I got a new credit card in the mail, and I noticed the PayPass logo in the top right corner. I’m no fan of RFID, especially with so many documented weaknesses. Also troubling is the loss of two-factor authentification that we’ve had for decades in Australia; both Visa and Mastercard require only the presence of the card for EMV transactions under $100. I like my credit card, I don’t like that other people can spend my money with it. I thought about trying to convince my bank to give me one that wasn’t PayPass enabled, but Mastercard won’t issue cards without PayPass, so it seems I need to make my new credit card compliant with my privacy and security policies.
Admittedly, all the exploits for RFID enabled cards seem to affect cards in the USA, whose banking system (as best I can tell) is run by a bunch of morons. I assume that the cards in Australia leak no information other than an identifying card number… but even that. RFID can allow unintended transactions, so I’d prefer my transactions to be intentional. I considered killing the whole chip in the microwave, but there’s a risk that would affect the mag-stripe. You don’t need a radiographer to lend you an xray machine to locate the RFID antenna. Turns out that a light globe is plenty bright enough to spot the antenna tracks, or the sun (if you can spot it at this time of year).
I lay my card on a horizontal compact fluorescent light globe, and look what I could see:
I dutifully marked the point where the antenna traces all converged on the one location, then drilled that point out with a hole made with a 3mm drill bit. I took it off to my local Kmart, and it worked. However, it failed at the Coles, and every subsequent retailer (dozens) I’ve tried using it. Apart from that one Kmart (others haven’t worked) the PayPass functionality is now turned off.
I’ll update here if I make additional modifications that are successful.
Just to confirm …. the paypass functionality is disabled but the contact chip is still working? And therefore the operation was a success?
Yep, the chip works great, and I can’t buy anything with PayPass – and I try at all sorts of places. The Kmart where this wasn’t true has upgraded its checkouts, and now it doesn’t even work there.
Good work. Did you think of using the drill bit on your bank manager?
Thanks heaps for this!
Different cards from different banks use different antenna track layouts. My 3 year old ASB card was easy to see tracks and cut, the new one has opaque printing all over. Tracks can just be seen using a very bright small LED flashlight. I used a hobby knife to cut a groove from the top of the first digit of the card no below the contact points to the edge of the card. I tested by loading app CardTest onto my Samsung Galaxy S3 phone and scanning it.
stoic i am a Bank Manager – please don’t shoot the messenger! I’m just as frustrated as everyone else about Paypass/Paywave etc.
If you need to point the gun at anyone, make it the CEO’s of Visa & MasterCard.
Excellent info, thanks. Recently had my wallet stolen so of course, Paywave very handy for criminals. I can’t believe banks give us no choice. I realise it’s Mastercard and Visa but they need to revisit this seriously annoying issue. I am not that strapped for time that I can’t spend a few seconds to press 4 digits of a PIN into a reader! It certainly isn’t for the customer’s convenience. From what I have been reading online, it’s only a minority that seem to like this irritating new card development.
I can’t see any antenna on my nab card so I presume it must have a separate chip. But can’t find that either. Any suggestions?
Hi, I am with the CommBank here in AU and I have tried this using a bright LED light but cannot see the things you are referring to ?
Any suggestions as we have just experienced having a card stolen and used via paypass and the bank have told us we have to dispute these charges (***************************)
Yeah I had my 2 old cards doctored which was easy enough and so subtle that, no one noticed it. Just had to replace one, and checked out the new card, and I fear it isn’t going to be so simple
My ING Visa card has the reverse totally blacked out and it is impossible to see anything through it even with the brightest light I have. I am not happy.
I just (February 2016) received a new Visa card from Wells Fargo. In the envelope, they play it off like they are doing you a favor. The pamphlet says “We identified your account as being at risk. As a precautionary measure, here is a new Enhanced Security chip-enabled card, free of charge!”.
First thing I did was called Wells Fargo and requested NOT to have the RFID-chip card as I never asked for it. They said it is not optional.
Disabling the chip is not as straightforward as it used to be. The chip is not necessarily underneath the visible foil “microchip symbol”, in some cases it’s way on the other side of the card. At least in my case, Wells Fargo now makes the card out of solid red plastic (not opaque white) to deter people like us from using a flashlight to find the chip. The RFID chips are very tiny now, much smaller than the symbol. For reference, they are about the size of Lincoln’s forehead on a penny. In my case, I believe (but am not 100% sure) that it was in the righthand side of the symbol. I think I could make out a darkening in the red plastic and it appears a bit different looking from the back. First of all, do not hack away with a hammer and screwdriver like I have seen on YouTube. You want the card to remain flat so it will still be accepted. I used a 1/32″ bit on a Dremel. Be VERY careful to not “divit up” the hole on the other side; it must be clean. The next step is breaking the chip’s antenna. This is a filament (very thin wire) that internally goes around the edge of the card, 1/16″ to 1/8″ in. It is molded into the plastic. Use a very sharp Exacto knife to slice 1/8″ into the card. Use gentle sawing motions, you want to make an incision and not distort the plastic up or again, the card will not be usaable. These two steps should (hopefully) completely disable the RFID. DO NOT use a magnet as that will wreck the stripe long before it affects the chip. DO NOT put it in the microwave, as it will melt the card as fast as it wrecks the chip’s circuits.
When you use your now-RFID-crippled card at a RFID-enabled reader, it will prompt you to insert and reject three times; then a message comes up on the cashier’s register to use the old (black strip) method. I have had no problems other than maybe delaying the people in line behind me. A friend who works in banking says that on purchases less than $99.99, the RFID isn’t involved in the transaction at all, it just harvests personal data about you.
I have a black backed ING card also. Tried a bright LED torch and could see all antennae circuitry really clearly (Also could see some heavy wide circuitry; I don’t have any idea about what that’s for). Am off to a geeky (I use the term with endearment) Maker’s club this arvo and, with support, will take to my cards with the drill bit.
I too had recently misplaced my credit card and found that, although I could block PIN based transactions, I couldn’t stop anyone using Paywave and I would have no comeback. Rather than risk someone taking my money via several “less than $100” purchases, I cancelled the card altogether. Ordinarily I would give myself 2 or 3 days to find my card myself (between cushions/in car/clothes…) before taking the step to cancel and reissue and then have to also reset direct debit payments etc. This time went straight for the inconvenient option and cancelled.
I just think their should be a customer option to switch off paywave.
On a MasterCard ( card facing me with a visible chip) used a 6mm drill bit, (sorry unsure of imperial measurements)
I drilled slightly off centre to top left and has fully disabled PayPass.
Apart from having to insert the card a few times to activate the swipe mode it works well.
I went into my bank last week asking about this. They told me the only option was to reduce the limit on paywave transactions.
Soon the Rothschild run banks will have that chip implanted into your hand, look up the truth about the Rothschild Dynasty [very evil people]
Wanting to disable a coles mastercard, it is solid black and cant see through it. Before having a new card issued recently requested not to have paywave, NO option. Few days ago account hacked and $1400 worth of less than $100 transactions (about 40 of them) made in less than 72hrs before Coles mastercard picked up suspicious activity and i was notified by sms at 3am. No sleep after that! Card blocked/cancelled and now process to sort out situation. Still NO option for a card without paywave. Going to try and “delaminate” my old card to figure out aerial track layout to deactivate the new card when I get it.
Did you know the bank makes a surcharge when you use paywave but not when you insert.
They also make a surcharge when you used credit on a debit card.
Now I know why they are encouraging the use of paywave,
As I understand it you cannot remove or disable or decline to have PayWave on CREDIT CARDS. This is outrageous and just customer bulling by the big 4 Australian banks abusing their oligopoly. We need MORE banks in Australia who really do care about customer empowerment. At the minimum you should be able to opt out. I just removed all my CREDIT cards from my wallet and I just do not use the CREDIT CARDS at all now. BUT both the Commonwealth bank and the National bank have SAVINGS cards which do NOT have PayWave. So I just make sure I have enough credit in these SAVINGS accounts and use their associated plastic cards which means that someone finding my wallet and cards cant rob me unless they know my PIN. Using my PIN takes just 1.5 seconds so that is just fine by me!
you guys all realize all you need to do is log into your banking app and disable contact less payments. both commonwealth and NAB support this function, can’t speak for other banks as those are the one ones I have an account with
There are options available now in 2019 that weren’t available in 2014 when this post was written.