My bank recently sent me a new debit card, which included the non-optional feature of contactless payment.
This is based on NFC (Near Field Communication) technology, which utilises a loop antenna to allow a reader to communicate with the chip on the card in order to allow “small value” transactions to occur without physically touching the card, or (for most transactions) entering my PIN.
My bank assures me it’s secure. I’m not convinced - I can see at least one possible attack vector, and no indication in any of the literature that I’ve been able to find so far that it has been mitigated. I hope I’m wrong. For obvious reasons, I’m not going to go into details here.
Anyway, this technology requires embedding an antenna in the card. Fortunately, I was able to obtain X-ray images of parts of the card for your enjoyment, clearly showing the antenna inside the card.
Open to abuse by a naughty merchant :-(
Well yes it is, but I doubt a naughty merchant would ever see any of the money. I imagine that the activity pattern would show up quickly enough for that merchant to be shut down, and for the money never to actually reach them. The vector I’m thinking of is a bit more subtle.