We recently got issued a PayPass-enabled debit card. Not that we wanted one, no. But there seems to be a crazy push for wireless payment going on in Poland and it’s getting hard to get a card without it (or PayWave). Given the security concerns of these solutions (remote cloning), I decided to give it a go and try to disable PayPass while keeping other functions working. Turns out there’s a cheap and fairly reliable way to do it and it involves… x-rays. And drilling. :-)
Here’s what the card I got looks like internally:
You can clearly see where the chip is, how the antenna is connected to it and where it goes on the card. Since it’s basically an RFID chip, it requires an external power source to function. In this case electrical current is inducted in the antenna. In theory it should be enough to break the loop to disable wireless payments. Why not drill through it, then? :D
The card was tested to work OK in ATMs, POS terminals and wirelessly before any changes were made to ensure that it’s the changes that disabled it, not chance. I decided to drill two 3mm holes through it, just to make sure, and here’s what it looked like after the operation:
As you can see I’ve messed up a little bit and drilled right through the magnetic stripe, but it still works! ATMs, POS terminals do, PayPass… doesn’t. Mission successful!