RFID payment systems are one of those things that the community seems to be divided on. Some only see the technology as a potential security liability, and will go a far as to disable the RFID chip in their card so that it can’t be read by a would-be attacker. Others think the ease and convenience of paying for goods by tapping their card or smartphone on the register more than makes up for the relatively remote risk of RFID sniffers. Given the time and effort [David Sikes] put into creating this contactless payment ring, we think it’s pretty clear which camp he’s in.
Alright, so the whole ring making part sounds easy enough, but how does one get an RFID chip that’s linked to their account? Easy. Just call the bank and ask them for one. Of course, they won’t just send you out a little RFID chip and antenna to mount in your hacked up project. (If only things were so simple!) But they will send you a new card if you tell them your old one is getting worn out and needs a replacement. All you have to do when it gets there is liberate the electronics without damaging them.
[David] found that an hour or so in an acetone bath was enough to dissolve the plastic and expose the epoxy-encased RFID chip, assuming you scrape the outer layers of the card off first. He notes that you can speed this part of the process up considerably if you know the exact placement and size of the RFID chip; that way you can cut out just the area you’re interested in rather than having to liquefy the whole card.
Once you have your chip, you just need to mount it into a ring. [David] has designed a 3D printable frame (if you’ve got a high-resolution SLA machine, that is) which accepts the chip and a new antenna made from a coil of 38 AWG magnet wire. With the components settled into the printed frame, its off to a silicone mold and the liberal application of epoxy resin to encapsulate the whole thing in a durable shell.
If a ring is not personal enough for you, then the next step is getting the RFID chip implanted directly into your hand. There are even folks at hacker cons who will do that sort of thing for you, if you’re squeamish.
For a number of card providers, you will have to authenticate using a chip and pin after so many contactless payments (well in the UK at any rate) may hit a snag once that limit your bank has is reached. Though suppose you could just order another card, but I think my bank has 30 transactions. . . . .
We got the same in Denmark. Like, one of ten transactions hah to be with chip. Also transactions above 350DKK (about $50) has to be with chip and pin.
It’s not the case for smart-device contactless in the UK. I can buy a BMW Mini SE with my watch if I ever have enough in my current account to pay for it, and a random number of times I have to put my pin into the watch before I can pay.
Card-based contactless is the same as Denmark, but a little stricter (reauth about every fourth transaction, £30/260DKK).
I would say it depends on card provider, but even so you can call them to change their default limits. I personally called and disabled any tap payments on my cards but i never bothered to ask what the upper limit was both for amount and number of consecutive payments.
Others may be able to tell you if there is a usage limit in north America but i don’t really see how that is necessary as almost all banks have a profile on your spending and are able to determine if your card has been stolen or not based on the first time it is used outside of your spending profile. They also tend to be quite happy to suspend the card if it is near the borders of the profile, which requires a simple phone call to authorize the declined payment.
Also I’m pretty sure that when you call them to ask for a new card, your old card will stop working (and at least for my bank will arrive with a different card number or CVV). I don’t know how open they’d be to having more than one card on the same account.
What country are you in? Having a new number for each card or only one card per account doesn’t sound like any bank I’ve worked with in the US.
How would a married couple both have cards tied to joint account in that scenario? Seems a pretty common scenario.
In the UK at least cards are never reissued with the same number. But they also typically ask if you want your old cancelled rather than just do it.
So joint acccount holders will have different card numbers tied to the same account (so each transaction is attributable to a particle person).
Surprised this isn’t the case around the world even if the card has the account number and sort code the CCV and card number will be unique.
I see no reason why they should be the same?
UK goer here: Bank account (debit cards) are issued with different long numbers and different CVVs, my last credit card was re-issued following the expiry date with the same number, but renewed expiry and new CVV. The old card carried on working up til it’s expiry date (they say 4 weeks but it was still working going on 6 weeks+ before it finally snapped the antenna).
UK. MY credit card number is teh same as teh one issued in my partners name. it’s not a joint account. The CCV’s are different but the long numbers are teh same.
My bank issued my wife and me different cards with different numbers tied to the same account. It’s pretty nice since the statement shows who bought what instead of grouping them together.
Same thing in Canada, you will get a new card number. We have different card number even with a joint account.
Married couples (or anybody sharing a bank account) each get their own bespoke card number. You cant have multiple cards with the same number, that would defeat the purpose.
I live in the Netherlands, but im fairly sure this applies to all of Europe, every ATM card i’ve ever seen was numbered (like, a number besides the bank account number) and when you ask for a new card they de-activate your current one and assign a new number to your new card. That said you can just ask for a secondary card.
Some of my CC’s have the same # on the joint card. ALL of my debit cards all have a different number on each card. The debit cards are that way to prevent completely isolating you from your account. If one card is stolen, the other stays active. On a trip to New Orleans I swiped my debit card and it was declined. :/ So I used the joint holder’s card and it accepted it. A little later I tried my card again at a different place and it accepted it. I called the card issuer to find out why. It turns out New Orleans sees a lot of fraud, so the transaction that was declined would have continued to decline until I called. Since the other card, different number, attached to the account was swiped at the same place for the same amount, the system figured the odds were slim that both card holders would have lost their cards at the same time. That transaction processed and unlocked my card. Now I know to call when I travel outside of my area to stop those types of declines. I also know if card A is declined use card B and if A was declined because of potential fraud, card B will authorize and clear the alert on card A.
Yeah, although in the UK you have better options like https://mclear.com/ which we don’t have in the US. I mainly made this out of frustration that the UK has cool tech that we don’t.
I wonder if the bank’s smallprint covers disolving away the card!
Quite sure it’s against TOS ;)
In the late 90’s, there was a ring that would do this. For the life of me I can’t remember what it was called…
It looked like a mood ring, with the big “jewel” being what you would tap to the sensor on a soda machine. I think it even had a lower case “i” on it somewhere…
Does anyone else remember this? or am I crazy?
Java ring
https://www.javaworld.com/article/2076641/an-introduction-to-the-java-ring.html
YEEEEESSSSSSSS!!!!! iButton! Java Ring! omg I’ve been searching off-and-on for this when I randomly think about it for YEARS!
Thank you! :)
This is amazing!
Wait a second… april 1 1200am?
Have i been trolled for over 21 years??!!
No, it’s a real thing. I almost had to program on one a while back. It uses an ultralightweight JVM with no support for dynamic memory allocation (remember that in Ye Olde Java, the only way you could do dynamic memory allocation was ‘new’, and this was only allowed in singleton array declarations where the compiler could statically assign RAM). It wasn’t actually… bad, once you understood what it was for (crypto algorithms in a secured environment), but it was quirky.
Oh thank goodness.
It’s oddly satisfying to see obscure things we used to put extreme effort into (in order to overcome the hurdles of infant or non existent technology) become so pervasive that the ultimate goal is secondary to the form factor of the carrier.
… that’s about as good as I can explain the thought. Read it 5 more times and maybe it will make sense, or something :) I could barely find the words to say it.
I had some of these iButtons. I don’t remember how, but somehow I ended up getting a hold of a demo or dev kit for them. I didn’t quite understand it 20 years ago because I am not really a programmer, so I think I ended up tossing it out. Would be fun to play with now, as I have experience with 1-wire devices now.
There’s actually an upscale hipster-style wine and beer tap room in Winston-Salem NC that issues iButtons to keep track of your tab while there.
Yes, they have self-service taps.
Yes, if I could stand hipsters I’d hang out there more often.
“Some … will go a far as to disable the RFID chip in their card so that it can’t be read by a would-be attacker.”
Sounds not very accurate considering there’s a single chip inside card that handles both RFID and contact payment. Possible though when using magnetic stripe (which is almost obsolete today). Cutting the antenna sounds closer to truth, although IDK if there’s a robust method to do this and not screw up the card visibly.
Otherwise cool ring! Add a second chip, small switch and there you have multiplexed cards!
I’m going to assume you aren’t in the US, magnetic stripe still the standard here. Anything else (chip or RFID) is an extra feature.
I can disable the RFID function/part of my EC Card by myself. Just insert in the Banks ATM and enter the configuration menu to disable/enable the RFID stuff.
After disabling it, my Smartphone doesn’t even detect the mere presence of the card anymore (but it did before with a RFID reader app).
Originally it was two chips when this came in (UK here) then it moved to a single chip.
I disabled mine from day one. I dont want the technology and the banks (I have 8 different cards/accounts) refused to either send me a card without it or to disable at their end.
It’s not a responsibility I want or need to look for transactions that I haven’t authorised and report them. I’d rather spend my time on other things than picking over my account. And I still often use cash for small transactions.
I disagree with the onus being on the consumer to detect, report and prevent fraud. Chip & pin responsibility is with the bank.
It’s easy to find the antenna, often by looking at the card from different angles. The wires have to meet the chip from four sides, so cutting with a guess isn’t too hard..
Else you nuke it, the wires show themselves and then you order a new card. It costs the bank to send one, not me.
People also share pictures of cards and the antenna locations on the interwebs.
Cutting the anntenna hasn’t blocked the card with any bank I’ve tried.
The card is obviously marked. I cover the cuts and the contactless logo with black marker.
No one has ever questioned why. Probably because in the UK you tend not to give people your card for processing but insert it, and tbh, people taking payment dont really care…
Now COVID is over I’ll start doing this again, drilling a 4mm hole through the antenna loop usually works. However I did find after a year that my credit card company claimed that my card might be malfunctioning and sent a new one. So they probably monitor use of wireless vs chip and PIN.
Implantable cards can’t make payments yet… Soon, but not yet.
I still say add a flat disk clicky tacktile switch to a contactless card to enable the coil would be a good compromise.
Nice, but I’ed colour (yea I said colour, wanna make something of it!?) it an opaque metallic colour (yea, I did it again!) so it looks like an ordinary ring so when you pay for stuff with your hand people will thing your magic.
I just use the NFC or MST on my watch ;)
This is a really cool project :)
I tried to dissolve a card myself, and the antenna is on the small pcb.
It should be easier to make a ring with this.
I can read the ID from the chip with my phone.
Does anyone know how I can read these chips with a Arduino ?
I have tried a couple of readers, but they won’t read these chips.
Both the cards I tried this on have large contactless RFID chips leaving me to wonder which of the several contacts on the front correspond to the contacts for the antenna. Googling was of no use, do I just trial and error the heck out of it?