Approximately 20 seconds.

Yeah, the arm cross and thumbs up are super awkward. Content is good, but he always looks so closed off and unconfident. It always makes me feel like he's talking out of his ass instead of being confident with the material.

@@xmikemurphyx Who are you, Rivelino?

@@xmikemurphyx really? That may be a you problem. I got none of those feelings. I just thought it was funny.

@@xmikemurphyx That's just you

oh we see this all the time, too, with those little lanyard punches

Years back on a cruise they started using tap access cards instead of the mag stripes for the cabin doors and the same thing: people were poking holes with a hold punch to use with a lanyard and locking themselves out of their rooms. Did also see one couple with what I'm sure was a small knitted pouch around their necks to hold their cards, which can only be described as adorable.

or order the card with the hole already there

Oh yeah, I remember in college when they switched from physical Medeco keys to "tap your school ID to unlock your dorm room" this was a constant occurrence I cut mine out for a lanyard too but I KNEW the ID cards were NFC so I shined a flashlight through mine and found a spot with no antenna traces to cut out with an Xacto knife.

Punch the hole further from the edge of the card and it would work

Or cut into the side (any side) for about 1/4 inch (and use superglue if the cut annoys you). You'll cut through the antenna coil itself. Works just as well since the chip is powered from the coil and a cut coil will not power it enough.

@@blerrik that's what I did!

@@blerrik Exactly what I do

Yep. Just clip the coil

Which mag would that be?

The Wikipedia pages have Apple Pay launching 10 months before Samsung Pay - but it's possible that Samsung Pay rolled out in a particular locale before Apple Pay did (e.g. Brazil was 2016 for Samsung but 2018 for Apple.)

I was using my nexus 5 to pay for things like 8 years ago. I am not sure why everyone thinks apple invented this.

A few others were in the game before Apple and Samsung. Google Wallet was one of the first mainstream NFC payment services back in 2010 or so. I also remember Isis (cringe… renamed softcard) as being an early NFC payment system. I had a NFC compatible case for my iPhone 5 in 2013, which allowed tap to pay using the Softcard system.

@@dfgsdja because many people think that Apple invented everything. The GUI, the mouse, the smartphone, ...

Samsung bought that tech from a company called LoopPay. It was available separate from Samsung phones before it became the basis for Samsung Pay.

That's easy to say for someone with balls the size of Jupiter.

Something can be stupid as hell and still work fine.

Hmmm 🤔 will have to try the goose tip...

@@NithinJune Hisses at goose...promptly gets ass kicked 🤣🤣

The bank not giving out no-tap cards is the real sucker here

A bump for this comment

totally true

It doesn't need to be an attendant. It can be just another customer in queue with a reader in pocket. Furthermore, if you actually use the contactless payment, ie. are reading the card with the terminal, there's not even need to be in the same queue, because passive reception is possible from fairly long distance in the moment you do the legitimate reading which in that very moment feeds the power to the card. Even though in all other moments the thief would need to be nearer, in order to feed the power for card to operate. Contactless payment cards are among the most severe security disasters of the entire millenium, and the ongoing prevalence of apologist attitude towards that is something I can never really understand. HUGE thanks for Ollam for having deviance to finally call out the issue! Thanks also for calling out the sluggishness of WinBloats 10!

This is of course why the banks put an upper limit on tap-to-pay transactions & mostly indemnify customers against tap fraud, being that the amount of loss from fraud is way lower that their additional profit from the feature. BTW if your bank will not indemnify you against tap fraud, go elsewhere if you need this service.

@@ts757arse That's inflation for yer, BTW I did some tests a while back with "RFID" shielded wallets, bags etc & although most of them blocked RFID, almost all of them only reduced marginally the reading range of NFC ( I think because its an inductive not radiative process ). Best solution I have found for blocking NFC reads from by wallet is placing all the NFC cards together which seems to prevent most readers getting anything useful.

I still have an AMEX card like that. You could easily see the antenna. ;-)

Yeah, same here - a debit card from CommBank that was mostly transparent, you could see the coils, it was pretty cool

Oh yea. I had the American Express "Blue Cash" card that was transparent way back in the day - you could see the radio loop which was super cool. Maybe like 2004ish? It had chip and NFC capabilities, I assume for international travel reasons because NO WHERE in the US did any of that ever work to my memory.

oh youre so smart and know everything dont ya? lol so many folks missing the actual point here

I think N26 did the transparent card for a while too. 2010s minimalism take on 90s transparent plastic everything.

There's also this great presentation from Leigh-Anne Galloway & Tim Yunusov kzbin.info/www/bejne/j56tZYiCo8iBrck

I too was sure that the payment and authentication information is just stored in trusted memory, and no actual network is required, at least from the phone. The vendor terminal will still require it, at least for larger values, or if you have exceeded the budget for small payments without authentication.

To add to that, if the phone has network, it'll report the transaction to the bank and if there's a discrepancy, it can be shut down, but if not it'll just wait to report the transaction until it comes back online. There are basically three exchanges that go on: The phone to the terminal, the terminal to the bank, and the phone to the bank. The last one doesn't have to happen right away, it is a check on the first two.

@@Sycraft My virtual wallet, when tap'd uses GPS on phone to veryficartrion also. U need no less than 30m .

Are the non tap enabled cards not available to regular punters anymore? Or does it depend on the bank?

@@z00h It is pretty much a requirement these days and actually would cost more for the bank to issue one or the other as stupid as that sounds, so they just issue the one that is tap enabled.

In Europe financial institutes need to provide non-contactless cards when requested by the customer. I've worked at 2 now and it's just a simple check box on the systems. I think card production is mostly outsourced to a few big plants that handle multiple banks and societies, so it's not a big imposition for the banks to offer it.

@@AdvancePlays I am very well aware, but at the same time, we're in the US where things are different.

I mean you’re a rep not a lawyer I wouldn’t make that guarantee lol

Wait...The drivers licenses have chips in them? Is that all of australia or just your part? im in SA.

@@greatleader4841 we have them in Qld as well

@@greatleader4841 no chip in NSW (the main state ;) )

We just use barcodes in the US. Passports and Passport Cards do have chips and they do scan them.

@@greatleader4841 Seems to only be QLD.

Keep fighting the good fight re: which NFC tech came first. I'm super tired of holding out my Android phone at a drive-thru, getting asked if I want to use Apple Pay, and having to say yes because if I say "no, Google Pay", the cashier's head will explode in confusion.

@@dgwdgw To be fair Google's strategy for NFC payments (amongst many other things) was incompetent and ineffective, and they lost any first actor advantage. I had Google Wallet when it was early in its life, on my Galaxy Nexus. You could only use certain Citi credit cards, or fill the account like debit. And then Verizon was doing its best to stifle Google Wallet because they wanted to push their competitor (ISIS, or I think it was called SoftCard before that), so you needed to download an APK if you wanted to use it on a VZW Nexus. Hell, even the name has flip flopped so many times I forget what it's called anymore. I think it went from Google Wallet to Android Pay to Google Pay back to Google Wallet.

I've noticed what I think is a rather big problem with the nfc Google pay, it's no safer then the tap to pay cards are. because I found out you don't need to unlock anything to use tap to pay. you could have your phone set up to require finger/face to unlock the phone, and have the screen off and tap to pay will still work! you'd have to auth twice to see if the payment went though. (once to get into the phone home screen then again to get into the google pay screen) but to actually pay with it you don't need to auth at all. so those remote reader attacks work just as well on a phone with google pay as they do with a regular card with tap to pay.

@@CrossRoadsOfTime IRC limit is 50USD right into limit where bank can make easy charge back, Also in latest update they require authentication or unlocked device (biometric, or minimum pin u can't use maze to unlock your phone)

exactly, it was a really 'nice' trick by the banks

That's why u get cheap stip reader, and scramble strip. Or just neodymium magnet

No, merchants have been held responsible for fraud for a long while now

@@jackiecs8190 since October 2015, when credit card issuers said they would hold the merchants liable for accepting fraudulent cards if that merchant didn’t have a chip reader.

Agreed. Chip and Signature never really existed in Canada, probably because it's nonsensical. Chip and Pin did predate Contactless payment of course. Contactless in common use predated the announcement of Apple Pay by a full 5 years.

That's why in Europe the POS terminal would ask for the PIN after a set number of contactless payments, I believe it was about 3-5 times. Above a certain value it always asks regardless. (I believe mine is set at payments higher than 25€, as far I recall.)

My phone will just straight up ignore payment cards. You can open up NFC Tools and read that there is a card there, but it doesn't pop up anything if I'm on the home screen and put the card where the NFC antenna is on the phone.

But that doesn't solve the issue of a payment terminal reading both the card and the phone.

@@nikomo same. My badge was the only thing that caused issues. I ended up cloningnthe badge and using my phone as my badge in the end but I never really had issues after I set up tasker. My battery was half dead by 11:00 but that wasnt a huge deal

@VoidField101x Yes, it will make sure that your phone is not freezing below 0 degrees with this nifty automatic heater-system below.

Ignoring the card is one thing. However, being able to read other NFC things in the presence of that ignored card is way more difficult, if not impossible.

Might require a pulse laser.

Almost like this would be a more secure default for the cards.

A neat idea for regular use but in this case it may not work if the phone case puts too much pressure on the card. Would be cool to cut a slot for a small jumper you can add/remove

​@@DomThatDubstep 1.2-2.2kg to press the dome should be enough, looking at Snaptron site, especially SQ, F and GX series of domes

Or just exposed metal plus some foil tape next to the hole and you move the tape whenever you need the antenna?

I had a 1970 Plymouth wired up so that the starter relay wouldn't engage unless I shorted two terminals together with my ring. A similar "switch" could be done on the card with two bare pads that a ring could short together while tapping.

Deviant's box. You dont know which state it is until you open it.

@@gaveintothedarkness Schroedinger's laptop? 😆

Any android phone have the ability to toggle NFC at will, either through the settings or by defining a quick icon on the swipe menu. Which is exactly what I used before each payment, since sime versions of Google pay would allow payments as long as the screen was on, even with a locked phone.

You can't clone a card via NFC. While it is technically possible to skim the card and make a payment, you not only need the terminal, you also need an agreement with a payment service provider. And those do some serious vetting before they'll give you an account. Combine that with the fact that most cards will only allow small payments without PIN and that hasn't been worth it for criminals to attempt.

@@Hans-gb4mv you can technically copy a card via nfc and use it at a store, but only for a single transaction, and only if the actual owner of the card doesn't use it before the thief tries to use the copy they skimmed. It's pretty similar to a rolling code garage door opener in that sense.

@@Hans-gb4mv While not actual cloning, it is well possible and easy to sniff the card number which you can use to make payments in shops where CVC is not asked, and even if it was, CVC is way too easy to brute force. Even if there are undocumented mechanisms to lock the card after certain amount of failed CVC attempts, it is too easy to circumvent it by writing a simple python script which makes only one or a couple attempts in a row, and then waits a week or couple before trying the next one, so in between the failed attempt counter has in most likelihood been reset. Considering it is extremely easy to sniff thousands of card numbers thanks to the ahh-so-wonderful contactless payment, adding them all into the python script to be tried in turns, you will practically get right hits with CVC all the time, because CVC has only one thousand possible combinations, so for thousand card numbers to try with you by average get one successful hit every round in *first try*. And then go on by giving a couple more tries for each one once every week or two. Furthermore, contactless cards allow real-time relay attacks which is even simpler to implement and evade. So, I warmly recommend everyone to drill their contactless cards, and not let the convenience - which could have been implemented securely but for sake of stupidity wasn't - to lead into apologism.

In a rural village you might be relatively safe with your contactless card, but in everywhere else, the promoted real-world safety is only and merely due to unobservance. Meaning, how many times does anyone check their accounts for transactions? Honest answer is, most do practically never in any memorable interval, nor do I even though I am very security-concious person, if not outright paranoid. And adding the fact that many legitimate shops have totally different actual company name than what reads in their advertisement signs, most beneficiary names in your account sheet is not recognisable anyway, you just think er... don't remember what that might have been, maybe it was some individual corner shop, snackbar, special shop, or a franchise of a known chain, none of which never have their actual name in their neon signs. And most of the time, they were indeed such, completely legitimate transactions. But you never bother to actually dig them out further, you just accept the fact you don't remember where have you shopped, and you don't recognice those company names. Thus, if there was some or a few fraudulent transactions committed by a card number stolen from you, it by all likelihood will go unnoticed as long as amounts are kept somewhat modest. Especially considering that majority of people are way, way more "relaxed" about observing their accounts than I am. Well, even if one notices a seemingly fraudulent transaction from their account, AND bothers to confirm its fraudulence and make a claim, there is absolutely no way to proof it was anyhow caused explicitly by contactless fraud. It will be recorded in statistics as "just another card number fraud". And taking into consideration the heavy marketing push of contactless payment and arrogant denialist propaganda about their "safety", you can be sure they are not even by accident recording any fraud as contactless one unless there is undeniable proof for such. Still, considering how all but impossible it is to prove the contactless fraud to be the source for a specific case of stolen card number, the statistically admitted number (no pun intended) of the contactless fraud is HUGE. And the most sickening is the way they make apologism by stating how small percentage it is per the legitimate transactions. It is same as stating "murdering is not a problem, murders are soooo small percentage per the living people!"

@@TheSimoc Your card has not one, but 3 numbers associated with it. One is printed and encoded on magstripe, second is for the chip and third is for NFC. It's trivial for bank to see that they got a transaction with NFC number using magstripe or online and flag it as fraud. Your only option is to emulate a NFC card at a normal reader, but that only gives you one transaction - and you need to make it before the cards owner uses it. Only the relay attacks are a real threat, but that's easily mitigated by having the bank notify you about every transaction (every bank here in Poland will send you a push notification from the app if you configure it) or use a card with a built-in fingerprint reader needed to perform any transaction (at least one bank here provides it by default).

Google and Samsung pay are able to work offline. Android pay is not common around here, so I do not know about that.

I doubt people would use it much if that was the case, having to hold the phone there waiting for the spotty mobile connection to download the key

Neither of those services have the actual card or a copy of it. That's the beauty of the system. They just have a token with limited validity that can be used to generate payment information without using the card information. That payment info is then verified between the merchant, the card association and the bank (involving some crazy cryptography), without the merchant ever getting your actual card information. Both Apple Pay and Google Pay can work offline, they just need to refresh the tokens every once in a while.

Transmitting to a magstripe reader is a pretty clever idea, and easy in theory. It's basically a cassette tape reader, and only reads what's in front of it one "line" at a time. So you could trick it using an electromagnet, just like those now-old bluetooth adaptors for tapedecks.

the normal way to do this is just a hole punch a few mm from the edge of the card. You can find a heap of instructions online

My experience (also Canada) was vendors getting the tech for their POS devices a little before the banks and credit cards introduced the technology. This goes back to "chip" cards as well, of all places my small barber shop (with three people working there) had the first chip reader I saw in person months before my bank even released a statement that they were "coming soon".

Reducing the skimmer problem.

Legally, the card is property of the bank, so you are destroying/changing the bank's property. Probably violates the cardholder agreement, and maybe violates a law or two. Functionally, though? No one will care. As for card replacements, they do wear out. I had one for a few years that started getting flakey with the chip read, so I requested a new one and they replaced it for free. Same story with friends and family. Not a big deal to replace, the cards cost em a dollar or two to make. As long as you aren't requesting a new one everyday, they won't care.

I'm pretty sure it's fake info

1111 2222 1111 2222 isn't a real card number

Just use a sharp knife like a razor blade and cut the antenna. Way less people will ask about holes in your card.

or just use a hole punch near the edge of teh card like people have been doing for a decade

What actually is so bad about going all the way through the card?

I just asked my bank for a card without rfid.

Or you could just stick aluminium foil to the card and it would work similarly well.

Also from Australia, but all my cards (various banks) still have mag stripe (as backup to NFC/chip), and issued within the last couple of years. The no mag stripe might not be as widespread with banks as you think.

USA hasn't been cutting edge for a while now. Even in EU many newer cards just don't have magnetic strip anymore

When it comes to banking, USA is a couple decades behind in most aspects.

@@Thermalions Huh. Probably just my bank being an early de-adopter.

Next video: thin-film explosives.

"apple/google/samsung pay works without connectivity".. Semi true.. The 'users' phone/watch/device doesn't need connectivity.. The 'reader' (eg, the business owner) needs connectivity.

The default android pay uses a cloud based “host card emulation” where it’s in the cloud so does not work without network. Apple Pay does and I think some phones and maybe Samsung pay uses the secure element. But many don’t so need a network connection. See Wikipedia for “host card emulation”

@@lathiat None of OEM pay apps use "host whatever emulation." This tech stack is called tokenisation and works without network for limited amount of times and limited sums. Wallet on the device loads 5 or 10 single use "keys" that are used for each payment and tries to request new ones via internet before they run out. Please stop trying to look smarter than you are buy spewing some words you imagine to be fancy. Or in other words - shut the fuck up and go read some documentation from VIsa or Mastercard on this topic. It all is easily available in their developer portals.

I am pretty sure all android phones have an option in that slide down menu to dissable NFC on your phone completely, just like you can disable wifi or GPS.

@@ColinRichardson of course the payment processor needs connectivity, how else would it charge the card? Print out an old school carbon copy paper and mail it in to the bank??

Wikipedia has Android Pay in September 2015, almost a year after Apple Pay. It was only announced in May 2015, 7 months after Apple Pay debuted in the US. Are you thinking of Google Wallet (which is an entirely different non-EMV thing)?

Here in Poland I remember banks rolling out phone contactless payments way before Apple and Google were a thing. When Apple revealed their solution there was a lot of talk about "why are Americans so excited about this, it's been a thing since ages".

@@ScarfmonsterWR I wonder when Americans and other countries will adopt somethibg alike to blik payments. It's so convenient and I was shocked to find out that's not available outside of Poland.

@@zimpenfish You are right. Google's constant name changes and app merges got me confused. They have done something similar to this recently with the Google meet/duo app.

@@zimpenfish That's indeed just an issue with Google's renames again. Google had NFC mobile payments as early as 2012, maybe 2011. It's not that easy to find now. You can find a 2012 CNET article "Is NFC killing Google Wallet?" (I don't think I can do links here), where they explain how wrong Google was for implementing mobile payments through NFC.

credit to Babak for thinking of the TigerShark. i'm more of a seldgehammer guy. 😂

@@DeviantOllam lol Yeah, I'm an old retired cop and now a PI, I'm not exactly subtle. I tend to go for the most direct route to get what I need. I'm enjoying the fireside chats.

@@DeviantOllam Back in the days of the early Wave Technology™card b.s. I was not into it, so I took a ball peen hammer to the center of the little chip. Mind, this was back before chip and pin was being attempted, so it only killed the transmitter. Worked a treat.

It would prevent Apple Pay from working on his phone though which he says is a higher priority for him.

@@NithinJune I see what you mean, it would also shield the phone's NFC. I didn't think about that.

Thanks! Will do!

Jump to +0:00 this isn't meant to be a how to video

you sure about that? =)

I know with my bank, the settings just tell the bank to block transactions

I used to get that look all the time.

Or makes it easier to remove because it stops it sticking to the card that it's up against.

Aside from activation of my card for T2P I haven't entered my pin at all.

My bank (in Czech Republic) has it different depending on the card type, credit card can be used freely, but debit can only be used few times and is limited by time too (days since last inserted). Not that I used one in months when Google Pay/Wallet is around

Used to be number or cumulative value, but you can do £100 a throw with tap now.

also like that in the EU, there is also a upper limit of 25 euro per transaction with contactless. If it's higher than that you must write a pin

It will still interfere with a phone's NFC coil.

Hi from Australia - we have zero liability and have had chip and pin for decades

Pretty tricky I would expect, judging by how thin circuit board traces are. You might be able to melt and/or dissolve the plastic.