How to steal card data, phone even through clothing

Bank cards.
Whether we are talking about debit or credit cards, all those that have appeared in recent years have a technology that allows us to pay contactless, ie without inserting the card, physically, in a reader. This is also a false impression of safety - you have the impression that you did not put the card in any device and it has nothing to happen to you.
How to make a contactless payment?
A contactless payment, as the name says, is a contactless payment. After buying goods store, at home, go past the marked cards for contactless payment and ready, payment is made.
What is the problem with contactless payments?
If you ask the people at banks will tell you that a more sure this does not exist or will not exist on this plan, ever. The truth is that the cards never were not vulnerable; And as you well know, the thieves are very slippery, being several steps ahead systems / security measures.
If you ask me…
At the time of the contactless cards came on the market, they were probably very safe for any 2-3 days, so that thieves have figured out and attacked security of these cards is not too difficult in the era of democratization of technology.
How do you read the card number and transaction history with the phone?
It is super simple:
NFC enable / install the app and scan the card. Super simple without complicated hacks, free computer lessons.
Thieves are more advanced than + NFC phone!
At present on the black market there are devices, with strong loops, which can read the cards from 1-3 meters away and which use a "PRE PLAY" payment system. That is, they charge you in advance, after which those payments are made.
How to defend against scan cards?
Metallic foil blocking the signal card and it can not be read. You can use aluminum foil on both sides of the card, or you can purchase a special wallet, which blocks radio waves.

UPDATE 6-05-2017

The maximum payment with contactless card without introducing it in the reader, is 100 lei, but discuss raising the threshold to the equivalent of EUR 50.
The application to scan cards (Credit Card Reader NFC (EMV))

Related Tutorials

About Cristian Cismaru

I like everything related to IT&C, I like to share the experience and information I accumulate every day.
Learn as you learn!


  1. luciangl said

    It is not so easy to steal data from the card and then make payments, even if we can say this fact, dream cards can be "seen" and so whoever "stole" is caught. To have caught stealing 10 euros from a card and to have accused you of stealing about 5 million is not really hard…

    • Andi s ^ said

      Yes… but there is this vulnerability to do this without the person's consent…
      it doesn't matter that they are € 5,10…. but the fact that he steals something from you (personal data, "not only for bank cards", money, etc.)
      There are payment limits where if you exceed a certain amount (ex: 20 €), a PIN is required… however we must be careful and avoid being stolen by air 😉

  2. You good people, you're done with nonsense. Scare the world for nothing. I can't explain, because it's long and hard (the explanation), but I ask all those who believed what they "saw" (I write in quotes because you didn't actually see anything… you just got what you should think you have seen…) try it yourself. No more. Try it and you will see what you "read" on your own card. Then judge for yourself.

  3. You must be real paranoid, dude do to do such a tutorial!

  4. Luciangl ,, ,, say who stole it. . . Get it?! . Ha, ha, you naive.

    • Luciangl said

      There are ways to cheat and to extract / use a card even dream (I have personally experienced it), but as I said, who does gets caught and it's not good, you risk restriction in that country plus nasty stuff, and that penteu what? 10 or 100 for the euro?
      I do not remember anything about this tutorial.

      • Adrian Gudus said

        No one catch anyone. From my card disappeared 600 lei, spent all the apps from Play Store. Case closed, no one was trapped, being ranked as one isolated (see ladies)
        Luckily my bank refunded the loss, I were recognizing those charges.
        Police and authorities have no powers, no information is provided to the bank, Google does not cooperate with them because it is a service outside the Romania and are not under the jurisdiction of the Romanian laws although making contact with split Wallet me It confirmed that, namely, my card was used in another account Play Store that do not belong to me. Me neither (the injured party) nor the police, they did not provide information. There's the illusion. If you are caught stealing from state money or unuei leading figures in society.

        • Luciangl said

          Person speaking (I suspect it was a novel by the expression), I holding an international visa card that has worldwide coverage. How Romanian cards have international reach, hence the many typical problems you romaniei whereby one another is said and done.

        • Romania Abnormal said

          More children, you have not heard of Google Romania. The companies collaborate with the Romanian Police or Secret Services in Romania.
          Do not give up assuming you do not know

  5. I agree with you but also keeps track of FAPRI as any super-hypermarket, gas station, etc. asking me to enter my PIN yet. At online payments, bank sends me a text message with a unique code to verify the transaction even if the 3 or 5000 lei lei.

    • The current cards with chip your pin code is required. Here, it's the contactless which will not require PIN code.

    • @Aurel, La your current chip card pin code is required. Here, it's the contactless which will not require PIN code.

  6. Marius M said

    WAIT ! I mean, I install the application on the phone, I test on my contactless card… and where can I be sure that the application does not send the data on? Hmmm.

  7. Beautiful advertise LEVIS

  8. Caesar said

    You forgot to mention that certain card transaction is made only after inputting a number generated and sent as a text message to anyone who wishes telefon.Eu give my card and will not make any transaction if it has my phone.

  9. I'm in and I know that cards which you can make payment by touch, you can not make the higher payments of 40 euros if (Italy) everything over this amount your edge should insert the card into the camera and asks for your pin .From what I read earlier know as trench devices that you can put into rusac and elpoti go metro, tram, bus, and so do bani.Cautati look on google and you will see.

  10. ConstantinV said

    In my opinion there are not super smart thieves, at least not with reaction time in daily.
    As with antiviruses, there are "books" here, which deliver the necessary information to those interested.

  11. Cristi what you think of this monitor gaming on it to buy it with TN panel and 1 ms GTG response time or to buy an IPS with 5 ms response time,

  12. I worked in the banking system. However, I DO NOT recommend anyone contactless cards.
    First, is the risk of losing or being stolen. A simulated jump have been verified by PIN, anyone can use it. If the manager knows him who platete or someone else? Someone said in comments that from the amount required PIN code. Yes, but only if you, the owner, have asked the Bank to introduce this control. Otherwise no.
    Then, here's this risk we're told about here. I didn't think so but it was predictable. As long as it is read only by "joining", you can also read by coat. I remember seeing at an institution the ladies approaching the purse of a reader at the door. They had the access card there, but they didn't bother to take it out, it worked like that. My card fell out when the men took it out of their pockets.

  13. In Romania, however, do not know as France card are automatically limited to € 20 for contactless payment and this limit can not be changed (leaving aside the special conditions). It would seem strange however that Romania does not come directly to a certain limit.

  14. Resolution: Overlapping two contactless cards and solving the problem.

  15. sickadma said

    Even when we test the application, our data can go to other parts .. as a pleasant test

Speak Your Mind