Electronic – How to shield a card like Visa payWave and MasterCard PayPass to block its communication

radioshieldingsmart-cardwireless

This is basically a replication of this question on Personal Finance SE. Suppose there's a wireless smart card like Visa payWave or MasterCard PayPass or MIFARE Ultralight. The owner wants to temporarily shield it so that it's totally impossible for a malicious third party to make the card confirm a transaction.

Will wrapping it into tinfoil be enough? How much shielding is needed to shield such card?

Best Answer

Best of all a pocket of mu-metal.

BUT as others have said a sheet of metal foil close-by should suffice.

A sleeve of Aluminum foil glued on the outside of a properly sized plastic pouch would allows easy insertion/removal and long life.

MIFARE and other systems are almost always "near field" inductive power transfer systems. Your aim is to provide a conductive surface that the induced magnetic wave will dissipate energy in. Because the card is resonant it may be able to do some fairly wonderous things at low signal levels in some cases so a solidly enclosing metal foil pouch is probably wise.

Wikipedia MIFARE & variants

  • MIFARE is the NXP Semiconductors-owned trademark of a series of chips widely used in contactless smart cards and proximity cards.

    The MIFARE name covers proprietary technologies based upon various level of the ISO/IEC 14443 Type A 13.56 MHz contactless smart card standard.

Variants:

  • MIFARE Classic employ a proprietary protocol compliant to parts (but not all) of ISO/IEC 14443-3 Type A , with an NXP proprietary security protocol for authentication and ciphering.

    MIFARE Ultralight low-cost ICs that employ the same protocol as MIFARE Classic, but without the security part and slightly different commands

    MIFARE Ultralight C the first low-cost ICs for limited-use applications that offer the benefits of an open Triple DES cryptography

    MIFARE DESFire are smart cards that comply to ISO/IEC 14443-4 Type A with a mask-ROM operating system from NXP.

    MIFARE DESFire EV1 includes AES encryption.

    MIFARE Plus drop-in replacement for MIFARE Classic with certified security level (AES 128 based)

    MIFARE SAM AV2 secure access module that provides the secure storage of cryptographic keys and cryptographic functions

Hacking Barclays version with a cellphone - video news item. Python script to read the cards.

Nice pickpocketing demo :-).

VISA payWave

They say

  • Transaction Protection: Cards can only be read up to 4 inches from the secure reader and each transaction is accompanied by a unique security code to protect against fraudulent use. Plus, you maintain control of the card at all times, which reduces the risk of fraud.

More here with few seconds of video demo

Related Topic