How To Protect Against Credit And Debit Card’s Hacking

- Advertisement -

This article is only for readers’ awareness and to keep them protected against phishing devices that are being used to copy and misuse credit and debit card data. The possibility of hacking has increased with the recent use of contactless cards

Understanding NFC Technology

NFC, which stands for near-field communication, is a short-range wireless technology that allows devices to communicate with each other when they are in close proximity, usually no more than a few centimeters apart. It is a type of RFID (radio frequency identification) technology, but it operates at a much shorter range and at a higher frequency.

NFC is used in a number of applications, including contactless payments, access control, and data transfer. Now even our cars and toll tax barriers use the NFC. The technology is widely used in many devices, including smartwatches and rings, to enable a variety of functions, such as authentication and payments.

- Advertisement -

NFC-enabled rings can also be used for authentication and payment purposes. For example, an NFC-enabled ring can be used to unlock a door or make a payment by simply holding it near an NFC reader. These types of devices offer a convenient and secure way to conduct transactions and access secure areas.

Nowadays, passports also use NFC for transmitting data to a system containing sensitive information about you. But the daily involvement and dependency on NFC technology raise a concern about whether this technology can be problematic for our security. Before getting deeper into its security threats, let’s see how this technology works.

How NFC Works?

NFC uses magnetic field induction to transmit data between two NFC-enabled devices that are physically close to each other. When one device, such as a smartphone, is brought near another NFC-enabled device, an electromagnetic field is generated between the two devices. This field allows the devices to communicate with each other and exchange data. One device has a chip with a coil but no power supply while the other is a reader or writer having an antenna and power supply to transmit the data.

NFC communication involves three main steps:

1. Initiating communication: One of the devices, usually the one that initiates the communication, becomes an NFC reader. The other device becomes an NFC tag, which is read by the reader.
2. Establishing a connection: The reader and the tag establish a connection by exchanging a series of signals. The reader sends a request to the tag, and the tag responds by sending back its ID and other information.
3. Transferring data: Once the connection is established, the devices can exchange data. The reader can request specific data from the tag, or the tag can send data to the reader without a request.

How Secure NFC Debit Cards Are?

NFC is often used in credit and debit cards as a way to enable contactless payments. When you use an NFC-enabled credit or debit card to make a payment, the card communicates with the payment terminal using RF waves. This allows you to make a payment simply by tapping your card on the terminal, without the need to insert it into a card reader and enter a personal identification number (PIN).

NFC is based on the ISO/IEC 14443 standard, which defines the technical requirements for contactless smart cards and the communication between them and the reader.

Different types of NFC technologies are used in credit and debit cards, including:

Type A: This is the most widely used type of NFC technology in credit and debit cards. It operates at a frequency of 13.56MHz and uses a protocol known as ISO/IEC 14443-3A.

Type B: This type of NFC technology is similar to Type A, but it uses a different protocol known as ISO/IEC 14443-3B. It is less common than Type A, but it is still used in some credit and debit cards.

FeliCa: This is a proprietary NFC technology developed by Sony and used primarily in Japan. It also operates at a frequency of 13.56MHz but uses a protocol known as JIS X 6319-4.

Overall, the type of NFC technology used in a credit or debit card will depend on the specific card and the payment system it is designed to work with. Regardless of the type of NFC technology used, the security measures built into NFC technology and the additional security features of credit and debit cards, such as chip-and-pin or chip-and-signature protection, help to ensure the safety and security of contactless payments.

That being said, no technology is completely foolproof, and there is always a risk that a hacker could find a way to bypass the security measures in place. To help protect yourself from potential NFC-related fraud, it is important to take steps to secure your credit and debit cards, such as keeping them in a safe location, monitoring your accounts for any suspicious activity, and reporting any lost or stolen cards as soon as possible.

NFC Hacking Techniques

There are different ways a hacker might attempt to hack NFC, such as:

Skimming: This involves using a reader and writer device to capture the data transmitted between an NFC-enabled credit or debit card and a payment terminal. The data is then used to create a copy of the card. Or hackers can use the high-range NFC reader and writer and pass by you to read the card details and make a copy of your NFC card to make fraudulent purchases.

There are various tools and apps like Flipper using which the hackers can read your card data, store it, and even clone it. The data stored in NFC can also be copied easily by a phone or a reader device. The hackers can then use your card number and other details to use it for fraudulent purchases. In worst cases, hackers can even inject their own code or simply erase your credit card by using NFC writer tools. However, no such complaints have arisen yet.

It is however hard nowadays to do fraudulent transactions using hacked credit or debit card details as it requires an OTP or PIN while spending beyond a certain amount (generally, ₹5,000). A couple of ways a hacker may copy your card’s details are mentioned below.

Man-in-the-middle Attack: This involves a hacker intercepting the communication between an NFC-enabled card and a payment terminal, and either altering the data being transmitted or injecting their own data into the communication.

Physical Tampering: This involves physically modifying an NFC-enabled card or payment terminal in order to bypass security measures or to gain access to sensitive data.
The main feature of NFC is it works only over a very short distance. So, hackers can fetch data from your NFC-enabled card only when they are near the card. It is possible to design an NFC reader with a longer range by using multiple coils.

NFC operates at a high-frequency 13.56MHz and requires close proximity between the two devices in order to establish a connection. Increasing the range of an NFC reader beyond a few centimeters would require the use of a lower frequency, which would result in a slower data transfer rate.

If you analyze the underlying physical equations in the case of a circular loop coil antenna, the near field range (suitable for NFC communications) is about 1.414 times the radius of the circular coil. To achieve a practical 60cm range, you may try to create a near field with a theoretical range several times bigger, for instance, 180-240cm, for which you need a circular coil of about 2.5-3.4 meters in diameter. But you can change the shape and try the square shape for that.

Protecting Yourself from NFC Card Hacking

Given the heightened risk of card data cloning in busy environments such as metros, buses, and trains, it is critical to implement security measures to protect NFC-enabled cards. You can take the following steps:

1. Use Faraday Shielding: To protect your cards, store them in a Faraday wallet or bag, which filters external NFC signals and prevents unwanted data access.
2. Limit Transaction Amounts: Contact your bank to place limitations on NFC transactions, lowering potential losses in the event of fraud.
3. Enable Multi-Factor Authentication: Many banks allow additional PIN or OTP verification for contactless payments, adding another degree of protection.

Ashwini Kumar Sinha is an IoT and AI enthusiast tech journalist at EFY

This article was first published on 15 May 2023, and recently updated on 11 November 2024.