I’ve been concerned about the unilateral addition of RFID technology to my bank access cards and to my credit cards for some time. This technology has the potential to be invasive and insecure for the user.
I have requested my bank to remove this capability from my cards. But that request was met with a clear message to piss off and not upset their grand plan.
Dear Mr Stevens,
Thanks for your recent email regarding your Visa Debit Card. My name is Christine and I will be helping you with your enquiry today.
Mr Stevens, firstly I apologise for the delay in responding to your email due to current high volumes.
Unfortunately I regret to inform that we are unable to remove the Visa PayWave option from our Visa Debit Cards as all cards have been upgraded to include this function.
We appreciate your understanding on the matter Mr Stevens.
Premier Customer Service Consultant
HSBC Bank Australia Ltd
On the 6th of June I requested information on removing the Visa
“Paywave” functionality from my account. The automatic response system suggested that you would provide a response within 48 hours. To date, I have received no email regarding this issue.
To reiterate. I would like to have the Visa paywave functionality removed from my Debit card.
Vendors and merchants are now taking my card and “Waving” it without my express permission. This is very dangerous functionality, as I have no option to check and confirm before my account is debited.
Please confirm the option to remove Visa Paywave from my HSBC Access Card.
Best regards, Phillip Stevens
Ok. So it is up to me to fix this issue myself.
There are many instructions on the Internet which imply that the easiest way to remove the smart card capability is with a hammer, applied with extreme prejudice directly to the chip. This brute force method has the dual effect of killing both the smart card and the RFID capability. That is an issue for me as I actually think that the smart card capability is a good feature, as the use of “chip and pin” significantly increases the security of transactions using the card.
It occurred to me that the RFID capability depends on the antenna contained in the card for generating the power for the chip (through induction), and for carrying the signal between reader and card. So, the RFID capability could be removed simply by interfering with the antenna coil.
I was initially concerned that interfering with the antenna would cause some issue with the “chip and pin” functionality. But then I thought that (if I was the engineer designing the solution) it would be stupid to remove the fallback capability for “chip and pin” if something unforeseen happened to the card RFID antenna. So I thought; worth a shot!
How to kill the RFID via the antenna?
The RFID antenna tracks around the outside of the card as shown in this image. The actual track of the antenna in your card can be checked by viewing with a very intense light (like a LED bicycle headlamp) from behind like an x-ray whilst shielding your eyes from stray light.
The RFID antenna can be segmented anywhere to break the induction loop. But, with respect to the integrity of the card, I preferred not to disturb the chip, the signature panel, the hologram, or the magnetic strip sections of the card. This just leaves a small section on the left side of the card (front view) that can be punctured to delete the antenna.
The puncture can be made anywhere. The only critical measurement is the distance from the card edge. For my cards the antenna was 3mm from the card edge. Use the x-ray view technique to check for your own card. The hole needs to be closer than 3mm to the edge, but far enough away so that the card remains fairly strong.
How to make the puncture without making a mistake?
I made a template using the following method.
- Get a normal paper hole punch and punch holes in paper as a template.
- Make a pen mark on the card at the location that you want to make the hole.
- Hold the card over a hole in the paper so that your pen mark can be seen through the hole.
- Mark around the card on the paper for alignment.
- Reinsert the paper, and the card on the alignment marks, into the hole punch.
- Punch a hole (whilst cursing Visa and Mastercard for being an oligopolistic blight on society), and profit!
- Rinse, repeat for all RFID cards.
Test this by trying to use the paywave functionality at your local vendor. RFID fail! Woot!
Warning: This worked for me. Your mileage may vary. Worst case, you’ll need to get new cards issued by your bank, so do it with cash in your pocket.