisputably prove what hackers have long known and the payment card industry has repeatedly downplayed and denied: That RFID-enabled credit card data can be easily, cheaply, and undetectably stolen and used for fraudulent transactions. With a Vivotech RFID credit card reader she bought on eBay for $50, Paget wirelessly read a volunteer’s credit card onstage and obtained the card’s number and expiration date, along with the one-time CVV number used by contactless cards to authenticate payments. A second later, she used a $300 card-magnetizing tool to encode that data onto a blank card. And then, with a square attachment for the iPhone that allows anyone to swipe a card and receive payments, she paid herself $15 of the volunteer’s money with the counterfeit card she’d just created. (She also handed the volunteer a twenty dollar bill, essentially selling the bill on stage for $15 to avoid any charges of illegal fraud.)

---

Sounds like we should switch to chip and signature/PIN then. (We are.) Also this is kinda moot even if we never do because almost no one issues RFID cards any more.

---

@Anonymous wrote:

---

@Anonymous wrote:

At the Shmoocon hacker conference, Paget aimed to indisputably prove what hackers have long known and the payment card industry has repeatedly downplayed and denied: That RFID-enabled credit card data can be easily, cheaply, and undetectably stolen and used for fraudulent transactions. With a Vivotech RFID credit card reader she bought on eBay for $50, Paget wirelessly read a volunteer’s credit card onstage and obtained the card’s number and expiration date, along with the one-time CVV number used by contactless cards to authenticate payments. A second later, she used a $300 card-magnetizing tool to encode that data onto a blank card. And then, with a square attachment for the iPhone that allows anyone to swipe a card and receive payments, she paid herself $15 of the volunteer’s money with the counterfeit card she’d just created. (She also handed the volunteer a twenty dollar bill, essentially selling the bill on stage for $15 to avoid any charges of illegal fraud.)

---

Sounds like we should switch to chip and signature/PIN then. (We are.) Also this is kinda moot even if we never do because almost no one issues RFID cards any more.

---

I know, i was just trying to prove a point that cards will always be an easy target.  I had a charge from brazil on my barclays about 6 months ago...brazil! lol

---

@Anonymous wrote:
Maybe the hackers left themselves a backdoor that Chase hasnt discovered. Who knows?

---

That's what I was thinking.

---

@Striker1 wrote:

My guess is maybe at the restaurant from last night?

 

Wife is an AU and she is actually the one that saw the alert and immediately double checked to make sure we both had our cards in our wallets.  At least CSR was super helpful/nice. Hopefully this will all blow over in the next couple of days, but I have read about these cards and fraud being a problem maybe more so than other cards..

---

I wonder if fraud is more prevalent with cards with AUs?  It happens all the time on our Amex (AU).   Rarely on my cards that are single user.

In case anyone is interested in more data points on this subject, someone else just had this happen with their Ritz card, and within this post someone posted a link with a bunch of other people talking about this same problem with their Chase cards. Here's the post:

http://ficoforums.myfico.com/t5/Credit-Cards/Overseas-Fraud-So-much-for-chip-transactions/m-p/411913...