R.I.P. PayPass (mBank)

We recently got issued a PayPass-enabled debit card. Not that we wanted one, no. But there seems to be a crazy push for wireless payment going on in Poland and it’s getting hard to get a card without it (or PayWave). Given the security concerns of these solutions (remote cloning), I decided to give it a go and try to disable PayPass while keeping other functions working. Turns out there’s a cheap and fairly reliable way to do it and it involves… x-rays. And drilling. 🙂

Here’s what the card I got looks like internally:

You can clearly see where the chip is, how the antenna is connected to it and where it goes on the card. Since it’s basically an RFID chip, it requires an external power source to function. In this case electrical current is inducted in the antenna. In theory it should be enough to break the loop to disable wireless payments. Why not drill through it, then? 😀

The card was tested to work OK in ATMs, POS terminals and wirelessly before any changes were made to ensure that it’s the changes that disabled it, not chance. I decided to drill two 3mm holes through it, just to make sure, and here’s what it looked like after the operation:



As you can see I’ve messed up a little bit and drilled right through the magnetic stripe, but it still works! ATMs, POS terminals do, PayPass… doesn’t. Mission successful!


18 thoughts on “R.I.P. PayPass (mBank)

    • That one was a Master Card and Visa is going to be different. I’ve had some luck taking photos of these antennas using long exposures with a normal camera and multiple shots of a flash from behind. You may want to give it a try without using X rays first.

  1. A quick clip with a set of side cutters at the top middle of the card should do the trick quite nicely as well.

  2. Why are people to paranoid of this, Firstly its more secure than magnetic strips, Secondly there is a maximum amount someone could possibly take plus the only reason this technology was legalized was because MasterCard & Visa agreed to guarantee any money stolen will be reimbursed once reported. I’ve had money stolen off me twice once online and the second time my card skimmed BECAUSE OF THE MAGNETIC STRIP.
    Its actually selfish to disable it.
    The whole point is so purchases can be done more efficiently from some machines taking up to a minute compared to PayPass taking less then 5 seconds.

    Don’t be afraid of technology embrace technology.

    • Simple: Security. Ever misplaced something – your wallet, your keys, your phone? Now imagine it was a PayPass-enabled credit card. At the moment of purchase, with the chip or swipe, you still have to either enter a PIN or sign something. With PayPass, there’s no such step. The problem is that cards are found or stolen by the thousands on a daily basis and until the card is found to be missing, someone has accessed your account without your permission. With no PayPass, this is a much lower concern – it can be stopped at the moment of purchase.

      • Let me add my thought.

        For example, your card is skimmed and your PIN code is compromised. You only should block the card, change the PIN, then unblock the card. But when your PayWave is compromised you should completely disable it or issue new card (and pay money to bank for that card).

      • Actually, payWave and PayPass are not so bad.

        With pure contact-full cards you need to enter your PIN every time. But with contact-less card you can make purchases and never enter the PIN. Of course, contact-less card should be just for day-to-day shopping, there is no reason to keep significant deposit on the card.

        I only concern that payWave and PayPass are enabled constantly. So you can to “pay” for something by accident. It will be really great to have a kind of button on the card. So contact-less abilities will be activated only when you hold the button.

      • I’ve seen on the Internet that it’s possible to extract the chip and the antenna from the card with aid of acetone. Then throw the old antenna away. And connect the chip to new antenna in the form of ring! It’s quite difficult work, but the result promises to be fantastic. Also, it will be great to mount “activation button” that I’ve mentioned in the previous comment 🙂

    • brad, this site may not be for you. I am indeed curious what you were googling for which made you click on the link to this site? Also, what seems to be paranoia for you might be rational thinking for others.

  3. Thanks for the cool post!

    I’ve faced the same case on Visa card with PayWave (issued in 2016).

    I’ve tried to examine location of antenna with aid of usual LED torch. So in a dark room it is possible to see gray lines (torch should fit closely to the surface of card). Location of antenna is mostly same as posted for mBank. But connectors near the chip are more fat and long. Also I’ve noticed a thin line that borders the whole card (not only around magnetic tape).

    I decided do not break thin line (because hole in the middle of the card is much mechanical-safer that at the border). So I’ve “drilled” as you did it (but actually I pierced the card with heated needle). Seems that the best way not only to break down antenna, but break connectors near chip. At the same time heated needle can overheat chip and damage it…

    Anyway, after tuning card works (via magnetic tape). As for PayWave I am not sure (I haven’t checked yet). But hope it’s gone because I’ve made oblong holes which cross all conductors of the antenna.

    PS: I’ve also tried “X-Ray with aid of LED torch” for other plastic cards. For example, my office security card has small chip in the corner connected to large fat circle in the middle. Plain-old cards don’t contain any gray lines.

      • Recently I’ve checked out my PayWave card and found out that wireless payments don’t work. Seems that it’s sufficient to interrupt the most visible wires.

        Thank you again for the nice post Karol.

  4. Hi!

    I’ve got new VISA card with payWave (it’s manufactured by NOVACARD in August 2017). It has slight different configuration of the wires comparing to VISA card I’ve told several years ago (the old one is manufactured by NOVACARD in May 2015).

    Again, I’ve discovered the wires with aid of LED-torch and interrupted them. But I haven’t noticed strong wires in the new card. The needle pierced the new card very easily! While in the old card it was a little bit challenging to break the wires.

    Seems that wires are not really wires in new cards. I guess that antenna in new cards consists of flat metallic tracks, like in Printed Circuit Boards… Or may be the wires in new cards are quite thin because the manufactures would like to decrease the expenses of the production?.. 🙂

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s