How to protect your contactless cards from digital pickpockets

TL:DR – A simple hack using tin foil to protect the contactless cards in your wallet or purse.

---

My astro news friend [the late] Paul Sutherland recently described how to make a simple protector for your wallet if your wont is to carry those new-fangled contactless debit and credit cards. The protection involves cutting a sheet of tin foil to size and backing it with a couple of strips of gaffer tape and then inserting into the back of your wallet. Once folded the flexible, yet robust, composite sheet will form a pseudo Faraday cage around your cards screening them from the kind of shoulder-surfing hackers with the right kit who might be able to read the radio-chip in your cards (and even perhaps the magnetic strip in older cards).

Perhaps this all sounds a bit “tinfoil hat” and paranoid…but there have been many instances of individuals losing a little money hear and there as hackers take payments from those they jostle and bump into in busy shopping centres, crowded buses and trains and while they gawp at mobile phone screens watching inane videos. However, as another friend pointed out there is a very low limit on how much can be leeched from an account in a single transaction with a contactless card. Moreover, your bank is liable for any such fraudulent loss, so the consumer would not generally end up out of pocket, especially if their contactless card was never out of pocket, as it were.

However, as a true paranoid neurotic I see this protection as essential to avoid the hacker getting a “red paperclip” from you. Do you remember the One Red Paperclip website created by Canadian blogger Kyle MacDonald in 2005. MacDonald started with a single red paperclip and bartered his way up to owning a house in a series of just fourteen online trades over the course of a year. The subsequent book was a bestseller and I’m surprised that Hollywood has not taken up an option to make it into a blockbuster movie.

My point is that if a hacker can access data associated with one of your cards, then that is like a red paperclip to them. Hook that up with the possibility that you might be using the local Wi-Fi without a VPN (virtual private network), say, and they could also be accessing your Facebook, Twitter, email, bank or other service as you work online on a bus in a crowded coffee shop or wherever. It’s not at all far-fetched for such a hacker to have skimmed your contactless card, have all the info for that and then link that to your birthday, home town, pet and mother’s unmarried names via your Facebook and other social media contacts and then to give your bank a quick call requesting a replacement credit card. They could well know your home address by now or have found a way to redirect your post having told the local post office that you’ve moved house…of course, if you don’t shred your bills and statements before putting them in the recycling caddy outside your house every fortnight you’re also exposing your data. It’s all fodder for ID thieves…

There’s a blockbuster movie in my train of thought here…if anyone fancies taking up that option.