We were discussing our next trip with a friend from Switzerland. He told us to beware that thieves can get information from your credit cards by standing near you. He said they can use that information to make charges against your cards. Is there a way to defend against that? My friend uses his phone for all payments as a result and never takes credit cards.
J Ligon
But what do you do if thieves still your phone or you drop your phone and break it or lose it, this is more possible when you are using it for everything including taking pictures.
What if there is an internet network outage on your phone like the one ATT had a month ago ? Using your phone to pay is not absolutely safer than using credit cards. You are not liable for unauthorized charges if someone steals your credit card.
Never put all your eggs in one basket. You should have more than one way to pay, including carrying some cash hidden and more than one card under your clothes. But pay for everything with a credit card or the phone if the options are available.
Your question caused me to look at this online a bit. I wonder if anything is really secure these days? There are two sides to credit card security. The first is holding onto to it and using it discretely and the second is the fraud prevention measures of your credit card issuer. I get notified by my phone every time my card is used. In addition, if there is a charge that gets flagged by my provider that it could be fraud, they send me a text message right away to confirm whether it is a legitimate purchase or not. (as a side note, this is another reason to travel with your smart phone).
There is a false security in only taking your phone with you. What if you lose your phone? What is drops and breaks? I think most people would prefer to have a credit card with them as well. Now, I am not sure if RFID sleeves really work, but I am sure that some other posters know more about this than I do and will tell us.
edit: I see Jazz and I were thinking the same thing at the same time.
The chances are slim, but it could theoretically occur. When I travel I place my credit cards in security sleeves. Likewise, many purses and wallets come with built in security/RFID blocking features to prevent thieves from getting your information. I even put my passport in one.
You can buy them on Amazon and probably where luggage is sold or office supply stores.
There have actually been basically no reported instances of this ever happening. But your friend has seen all the advertisements and all the scary stories from people who make money selling RFID blocking and your friend has fallen for that.
And why would anyone go to this much trouble? they’re going to have to stand on your foot to get close enough and if you don’t believe me, go to your local gas station and try to pay for gas with your credit card in your wallet in your back pocket. I bet it doesn’t work because the reader has to be basically touching the credit card The Card is not actively emitting information
For the price of this equipment, they can go on the dark web and buy 100 credit cards that are guaranteed good. There’s no need to waste money on this equipment that doesn’t actually work
And your friend is protecting himself against basically a non-existent threat. And if he’s like a person I recently met whose password for his phone is 12345 then he’s really missed the risk assessment.
I've lost track of how many times my credit cards have been hacked. All at home, in the U.S. Except for having to wait a few days for a new card, it wasn't that big of a deal. Fraudulent charges were removed, no issues.
I don't think any of the fraudulent charges on my cards came from the use of the physical card. I don't see how applepay would be any better.
We just make sure to have multiple cards. We like when our cards have different numbers even if they are the same account. So if one card is hacked, the other card is still good.
I use rfid holders, not because I believe in their protection but these cute critters makes it easy to know which card I’m grabbing.
My primary and secondary cards are in Apple Wallet. The physical primary card is in my wallet along with no more than €50 for daily use. My secondary card, secondary backup and ATM cards are in my money belt.
So I can remember PIN numbers, I code the rfid sleeve, ie dad’s birthday, anniversary.
Jay,
There is a remote chance that your cards can by "read" remotely, but as the others have mentioned this is a very rare occurrence and I've never seen any cases of this being done (except in demonstrations). The easy solution to this is to place your cards in RFID blocking sleeve, or use an RFID shielded wallet.
I also strongly agree with previous suggestions to "not put your eggs in one basket". Relying only on a phone for all payments could be a disaster if the phone is lost or stolen. The practice of "Apple Picking" still happens, and this is one recent article on the subject - https://www.solosophie.com/how-to-not-get-your-phone-stolen-in-paris/ .
In theory this is possible in practice not really.
While it is possible to remotely read the RFID chip in the card (and this has been demonstrated to work), there is not much you can do as a thief here.
So for a thief to be able to do this he would first need to get a terminal, (handy, portable, battery powered ones do exist), and register for an account with a payment processor. And they will want to see a good government issued ID to start with.
And then if they managed to pull it off they will still have to wait a few days till all the money is in their bank accounts. And if only one individual discovers the theft, and files a complaint the police will be knocking at their door. Or waiting for them at the bank when they try to empty their account...
Electronic transactions leave a huge paper trail. Criminals do not like paper trails...
I've lost track of how many times my credit cards have been hacked.
My Swiss cards never got hacked. Maybe because Swiss banks just employ better security. You cannot use my CC number on a website without also being in possession of my phone (and having a face that looks like mine). You cannot use it in a terminal without knowing my PIN.
Signatures have been a thing of the past for some time, and my new cards do no longer have a place to sign them even. They also have a portrait design, and no longer are embossed, which means that more fit in my card holder. (A small card holder is all I carry with me nowadays, as I do no longer use cash).
My Bank of Ireland company credit card however got promptly hacked. One day I got a phone call that someone used my card to fill up his car in Egypt, and they asked where I was. Then my card got blocked, and I got send a new one...
For me the main attraction of RFID blocking wallets is not safety but convenience. Often they make it possible to keep one card outside of the RFID cage. That makes using a CC in public transit quite easy, as you do not have to get your card out. Just your small CC holder, hold it against the reader, and the RFID protection makes sure that only one card activates...
interesting video. tells how it can happen, but not how often this is going on.
https://youtu.be/M0LBpFA0OuE?feature=shared
Horsewoofie, adorable, something else to consider purchasing due to my time here!!!!
WengenK, I won't argue about Swiss banks being more secure, but at least half of the times my cards have been compromised, its been the banks that caught it. I'll typically get a message to check some suspicious transactions. I also get message if a certain amount is charge on a card and for a couple cards I get a weekly summary of activity.
A couple months ago I got sucked into a fraudulent website that was spoofing a company that I was wanting to purchase from. My Nordstrom VISA somehow caught the first transaction that was made on the card.
My point is that you cannot do anything with just my CC number. So if someone gets its hands on it, and then tries to use it on a website they will get nowhere.
Same with my actuall cards, which will quickly be useless as well to a thief. I wonder what pick pockets expect to gain from their trade nowadays. Phones are pretty much useless too.
Wengen mentioned a separate compartment for a CC or a transit card. I just wanted to share what I've migrated to for travel. I want my purse and its contents to be as light as possible. To that end, I have a tiny, light weight wallet, which necessitates having most of the CCs in one pocket. A purse I'd used for travel had what was essentially a luggage tag hanging from a strap which could go in or out of the purse. I started to keep room keys and transit tickets/cards in it. It was more handy for transit and then I also wasn't digging in the wallet setting myself up for possible loss of a card. My newest purse, which I love (Travelon), did not have a hanging tag/compartment. It does have a hanging clip on the inside. I purchased luggage holder/pocket with zipper type thing which was cheap, from Vera Bradley, to keep a room key/transit ticket handy. I am thinking of finding a wallet which could also be attached to a hanging clip.
VAP, my link refutes a lot of your link. LOL. Who knows ... seems about as likely as running into an ATM with a skimmer on it.
Let's see of RS puts RFID shielding on his money belts.
The police here have been reporting for several years, of restaurant workers taking photos of cards, front and back (CCV) and forwarding the info to others. This is why the European requirement to do the transactions in your presence is superior to the US. So, a known threat that most people ignore.
I think people confuse the technology used for cards, with what is experienced with highway toll passes, NEXUS cards at the border, and entry cards to building entrances or garages.
Giving the card to restaurant or other sales people shouldn't be as much of a problem with Chip & PIN cards, as the cardholder never has to give the card to anyone as the PIN has to be entered into the POS machine. There would also be no opportunity to take pictures of my card, as it never leaves my hand.
I indeed never give my card to the staff at restaurants anymore. This used to be done in the past (what are those mechanical thingies called they used to take an impression of your card on carbon paper?).
Nowadays they either come to your table with a portable terminal, or you go to the cash register yourself.
These portable terminals are easy to obtain btw. They do not cost a lot, and you are signed up in no time. Which is where the fear that thieves could take advantage of it. However the fact that this all comes with a huge paper trail makes it unattractive for criminals.
I can not remember the last time I had to enter my PIN when I used my credit card?
I cant remember the last time I saw anyone entering a PIN when they used a credit card.
Its all tap and thank you.
That means anyone taking my card could have a field day shopping. Keep each transaction below a certain number so I dont get use notifications and I wouldnt know for days....
Its been ages I had to sign to use a credit card. I can use tap to pay, but that only works for purchases under a certain threshold. And I do get asked for my pin with some regularity. Especially if I use it several times in a row. Eg. in Wengen if I go to the Coop and then immediately afterwards to the Dorfladen I am almost always asked for my pin.
This is indeed probably to protect against someone stealing my card and going on a shopping spree.
Note however that you cannot clone a card using some remote card reader. In fact, you cannot clone the chip in a CC at all. So in order to be able to abuse my card a thief would indeed need to get his hand on the physical card first. And he will not be able to enjoy it very long.
This guy does indeed clone a card. But the long boring video also illustrates that the effort may not be worth the pay off: https://youtu.be/M0LBpFA0OuE?feature=shared
Maybe i can check with my bank and change my limit but I did about $300 a few days ago (in Europe) and they did ask for a signature, but thats all; no pin. The signature is sort of a worthless thing. Proves nothing. And my signature isnt much different than an "X" and no one blinks when I do it. I went shopping for summer clothes one day a week ago. Maybe 4 stores, charges from about $20 to about $200 .... a signature once, but that was it.
I'd simply add to the other replies above that while it CAN happen, the ODDS are very great that it WON'T happen.
One of the main benefits of a CC versus a debit (or cash) is nice is the relative low exposure to theft one faces. Theoretically, the risk is on the vendor to verify ownership of the card, so any fraud comes out of the vendor's pocket.
Keep an eye on your CC statements - at home (especially) but also abroad. You should know what you are charging, so flag any suspicious transactions and let the CC company deal with it.
In the US, until recently, but still in restaurants, your CC or debit card were handed to a "stranger" where all the info could readily be copied. In Europe and much of the world, your CC/debit card never leaves your possession, and that is a huge reduction in risk - my made up WAG is 1,000x some random stranger cloning your CC.
Likewise, prudent security measures like turning on text alerts for CC (or debit) transactions is helpful for near immediate "I didn't make that purchase" fraud protection.
I do like the suggested RFID blocking wallet for travel in that when traveling, you really can cut down on the "stuff" you carry in your wallet. A CC or two, an ID, and some cash are about all you normally need during the day on vacation. If, like me, you have other stuff - insurance cards, a debit card, a backup CC, etc. - that all stays in the hotel in the safe with my passport and extra cash.
I'm not an Apple Acolyte, but Apple Pay is in fact, better. It does not share your card number but supplies a "token" which permits a single charge.
Just because you don't know why you were hacked does not mean it was done with Contactless connectivity. As noted, have you tried buying a coffee with your wallet in your pants or purse?
Last summer's trip I had to enter the PIN when using the credit card in Germany, not anywhere else. Lesson ...have a PIN with every credit card.
Most importantly, from that trip my policy now is to carry a lot more cash than having some minimum amount....luckily, I did when in Paris, which saved me a good amount. I carry 3 credit cards, all with the PIN, all secure taking the usual safety measures, (the neck pouch and hidden pocket.). I don't use the phone, am not interested in and concerned about electronics by thieves after the plastic.
The Chip in the CC has a private key baked in it, that cannot be extracted once that chip has left the manufacturing plant. So technically the whole chip cannot be cloned using just a card reader (rfid or otherwise). What is however indeed still possible is to get enough information out of it so that you can get past those systems that do not yet implement the security measures correctly. So it all depends. Tests have been done, and it appears that especially UK banks still often do not implement all the safeguards.
This was at least 15 years ago and probably isn't relevant now, but I tried to use my card in Romania and the machine required a PIN. This was before every bank had PIN cards and I didn't have a PIN. I entered 4 random numbers and the transaction went thru.
I have been in Europe for 13 months now. I use my US ATM or my US credit card for everything. I have never been asked for a PIN except at ATM machines. A signature maybe 1 in 50 times. No rhyme or reason, sometimes small sales like a bottle of wine, but most often larger sales.
