- Wind Could Ground Macy's Parade Balloons
- O.J. Simpson Denied a New Trial
- Florida GOP Leaders Call for Radel to Resign
- Conn. Couple Celebrate 81st Wedding Anniversary
- Mother of Bullied Fla. Girl Wants Tougher Laws
- Ford to Recall Escapes Again for Oil, Fuel Leaks
- Nationwide Goal for 2024 Moving toward No-Kill Animal Shelters
- Murder Charges Filed After Building Collapse
- Yale on Lockdown as Gun Report Investigated
- Police: NY deli owners stole $1M lottery ticket
- Deal Reached in Iranâs Nuclear Program
- Video game re-enacts Sandy Hook shooting, relatives outraged
- High amount of workers to seek new jobs in 2014
- Senate Vote to Honor Doolittle Raiders
- Two Deaths Prompt Baby Monitor Recall
- Kennedy Cousin Granted Bail as He Awaits New Trial
- Navy Sailor And Fiancee Married At Reno-Tahoe International Airport
- At McDonald's, a push for customization
- Jumbo Jet Stuck at Small Airport
- Execution of Serial Killer Brings Peace to Local Family
- Florida Congressman Pleads Guilty After Cocaine Arrest
- President's Approval Rate Lowest of his Presidency
- Adam Levine named People's 'sexiest man alive'
- Study: Kids are less fit than their parents were
- Gas Prices Predicted to Stay Down
- Congressman and Cincinnati Native Busted on Drug Charges
- Judge Sets George Zimmerman's Bond at $9,000
- Virginia State Senator Stabbed, Son is Killed
- New Poll: 86% Of Working Americans Plan To Online Shop During Work Hours On Cyber Monday
- George Zimmerman Arrested After Disturbance Call
- 8 People Confirmed Dead from Tornadoes
- Missouri Governor Denies Killer Clemency
- In traffic stop chaos, NM officer fires at van
- Ohio Walmart Holds Food Drive for Its Own Employees
- US Postal Service Reports 7th Year of Net Loss
- 'Batkid' Begins Fighting Crime In San Francisco
- Digital pickpockets using smartphones to steal credit cards
- Florida Sinkhole Destroys Two Homes
- Mother Questions School Grading System
- Google patenting an electronic 'throat tattoo'
- Suspect Shot Inside Children's Hospital in Wisconsin
- Policy Cancellations: Obama Will Allow Old Plans
- Mob Boss Whitey Bulger Sentenced to Life in Prison
- Sex and Booze; Colorado 'Obamacare' Ads Raising Eyebrows
- NJ man, ex-girlfriend in court over Powerball win
- Sinkhole Swallows Florida Man's Backyard
- 16-Year-Old Charged for Shooting Near School
- Immigration Reform: House Will Not Talk on Senate-Passed Bill
- Shooting Reported Near Pittsburgh High School
- 'Star Wars: Episode VII' holding open casting call
- Student sues Montana college after flunking math
- Texas Teacher Punches, Knocks Out Student
- Male vs Female Bosses
- SeaWorld challenges ban limiting interaction between whale and trainer
- McConnell promotes alternative to 'Obamacare'
- Experts Settle Dispute Over America's Tallest Building
- California town builds house for wounded GI
- Cost of Thanksgiving Dinner Rises
- PG-13 Gun Violence Rivals that of R Movies
- Why A Midweek Wedding? Because It's 11/12/13
- College students could face expulsion for using gun to fend off intruder
- Suit: NY dad criticized for denying son McDonald's
- Amazon and USPS Partner for Sunday Delivery
- Target Will Open Earlier on Thanksgiving Than Last Year
- What would Jesus brew? Churches turn to serving beer to attract members
- US adds 204,000 jobs, jobless rate up to 7.3 pct.
- Gay Rights Bill to Outlaw Workplace Discrimination
- Suicide Bombings Kill 19 at Iraq Military Base
- Bank ATM spits out $50 bills instead of $20 bills
- Critics: Some Unions Could Get Break From Fees
- Price of average CVG flight second-most expensive
- High court wrestles with prayer in government
- Russian fireball shows meteor risk may be bigger
- Blockbuster closing all of its retail stores
- Castro Victim Talks About 11 Years in Captivity
- Lay's New Chocolate-Covered Potato Chips
- Toys R Us To Open At 5 p.m. On Thanksgiving Day
- Northwestern unveils Wounded Warrior uniforms
- Police: Teens Broke into Denver School to Steal
- Suspect in NJ Mall Shooting Found Dead
- Johnson & Johnson Resolves Criminal and Civil Allegations
- Lock Down Lifted at CCSU
- 3 people in police custody after lock down at Central Connecticut State U
- Feds Urge Students to Check Loan Repayment Plans
- November means facial hair
- Obamacare: Memo reveals health care adviser warned W.H. was losing control 3 years ago
- Alligator captured in Chicago's O'Hare Airport
- Texans Coach in Stable Condition After Last Night's Collapse
- Witness to LAX Shooting Speaks Out
- Judge dresses as fairy godmother during adoption ceremony
- 14-Pound Utah Baby May Be America's Biggest For 2013
- McDonald's to sell bagged coffee next year
- Suspect in Custody in LAX Shooting
- Appeals Court Rules Against Obamacare over Contraceptives
- Report: Obama campaign considered replacing Biden with Hillary Clinton
- Drug Tunnel Uncovered
- Hot-Sauce Lawsuit Rejected
- Study examines the best time for a coffee break
- Holiday travel: Procrastinators will pay this year, expert says
- Spying Scandal: Break Ins at Yahoo and Google Data Centers
- Italian Magazine Alleges NSA Spying on Cardinals
- President Obama Defends Health Care Law
- Report: NSA Broke into Yahoo, Google Data Centers
- N.D. woman to hand out
- Sebelius Apologizes for Health Care Website
- Social Security Increase Released
- Soldier in Spiderman suit surprises daughter
- Penn State to Pay Nearly $60 Million over Sandusky Claims
- Report: White House stopped phone tapping of foreign leaders this summer
- Conrad Murray Released From Jail
- Sandy Hook Elementary Torn Down
- Demolition of Sandy Hook Elementary Begins
- Indictments of JonBenet Ramsey's Parents Released
- Gunman Who Held People Hostage in Drugstore Surrenders
- Two Shot at Naval Base in Tennessee
- Virginia woman to launch ad campaign... to find a husband
- Community Stunned by Killing of Young Teacher
- National Security Official Fired over Twitter Account
- White House Denies Spying on German Chancellor
- Repairs, scaffolding ahead for US Capitol dome
- Merkel calls Obama to complain about surveillance
- Texas dad alleges bullying in 91-0 football game
- Homicide Investigation Closes Massachusetts School District
- Warning to Pet Owners about Jerky Treats After Deaths Reported
- U.S. Drone Strikes May Constitute War Crimes
- Concealed Gun Carrier Stops Man Threatening Party with Rifle
- Three Killed in Medical Helicopter Crash in Tennessee
- Three sisters hold last-minute joint wedding so their dying mother can attend
- Father charged after 2-year-old fatally shoots herself
- 'Hero' Math Teacher Credited With Saving Lives in Sparks School Shooting
- Harley-Davidson issues voluntary recall of certain '14 motorcycles over hydraulic clutch issue
- 15 Yr-Old Davion Navar Henry Only Pleads For Family To Adopt Him At Church
- Curtis W. Croft Busted When Cops Use Google Earth To Find Pot Garden
- Republican Approval Rates Take a Hit after Shutdown
- Builders of Obama's Health Care Website Saw Red Flags
- Facebook Outage Blamed on 'Network Maintenance'
- Police: Teens beat Pa. man, 65, over parking space
- Boy Scouts remove 2 men who toppled ancient rock
- Holmes defense, prosecutors resume evidence battle
- Detroit man charged in rape, murder of girl, 5
- 'Joker' charged with driving drunk in Maine
- Obama addresses widespread health care problems
- 1 dead in triple shooting at Vegas Strip nightclub
- AP sources: 476,000 Obamacare applications filed
- Raymond becomes major hurricane as it nears Mexico
- Man pleads guilty to shooting golfer who hit home
- Feds to listen to audio in SF Bay Area rail deaths
- Escaped Fla. prisoners grilled: Who helped you?
- Study: 15 percent of US youth out of school, work
- Gay Marriage to be Allowed in New Jersey
- No Charges for Firefighter in Survivor's Death
- Ex-House speaker Tom Foley dies at 84
- New York man arrested in terrorism case
- Halloween Decor Prompts 911 Calls
- Toilet-themed restaurant set to open in California
- Wal-Mart staffer Kristopher Oswald says he was fired for trying to save woman in parking lot assault
- Big asteroid buzzes past Earth and will again in 19 years
- Man Loses Weight With Beer and Sausage Diet
- Teen found with fetus in bag at store, NYPD says
- New GPS System Can Track School Bus for Parents
- Federal Workers Back in Business
- President Urges Cooperation as Federal Workers Return to Jobs
- 'Deadliest substance known to man' discovered
- New Facebook Policy Lets Teens Share More
- Jilted bride turns wedding into party for people with disabilities
- House Worker Escorted Out After Yelling During Vote
- White House: Furloughed Workers Can Return to Work
- Government Shutdown Over
- 18-foot-long sea creature found off Calif. coast
- Senator: Deal to avoid default and open government
- Furloughed Workers Can Send Creditors a Note from Government
- GOP senator says deal in hand to avoid default
- 4 dead after boat capsizes off Florida coast
- Today is Nat'l Pregnancy and Infant Loss Awareness Day
- Optimism on Ending Gov. Shutdown?
- No Deal in Government Shutdown
- Starving Dog Found Chained to a Tree
- 9 Year Old Sneaks Onto a Plane
- 6th Grade Boys Cause Hump Day Ban
- Locals Affected by Government Shutdown
Digital pickpockets using smartphones to steal credit cards
Updated: Friday, November 15 2013, 01:52 PM EST
SEATTLE (KOMO) -- Convenience and speed are reasons businesses often used to encourage early adoption of a technology intended to improve our lives, especially when it comes to paying for goods and services at a cash registers.
But digital pickpockets have found a way to use the same technology to line their pockets with goods and services bought with stolen credit cards. The newest smartphones are making it easy for thieves to steal and use stolen credit cards.
To understand how it's done, you need to understand our attraction to speed and convenience.
In an effort to speed up credit card transactions at the cash register, major credit card companies have adopted a "contactless" payment systems like MasterCard's Paypass. It relies on radio frequency identification or RFID technology. RFID enabled credit cards are embedded with a hidden microchip that stores all the account information necessary to complete a transaction.
It's the same information on a card's magnetic strip. The difference is how it's communicated during the transaction. The RFID enable card uses a hidden antenna to broadcast the information to an electronic credit card reader. The user completes the transaction by tapping the card over and electronic reader at the register. With the traditional card swipe, the account information is read off the magnetic strip.
Now smartphone manufacturers, including Samsung, Nokia, Motorola, LG and HTC are releasing phones that are "NFC" or Near Field Communications enabled. NFC is form of RFID technology that takes advantage of both transmitting and receiving data via the smartphone.
NFC enabled phones have the ability to read the data on microchip credit card but they do not come with the software to actually do it. Software is also needed to translate the information otherwise the credit card data is meaningless.
Enter the hackers or code writers (depending on your point of view) who have not only written software to make the credit card info meaning meaningful, but software that leverages the smartphone's ability to use NFC to transmit data to an electronic reader.
For years, digital pickpockets have built RFID readers that can electronically sniff someone's wallet or purse for account information embedded on an RFID enabled credit card. That step has all but been eliminated by the cell phone manufacturers. The newest versions of Android smartphones have the hardware to do the same thing and more.
With a firmware modification and a free open source application that can easily be found on the internet, the average person can turn their NFC enabled smartphone into a credit card stealing machine and then use the smartphone as that stolen credit card.
The Problem Solvers want to see for ourselves just how easy an NFC enable phone make the job of a digital pickpocket easier.
We modified a Motorola Razr and installed the software to test just how easy it would be scan a RFID enabled credit card and play it back to an electronic reader.
KOMO News has elected not to name the application or the firmware modification because we don't want to encourage others to do this behavior.
We visited eight Seattle area stores that were equipped to accept a contactless payment system like Paypass with and without the store's knowledge. The Problem Solvers were able to use a variety of credit card numbers that had been scanned into the phone as if they were stolen by digital pickpocket.
We made successful transactions at six of the eight stores we visited. Of the two that were not successful, clerks believed it was a problem with the reader detecting the phone.
"That's frightening" says Robbie Watson of Zelo Bike Shop after we showed him how I used a credit card that wasn't my own to make a purchase at his store. Since the electronic transaction doesn't include the cardholder's name, there was no way for Watson to verify the account number I was using was actually mine.
"Even if you showed me your ID, I couldn't verify the account," said Watson. "There's something not right about this"
At Seattle Cigar and Tobacco, owner Naeen Ahmad realized the same problem when we showed him how we used the phone in his store. There's no way to verify the info broadcast by the phone to the reader is my credit card.
"I think it's very dangerous, extremely dangerous. It's like anybody's credit cards are not protected anymore," said Ahmad.
Security consultant Steve Manzuik believes it's going to fall on the credit card industry to make contactless transactions more secure.
"It's a feature that hasn't been very well thought out," said Manzuik, who works with Leviathan Security Group, a Seattle firm that works with corporations on fixing their computer security breaches.
"The payment card industry wanted to speed things up a little and make it much faster for people to buy things," said Manzuik. "They are moving to this standard, which clearly isn't as secure."
MasterCard Worldwide says it's aware of the situation we were testing.
"The circumstances under which it can occur in the real world are extremely rare," MasterCard spokeswoman Beth Kitchner said in a written statement.
"We don't consider this to be a serious threat to our cardholders. MasterCard strives to stay far ahead of fraud. However if even one cardholder is impacted, we have a zero liability policy," Manzuik said.
Nobody is going to buy a phone and be able to start scanning credit cards in an hour says Manzuik. But if you have the technical ability, it's not that hard to figure out.
Manzuik believes people should be able to tap their phones and pay for something using and RFID enabled credit card.
"It's the fact that they are doing it insecurely, that's the problem," Manzuik said.
There is now a cottage business growing on the internet of devices to protect credit cards, driver's licenses and passports embedded with microchips from the electronic sniffing of an RFID reader. Most products consist of foil lined wallets and sleeves.
There are also tutorials on YouTube demonstrating how a person with a sharp knife can remove or disable the microchip embedded in a credit card.
If you want to simply get rid of the RFID enabled credit card but not the account, call the credit card company and ask them to issue you a card that does not have the microchip inside.