OT - credit card upgrade question

The only information that can be read with a remote reader (assuming that the reader is within a few inches of the card) is the same information embossed in the card and readable on the mag stripe. Those details are insufficient to create a cloned card.

I make all local purchases in cash and use a credit card only for online purchases which are not very frequent. Probably the next card they send me will have a chip and I'll definitely be looking to disable it.

US version has no PIN. The CC company says it is more secure than the standard cards.

And you render it useless if you ever do need it in a store. Dumb idea.

Pretty hard to clone the chipcard any way.

Geet a metal can of Altoids, wintergreen my favorite, eat/enjooy. Place the card in the empty Altoid can for carrying in your pocket. That way you get the best of both worlds, the convenience of 'wireless' charging AND mental satisfaction that no can read it until YOU want it read.

| The only information that can be read with a remote reader (assuming that the | reader is within a few inches of the card) is the same information embossed in | the card and readable on the mag stripe. Those details are insufficient to | create a cloned card.

Do you happen to have any links to info about this? I don't understand the technical details of how it works, and without knowing that it's hard to assess the risks, or lack of them.

| The chip cards in Canada are all chip-pin. | If the US banks do any different they are more foolish than I even | thought. They HAVE to be chip and pin to work with the Interac banking | system. (world wide interbank system)

From what I've read, US cards will be chip and signature or chip and no signature for small purchases. (We're Americans. We shouldn't have to remember numbers or interrupt our phone conversation to type on a dirty keypad. :)

Signature is useless for security. My own signature written with a plastic pen on a touch- sensitive pad looks like a 2-year-old's drawing. I can't believe there's any check on that. It's probably only used so that I can't easily say I never made the purchase.

Chip and PIN sounds like it might OK. On the other hand, why not stripe and PIN, to avoid contactless reading? It seems to me that the rush to achieve some fantasy of "space age" convenience and techno-pizzazz is resulting in a lot of dubious designs and decisions. Chips naturally bring in all the issues of non-secure communication, as is true of wi-fi computing: It's convenient, it's not generally *too* risky, but it simply can't be made as secure as direct wired computing.

| The RFID chip in RFID cards can only be ready from a few inches away. It's the | same chip and technology found in millions of employee badges around the world. | If there was a problem with remote survelliance of RFID card holders, you would | have heard about it already. |

I'm incredulous that you could think that. First, you're contradicting your own point. Isn't the purpose of employee ID badges to track movements of employees and perhaps act as a security device? Having a chip read in proximity to a reader is exactly what we don't want.

Did you ever see the map of the journalist who discovered his iPhone was keeping a record of all of his movements? Did you hear the one about the man who only discovered his teenage daughter was pregnant because Target started mailing coupons for baby gear? (Target had guessed she was pregnant based on her purchases.) How about the issue of cellphones being used to track people in malls? Why not EMV chips and RFID chips?

I'm very concerned about privacy issues, yet even for me it's difficult to imagine what problems there could be. Increasingly, vast data is being combined with vast analytical capability. It's not farfetched that you might one day drive past a CVS and see an ad on your dashboard for a prescription drug sale, on all the drugs you and your family take, because CVS has a new, improved RFID chip reader and they picked up 3 RFID tags in your car, two of which are from Walgreen's (packaging from the shaver and clock you bought awhile back), and all of which identify you via your shopping history.

If you shop at CVS you're already being sold out:

In this theoretical scenario the additional RFID reading of debris in your car allows all of the dots to be connected, and your daughter now starts seeing CVS ads for her birth control pills on her Facebook page. This is not at all farfetched. (See the links above.) But it is very difficult to grasp the extensiveness of the growing data linkage.

I'm often surprised by the news that comes out. It's so Orwellian that we just don't expect it. And in general we *don't* hear about them. That's been a big complaint with intrusions into commercial databases. The companies don't want to go public because everyone wants to pretend that credit cards are secure.

I think it's safe to say that if there are problems then the odds are I *will not* hear about it.

| But as I said - very few EMV cards have the RFID feature.

But both can be read without direct contact, right? So what does it matter in prctice?

I have not used a credit card in a store in over 30 years and don't plan to start any time soon.

And a nice wintergreen scent every time you pull out your CC...

Hi, I go to my bank and ask for them to do it. They know how to. If they refuse I tell them I don't want the card, then they reluctantly do it.

Are you sure the upgrade will be an RFID chip and not an EMV (Europay, MasterCard and Visa) "pin and chip" type of chip - which requires physical, electrical contact with the card reader? The EMV pin and chip is much more common than the RFID chip, is used throughout Europe, and has appeared on 3 of our U.S. issued credit cards during recent update/upgrade cycles. EMV chip readers are being phased in in the U.S., not RFID readers - which used to be in many of my local supermarkets here in the D.C. metro area, but have since been replaced by non-RFID card readers. EMV chips cannot be read by RFID sniffers.

I don't want and wouldn't use an RFID chip card because of the security vulnerabilities. If your card will have an RFID chip, I'd check with the issuing bank to see if they have a card with an EMV chip that will meet your needs.

Hi, It depends what POS business has. My store can swipe, read chip, RFID (which POS terminal can read within ~one foot). You don't even need to tap. I seldom see worn out chips, unable to read them. Maybe we swipe cards only couple times a month. My family never uses RFID, only chip.

Google "credit card safety tip".

I've used my U.S. bank issued EMV (so called "pin and chip") credit cards throughout Europe for more than 2 years. A PIN number was issued automatically with the cards (to make them compatible with use in ATM machines) but I've never been asked for my PIN by a restaurant or shop keeper. I've always been asked for my signature. For smaller transactions, such as purchasing fares in the London underground, or the Paris metro, the card was accepted by the vending machine without either a PIN request or a signature request. In fact, I purchased train tickets costing more than 100 pounds sterling from vending machines in the U.K. without needing pin or signature.

The only time I was every asked for my PIN at a restaurant was prior to having a chip enabled credit card, when after swiping the card, the waiter wanted me to enter the PIN. I declined because my bank told me that if I used my PIN with a point of sale transaction, it would be treated as a loan (as if it were an ATM transaction) and subject to daily interest charges until the balance was paid.

As an added benefit, you'll also get to advertise that you're paranoid with little understanding of modern credit card technology since you're putting an EMV card that can't easily be read remotely into a Faraday cage.

Reminds me of a "60 Minutes" episode where they were interviewing a Montana rancher about the Federal government's intrusion into their ranching practices. He was actually making a lot of sense until he pulled out his wallet and pointed to the tiny metal denomination threads embedded in modern US currency and declared "These bands are how the US government tracks every dollar we spend via satellite!" Cue theme from the "Twilight Zone."

I can't help but wonder if somewhere in that 30 odd page credit card agreement that the OP signed there's a clause that makes HIM responsible for any fraudlent charges made on the card after he modified/mutilated it in some way. That would certainly be exactly NOT what the OP wanted to achieve in trying to disable the RFID chip in a card that didn't even *have* one. Off-topic AND off-kilter. A two fer one bonus.

Fine if you never stay at a hotel or rent a car. No reason to disable it anyway.

On the contrary according to an item I read just a few days ago: chip-and-PIN is far more secure, and someone (Wal-Mart big-wig, IIRC) was lamenting that the USA was far too slow in going to chip and PIN -- anyone can forge a signature (does your signature on a sloping shiny surface look anything like the real signature on the back of your card? Has a charge ever been refused because they don't match?). CC fraud is far lower in counties with chip-and-PIN.

In addition to that, the range of RFID cards is supposed to be a matter of inches. I know that the RFID card I had until a while ago had to be touched to the scanner, and the RFID room key for the hotel where I am currently staying has to be touched to the lock. Waving in the general vicinity did not/does not work.

IAC, "chip" does not necessarily mean RFID. One of our new cards has a chip -- with visible contacts -- but is not, AFAIK, RFID. OTOH, the RFID card I mentioned previously did not have visible contacts.

Perce