I’ve been concerned about the unilateral addition of RFID technology to my bank access cards and to my credit cards for some time. This technology has the potential to be invasive and insecure for the user.
Using RFID PayPass will make you spend 30% more than you had planned, off the top of your wallet. This science is reported by MasterCard. You’re welcome MasterCard.
This HackaDay post explains another reason why RFID is not to be trusted for personal details. Public domain information. The real issues are not publicly reported.
Mythbusters isn’t even allowed to think about discussing RFID issues.
Because of these issues, over three years ago, I requested my bank to remove this capability from my cards. But that request was met with a clear message to piss off and not upset their grand plan.
Dear Mr Stevens,
Thanks for your recent email regarding your Visa Debit Card. My name is Christine and I will be helping you with your enquiry today.
Mr Stevens, firstly I apologise for the delay in responding to your email due to current high volumes.
Unfortunately I regret to inform that we are unable to remove the Visa PayWave option from our Visa Debit Cards as all cards have been upgraded to include this function.
We appreciate your understanding on the matter Mr Stevens.
Kind regards,
Christine
Premier Customer Service Consultant
HSBC Bank Australia Ltd————
On the 6th of June I requested information on removing the Visa
“Paywave” functionality from my account. The automatic response system suggested that you would provide a response within 48 hours. To date, I have received no email regarding this issue.To reiterate. I would like to have the Visa paywave functionality removed from my Debit card.
Vendors and merchants are now taking my card and “Waving” it without my express permission. This is very dangerous functionality, as I have no option to check and confirm before my account is debited.
Please confirm the option to remove Visa Paywave from my HSBC Access Card.
Best regards, Phillip Stevens
Ok. So it is up to me to fix this issue myself.
There are many instructions on the Internet which imply that the easiest way to remove the smart card capability is with a hammer, applied with extreme prejudice directly to the chip. This brute force method has the dual effect of killing both the smart card and the RFID capability. That is an issue for me as I actually think that the smart card capability is a good feature, as the use of “chip and pin” significantly increases the security of transactions using the card.
It occurred to me that the RFID capability depends on the antenna contained in the card for generating the power for the chip (through induction), and for carrying the signal between reader and card. So, the RFID capability could be removed simply by interfering with the antenna coil.
I was initially concerned that interfering with the antenna would cause some issue with the “chip and pin” functionality. But then I thought that (if I was the engineer designing the solution) it would be stupid to remove the fallback capability for “chip and pin” if something unforeseen happened to the card RFID antenna. So I thought; worth a shot!
Update. I’ve found a paper, written in 2015 by Roland & Hölzl , which goes into substantial detail about the technology. Essentially they provide substantially the same information as below discussion, but written from a more robust technical perspective.
How to kill the RFID via the antenna?
The RFID antenna tracks around the outside of the card as shown in this image. The actual track of the antenna in your card can be checked by viewing with a very intense light (like a LED bicycle headlamp) from behind like an x-ray whilst shielding your eyes from stray light. Using a smartphone flash LED, aka the Torch function, also works very well. The flash LED light is very intense, and from a small source, so you hardly need shielding or a darkened room at all.
PayPass Card Antenna & Chip
The RFID antenna can be segmented anywhere to break the induction loop. But, with respect to the integrity of the card, I preferred not to disturb the chip, the signature panel, the hologram, or the magnetic strip sections of the card. This just leaves a small section on the left side of the card (front view) that can be punctured to delete the antenna.
The puncture can be made anywhere. The only critical measurement is the distance from the card edge. For my cards the antenna was 3mm from the card edge. Use the x-ray view technique to check for your own card. The hole needs to be closer than 3mm to the edge, but far enough away so that the card remains fairly strong.
How to make the puncture without making a mistake?
I made a template using the following method.
RFID delete hole template
- IMPORTANT: Use the smartphone flash technique to check your own card for antenna tracks, first!
- Get a normal paper hole punch and punch holes in paper as a template.
- Make a pen mark on the card at the location that you want to make the hole.
- Hold the card over a hole in the paper so that your pen mark can be seen through the hole.
- Mark around the card on the paper for alignment.
- Reinsert the paper, and the card on the alignment marks, into the hole punch.
- Punch a hole (whilst cursing Visa and Mastercard for being an oligopolistic blight on society), and profit!
- Rinse, repeat for all RFID cards.
Test this by trying to use the paywave functionality at your local vendor. RFID fail! Woot!
Warning: This worked for me. Your mileage may vary. Worst case, you’ll need to get new cards issued by your bank, so do it with cash in your pocket.
In the past two years since 2013, I have received many new cards and the process is just the same. Use the smartphone flash-light to identify where the antenna tracks run, and then use a hole punch to sever some of them. With a bit of practice using the template becomes obsolete.
At no time during the last two years has a merchant ever rejected payment because of the added RFID disabling feature. Payment with Chip&Pin (the secure way) is completely normal.
Deleting the PayWave from the new VISA card was particularly satisfying, as the best location for the hole was, coincidentally, directly on top of the logo.
American Express are now issuing RFID cards too. No specific branding, but equally simply disabled.
Finally QANTAS have decided that their frequent flyer membership card was not adequate unless it too contained a payment capability, and hence RFID. Easily disabled.
Update 2018
Recently, HSBC issued ultra-black cards bodies that were not transparent to any light. This made me hesitant to risk a hole, without knowing where the wires were. However, a friendly radiographer provided a solution, by X-Ray of the new ultra-black HSBC cards.
Below is the new card X-Ray. The inductive loop is exactly as before, and simply punching a hole over the printed PayWave logo, exactly as previously, provides the solution.
HSBC Ultra-black Card
Some old cards.
PayPass RFID deleted.
PayWave RFID deleted.
Gone Bush 
That’s a great post! Thanks!
God bless you all! This works !!!!!!!!!!!!!!! Thank you!!!!!!!!!
Wouldn’t a .5 to 1 MM hole have been slightly less obtrusive? it is certainly greater than the ‘wires’.Perhaps you might tie a string to it. or have that favorite one macrame something on it.
What You did, I think is Great.. My fear is that someday I’ll be walking past a display for Glass Buster or something similar and it will call me by name and remind me that I haven’t bought any in 6 months… Then my bad dream decays into the display yelling at me and then… Thank God, I wake up..
Doc
Yes, absolutely. Many ways to skin the cat.
Drills. Leather punches. Ear piercing. Anything really.
I was just thinking of what tools most people (including me) have to hand when they’re sitting opening letters. My hole punch fell to hand.
Another option is just to cut a deeper diagonal slice off one corner (probably lower left would be best) with scissors, which should also catch the antenna loop. Perhaps I’ll try that one next time.
Phillip
This is a great find! I have been looking for a way to disable only the RFID for a long time. There are only 2 banks in Canada that still offer a non-RFID credit card. CIBC and Scotia Bank. It’s only a matter of time before they force this down their clients throats too.
Thanks Phillip.
Nez.
Hi,
I did a similar thing with a bankwest card They are pretty hard to see through so I ordered a new card which then got ‘lost’ in the mail. I used a thin flat blade to slice and peel the card apart. No wires in this one, its a conductive foil used for the antenna and ‘traces’, even looks like a capacitive structure in the layout. I used the exposed innards as a template to line up with my (next) replacement card and used a paper punch to disconnect the antenna feed. Chip works, RFID is dead 🙂
Mmm, I dont think I’ll leave my name for this one.
If someone happened to have a bankwest card, where would they punch the hole?
Not everybody has an x-ray machine in the garage unfortunately. I had some pretty good success using my home flatbed scanner and an Infrared Red source I had lying around (e.g. http://www.kemo-electronic.de/en/Light-Sound/Infrared/Kits/B223-Infrared-spotlight.php). A typical flatbed scanner can detect the infrared light to a decent extent, so just backlight your card above the scanner and voiala, a “poor-mans” xray :-).
That way you’ll have a better idea of where to drill.
I used a bicycle headlamp of the LED variety held directly against my cards to check the antenna position. They’re black (see pictures), so pretty much worst case. But, I could see the antenna wires through the card, as long as I didn’t blind myself by accidentally shining the light in my eyes. Holding two cards together prevents this.
I think all the cards are laid out the same.
But as trades people say: measure twice, cut once. 🙂
What a great page – Thank you Philip!
Did some searching on information on the RFID disable, and think you have by far the best page on the subject. Clearly explained, liiustrated, with suggestions of tools to use.
The tip on using a bicycle LED headlight is brilliant – it worked great for me, and I have “modded” all of my credit cards now.
The suggestion of using a second card as a light shield is also very useful, you will need it as we are working near the edges of the card, and light will leak, killing your “night vision” (ability to see the light fainly travelling thru the card)..
I used the LED light, and would suggest getting into a dark room for best results – at first, under normal lighting conditions in my office, it was hard to see any traces on the cards. Only one of them, lighter blue background, was clearly readable.
Later, repeated the checking at work, in a dark storage closet, and almost all of the cards were readable them. The only one that wasn’t, I made a “decoration pattern” of holes around the chip, so the traces were likely cut by one or more of these holes.
Used a small drill press, with a 1/8″or 3 mm drill bit; I later used a large size bit to debur the edges of the holes neatly..Later today I plan to go to a store and check the cards by attempting a Paypass payment.
Again, huge thank you. Great job!
Successfuly done on an [redacted due to overzealous spam detector], only I’ve used a laser cutter instead of a punch for a 2mm cut. NFC disabled and verified both with my phone and an actual terminal.
Laser vaporised the plastic along the cut and the conductors were not severed, easy to fix with the pointed edge of an exacto knife. Card looks great, thin cut is very neat and unnoticable at a casual glance. I can post an image.
Use a very sharp knife with hard steel, score a line on the BACKSIDE of the card in the same location as pictured above. Score your line about .5 mm long running East to West. Finish your score line with a metal straight edge and a sharp awl or even a needle. Scratch and score away just enough to severe the Aluminium foil matrix without going through the front (a 20x jewellers loupe helps not to go too deep) . . . job done.
Pingback: Not Canon. Banc card with PayPass | Digital Canon repair Blog
Thanks for your explanation, I successfully removed the RFID threat from a “DKB” customer card. BTW: That card had a different routing of the antenna cable, not going nearby the edge of the card all the way, but leaving out about 1/3 of the card surface. Thanks to the “shine-through-analysis”, this was easy to detect.
Did you also the trick on the DKB Visa card?
I wasn’t able to see the wire using a back light so I was not sure where to cut. I used a utility knife and made cuts through the card on all 4 sides of the chip. I made sure the cuts did not connect. This ensures the chip is still intact and sturdy on the card. The RFID doesn’t work anymore, but the security chip is still functional. Great to know we have a work around to these RFID cards being shoved down our throats.
Note that those 2 linked RFID threats (the hackaday one and the other one) apply to 125kHz unencrypted cards, eg Access Control Cards and such.
PayPass/PayWave is Mifare (13.56MHz based) with EMV-addon so its impossible to skim a card since to gain all details required for a debit is impossible.
A real paypass/paywave reader will get a challenge from the bank, run it through card to get a response, which authorizes payment at the bank.
The challenge/response, is handled by the impossible-to-hack smartcard chip as you see in the Picture, the antenna is directly hooked up to the smartcard chip giving same security as the smartcard chip.
So this thing is a very dumb idea to do. Think of the future, where you can just walk out the shop with your goods and payment is done!
And if you don’t accept the charge that is shown in the cash register display, don’t handover the card. Simple as that. Treat it like cash. Don’t handover the cash if you don’t accept the charge. (for example, if the discount that was posted is expired and you wish not to buy the Product any longer).
If there would be a mismatch between the cash register and paypass/paywave charge appearing on your statement, then the shop is fraudulent.
And as you know, there’s multitude of ways a shop can defraud you, even if they don’t have your card (whats about accusing you for shoplifting?).
So simple as this: Don’t enter shops that you don’t trust 100%. If the shop is untrusted, then don’t touch it. Simple as that.
The two linked threats are in the public domain. No one is really concerned about them. It is what you don’t know that is the concern.
The entire premise, that I don’t want RFID identification on my person, is the basis of this post. So calling it dumb is just missing the point.
I have used prepaid anonymous RFID cards happily since last the last century, so I fully understand their convenience.
If you like RFID “dog tags” to identify you everywhere you go, then enjoy it, and go read something else.
Do you carry the same amount of cash on your person as you have in your account? Is your everyday banking account linked to you mortgage account or perhaps a interest bearing short term savings account? Telling others to treat the RFID cards like cash is naive. The potential for someone to make several transactions in a short space of time before you realize your card is gone is significant and before you know it you could be hundreds, if not thousands of dollars down with little or no recourse to your bank due to their limited liability provisions. RFID and Paypass worry me enormously.
And now they are making signatures obsolete too in a couple of months. The importance of signatures cannot be understated. More reasons and personal experience than I can express to explain why this worries me so, but with my 86 year old parents now facing the reality of having to remember a PIN rather than sign as they have for their whole lives, I worry about the security of their limited remaining finances. Banking has becoming far too blaze.
Hate RFID, killed it. (Awful time backlighting the very reflective card).
PIN vs Sign, PIN is far better, used it for years. Worked in banks, friends still work in banks, no real checking of signiture, too much bother. As for point of sale, generally manned by minimum wage illiterates who at best pretent to look at the signitures.
So the EMV technology was devised by Europay, Visa and Mastercard. So when I looked at the different Visa cards issued by different banks, they all look the same – meaning the location of the paywave, chip and magnetic strip are on the same place. So one would think that if it worked for you by punching on the left bottom left just beside the 4 digit small number on the card, it should work for my Visa debit and credit card. I am going to try it on one of my cards, I have nothing to lose, I can always request a new card if it doesn’t work.
Just use your smartphone torch (flash led) to look through the card. You’ll see the wires easily.
Better to measure twice, then cut once.
Having a rash of fraudulent transactions in Australia. Card stolen and then several purchases just under the $100 limit in a short space of time. By the time you get to cancel the card the damage is done. The bank can refuse liability because you didn’t inform them.
I don’t want to put all my small payments on credit. I’m not given a choice with PayPass.
Merchants wave the card before you get a chance to refuse.
Sometimes the PayPass scans with an errant hand movement.
The worst scams are probably still only just being invented.
Blow your RFID tech out your fundament , I say!
I don’t understand your statement: “Merchants wave the card before you get a chance to refuse.” Why do you hand the merchant your card before you approve? I have never seen a time where I am asked for any sort of payment before the total is calculated.
The comment refer to the process where the merchant requests your card to conduct the transaction, which is the normal case where they have to enter the value of the transaction into their machine before proceeding, and then attempting to wave the card rather than inserting it into the chip reader. Every merchant attempts to wave unless verbally instructed NOT to wave when you have over the card.
This happens today, and the merchant usually comments “oh, your card seems to be broken”. And I say “No, just insert it into the reader. I have deleted paypass”. Situation resolved and a longer conversation follows, which ends up with them saying “that’s a good idea”.
Some retailers hand you the machine. Others take your card and do everything up to when you enter the pin. It’s their habit. I don’t want to have to have a major confrontation at every transaction or have to be on guard every time. The merchants took the card to complete and, instead of inserting the card they pay-waved it. N.B. I do not want to make small purchases on credit. If the system was legit you’d be able to specify which account paypass debits. It’s just a way to get people into putting everything on credit and then ending up with more credit fees. If society goes cashless you will pay a fee for every purchase you make; even the smallest. Paypass is the gateway drug for that abomination.
My Paypass is disabled and will stay that way.
Best bet is to do what I did – use a laser engraver to cut a hole.
No pressure, clean, fast, no risk of other damage…
I disabled the TD Aeroplan paywave with a sharp utility knife. Thanks! I used your LED flashlight trick – a bit trickier with a black card, but workable in a complete dark room. On this card, the antenna goes across the middle of the card about 1 mm below the card number, then down the edge like your diagram, back along the edge under the bottom of the magstripe and back up to the chip.
I cut the antenna with a utility knife, scoring the card from the back deep enough to leave a visible indent in the card – did this in two spots, one from between the middle sets of numbers almost to the expiry date, and another between the signature and the magstripe 1mm from the edge for 4 mm or so.
This disables the paywave but not the chip function inserted in a terminal (using the metal contacts).
ARGH. President’s Choice has a metallic silver card, totally impossible to see through. I will risk the cut.
Just used my wallet to shield the view of my pin number while paying for grocery’s at countdown. Walla instantly the card supplied by my employer took over and payed . I didn’t even know I had a pay wave card till then. What a lot of hassle That I don’t need. This is crazy you cant opt out . Will use the drill , But shouldn’t need to do that..!!!!
It’s happened to me a few times since that stores have tried to paywave without asking.
But my card was disabled . I say was…it stopped working at all for no reason. Can systems be set to kill the chip on a card that has paywave disabled? Maybe paranoid but if it’s happening to anyone else leave a comment.
I haven’t disabled my new card yet.
Also, some people are suggesting that the card must be close to the reader. This is RF technology-dial up the power and you dial up the range. Someone could at least build a detector that fires your card from many meters away.
The tag in my toll pass works at 5-10 meters. Is it not the same tech in action?
Could you show am image of where these cuts on the card were made. I have the same TD aeroplan card. Thanks.
Sent for mistered2000.
I have a Capitol One Master Card and when I talked to them they said the RFID chip is embedded inside the large chip and pin chip and could not be disabled. I shone a very bright light through the card and could not find this RFID chip, so I assume they are right. Is there any other way to disable this RFID chip?
I am not sure that you are reading the article. You are looking for thin antenna traces. The antenna traces develop power through induction for the one chip, and carry RF signal to that chip. These antenna traces are what you need to cut to disable the RFID function, and still retain the Chip&PIN function.
See this article linked below. Read it all. It adds a lot of dimension that simple consumers would never consider in this issue.
https://theconversation.com/banks-undermine-chip-and-pin-security-because-they-see-profits-rise-faster-than-fraud-38952
Alan,
Specifically, the MasterCard analysis shows that people spend 30% MORE when they have PayPass, than they would otherwise.
http://newsroom.mastercard.com/press-releases/new-mastercard-advisors-study-on-contactless-payments-shows-almost-30-lift-in-total-spend-within-first-year-of-adoption/
Obviously, this is a driver for the the card issuers to reduce security. It leads to a 30% increase in revenue, with only a smaller increase in fraud.
Yes, thank you: it took a very short while to figure out how this may happen. The stuff in the Conversation article about who picks up the loss for each fraud is interesting too.
I note no articles yet about the horrible pitfalls of a totally cashless economy. I don’t think a lot of academics will be offered funding for that research.
Here in Australia the mind numbingly STUPID things (and shown on tv current affairs show by one smug wally in the banking sector) is that they plan to introduce eye and fingerprint scans for security in the future along with facial recognition and voice prints. Are you clowns JOKING ??
These ‘security’ methods have ALL been cracked and largely worthless ! An iris can be read from across a room !
Nothing is safe anymore, nothing.
I’m reading your interesting article two years after it’s been uploaded, so I don’t know if you, the author, are still reading replies and questions.
Being very ignorant in technologies, I wuold appreciate if you could indicate with an arrow or a red point which one is the antenna in the image you titled “PayPass Card Antenna & Chip”.
Thank you
Adriana
The antenna is the dark line, like a thin straight wire, which you can see when you look through the card. There will be several of them, so just find the best place to punch that doesn’t affect other card features.
Adriana, I’m at the same point you had been…I’m unable to identify this antenna in the picture, even after the reply you received. Are you now able to pinpoint its location in this picture?
Pingback: Does mechanically disabling payWave/PayPass by punching a hole formally invalidate the card? – Finance & Money &Loans & Mortgage
Pingback: 11 formas mediante las cuales se pueden robar tus datos de tarjeta de pago y cómo protegerte - PCI HispanoPCI Hispano
For those wondering where the RFID on an Amex Gold Rewards Card is, they’ve sneakily put it right behind the chip. With my iPhone flashlight held right up against the card, you can see a light pink vertical strip to the right of the chip. I poked two holds through it with a thumbtack and am looking to test it out soon!
I just received my Costco Citi Visa with Chip reader and RFID. There does not seem to be an antenna connected to the chip.
There needs to be an induction coil to power the chip. The power generated is proportional to the area of the coil and the number of turns. So it can’t simply not be there. The wires may be finer than previously.
The antenna itself can be smaller, but that doesn’t matter. Killing the power supply through breaking the coil is enough.
I’ll be interested to hear if your other readers can find it. There is a swirly pattern on top of the card, but it doesn’t seem to connect to the chip. Wish I had a CT scanner.
i cut my costco card up from middle, and took the chip out, i think there is this rfid right behind the chip, and the what’s looks like copper wires comes from both left and right with wires.
Anyway, i took pic of it for u to see it clearly, not sogood pic, but it explains. where i think 1 and 2 is where we can cut the wires, the mark 3 is just a sign of where the actual metal chip was
I also disassembled a Costco Citi card and found that the antenna array is to the right of the contact chip. It is an arrary of traces running from just beow the top of the chip to the bottom edge of the chip. Each loop is about .3 mm wide. I did not expose the entire array, but is continues under the chip.. I took some high resolution photos of the traces that I’d like to upload here, but I cannot see how to do that.
However, it appears that if a 1 mm or larger is drilled at the lower right corner should break the antenna. Drilling a 2 mm hole adjacent to the right of of the first gap in the chip from the top will further isolate the RFID chip from its antenna and power source.
If someone can advise me how to post pictures, I will update this post.
Good luck.
I’d love to see a diagram, but I can’t figure out how to add pictures either.
I took an exacto knife and cut a deep channel all around the chip. Don’t know where the antenna was, but the RFID is dead.
get an free account from postimage.org, and u can start link and post img here
I’m at a total loss concerning this antenna in your picture. I read your answer to just the same question several months ago : “The antenna is the dark line, like a thin straight wire” but I’m unable to identify it in your picture. I see a lot of black lines there, obviously to garble your personal data. I can see wires follwing the edges of the card all around, then there are two thin wires to the chip…Where’s this antenna? Would you be so kind as to pinpoint its location so that I can follow up and find the corresponding antenna on my own card?
The image titled PayPass Antenna and Chip shows the antenna wires. But this is an example only. There are many variations. That is why you must use the phone flash light to check your own card before punching the hole.
Where are those wires? Like I said there are many of ’em in your picture and I asked you to kindly tell me which one are the wires in your special case
The antenna is one continuous loop. It doesn’t matter where in the loop you cut it. Just pick a convenient location.
Perhaps I should have pointed out that the loop has several turns, so multiple wires beside each other are all part of the same loop.
I should be a bit more accurate. The large loop (all around the outside of the card) is for power to the chip as feilipu mentioned above. It is essentially the secondary of a transformer. The same wire might or might not be used for the antenna, depends on card design. However if you have cut the power to the chip it really doesn’t matter if you have cut the antenna. Indeed if you were successful at cutting only the antenna and not the power loop (assuming they are separate) then that might not be enough. A shorter antenna may still work.
So if I understand correctly, I should cut all the wires in the loop at any point? So for example if I had the card displayed in the image, I could just cut off the right bottom corner as we look at it (where the yellow sticker is visible)? Thanks for your patience…I just don’t want to corrupt my card’s functionality in a blunt effort.
You may cut any or all wires that you find.
It doesn’t matter where you cut. The circuit just needs to be broken.
I think this point has been mentioned a few times already…
Podo, look, even if you mess up your card, you can call credit card company get another one. For this, all you need is to break the “wired”, and go to any pay wave statio give it a try, if it works still, cut more, if it doesnt work, u good to go
If you have an NFC capable phone, you can download a “NFC tools” app to test the card NFC function.
Pingback: ¿Cómo funcionan las tarjetas de pago? Parte VI: Tarjetas contactless (RFID - NFC) - PCI HispanoPCI Hispano