How Skimming Works

The new ‘contactless’ cards such as Mastercard®Paypass™ and Visa PayWave incorporate a state-of-the-art computer chip. The chip contains a small radio-frequency identification device (RFID) that transmits information to a compatible reader or scanner. These ‘touch and go’ cards save time by eliminating the need to swipe the card though, or insert it into the EFTPOS terminal. Some cards must be tapped onto the reader terminal, but often they work as long as they pass within 4 to 10cm, depending on the power of the terminal.

The bad news is the scanning distance of the cards and tags can be extended to several feet via illicit technological modifications as reported in an RSA Laboratories report from the University of Massachusetts.

A study by American scientists found that contactless cards are extremely vulnerable to skimming attacks. The report found that an attacker with a hidden card reader can harvest information from a card simply by walking past a potential victim in a public place. The electronic pick pocketer can then quickly and easily clone your card and proceed to rob you blind. The technology allowing a thief to do this is easily acquired and is so unobtrusive, you would never know it has happened – until it is too late