By: Tyler Harris
April 21st, 2016
5 BEST tips to protect you from ATM skimming
ATM skimming (or physical skimming) has been around for years in-fact ever since the birth of automatic teller machines and the roll-out in the 1980’s. Lately the criminals are getting even more advanced in there brazen perpetration of this crime, from gas pumps to store terminals and even bank ATM machines it seems the criminal will stop at nothing to get your hard earned cash.
We at Armourcard know all about many types of skimming and Armourcard protects you from RFID wireless skimming of your ‘Tap & Go’ cards. ATM skimming (Your card details being skimmed at a machine) has no real protection other than your vigilance in protecting yourself every time your withdraw money from a ATM.
Here are our 5 best tips you should do when your at a ATM machine – EVERY-TIME
1. Always pull, push, shake and rattle where you put your card in (in-fact try to remove it) gently…
2. Drum, pull or push and rattle all around the ATM to see if anything else is loose like the keypad. (you may get some strange looks but it is worth it so you don’t get skimmed)
3. Look for a camera overhead or a pin-hole camera above the key pad or even in a pamphlet holder that are sometimes attached to an ATM (directed at the keypad)
4. Always cover your hand when putting in pin. (Yes obvious we know, but you would be surprised how many people forget this basic step. (Especially when your in a rush or being distracted)
5. After you have put your pin in, place your entire hand flat over every key on the keypad to transfer heat signature. (you do this because criminals are using your heat signature left by your fingers to get your pin-number for example the first digit of your pin will be cooler than the last digit you put in through the colour spectrum.) so a clever way to mess that up is just place your hand over keyboard for a second or 2. (This can be done while you wait for your cash)
By doing this you are helping to protect yourself from the way these criminals skim at these machines whether with a camera, heat signature or devices attached to machines.
Do it every time.
Travel Expert and Advice Column Recommends Armourcard to readers.
Acclaimed travel advice column DOC HOLIDAY featured in the Sunday National News Limited newspapers has recommended Armourcard as a must have while travelling.
In the Article Doc Holiday went on to say
I suggest you safeguard yourself for your up coming trip and your everyday movements with one of these cards
The Co Founder of Armourcard Tyler Harris made comments
This was a fantastic surprise to wake up to this article this morning while out having breakfast with my family.
Harris went on to say:
…with a lot of passive card type devices currently flooding the market and being touted trying to blur the lines between their products and our patented technology, we are so pleased to see that the travel professionals who we look to for advice recommend Armourcard as the best product to protect you.
Armourcard is the only product to have FCC (Federal Communication Commission) approval as we needed it as Armourcard emits a “Jamming signal”, we are also TSA approved to go through airport security.
You may also like this article / consumer alert-RFID protect cards are not created equal
[Article appeared in the Doc Holiday expert weekly advice on travel queries feature in the National Sunday News Limited Papers on Sunday 6th March 2016]
To read the article see the newspaper snipet below.
December 27th, 2015
RFID Protective cards – understand the difference before you buy.
Over the past few months it has come to our attention that consumers are judging the effectiveness of the RFID protective cards they are purchasing against retail point of sale terminals.
Based on this method of testing these RFID Protective cards give the appearance of being very effective at blocking a transaction being processed and have received a number of very positive reviews.
The truth is that if you place two PayPass cards together and present them to a retail (tap & go) terminal the transaction will NOT go through. This is so the consumer can make the decision of which card they wish to present to the terminal. Don’t be fooled though, any standard reader (like the one in the image to the right) that can be purchased online will not give you this option and will take the information off the first card that responds to its requests. These readers have anti-collision software so it does not matter how many cards are being interrogated it will always get at least one.
The criminals who perpetrate this electronic pickpocket crime would rarely use a retail style (tap & go) terminal to skim, they are more likely to use a standard off the shelf reader and ‘amp up’ the antenna and signal strength.
The way in which some of these cards are marketed and the terms that they use to boost the hype imply that the cards are loaded with top secret and patented technology some even drop names such as “NASA” to increase their worth.
The truth is actually quite different. Often a standard programable RFID card worth about $0.75 is programmed with essentially garbage in an attempt to confuse the terminal which is trying to interrogate it. This has been shown to be inconsistent in its protective ability and thus cannot reliably support the claims that are being made.
As there is no regulatory body governing the standards of products in this field, it has been left open for anybody to jump on board and try to make a quick dollar. The few companies that have invested significantly in research and development to effectively protect the consumer have been left trying to defend and differentiate their products from those who have clearly blurred the lines and cannot support or prove the claims that are being made. The sooner this industry can be regulated the better.
Where does this leave you? the best advice is to research the product you are considering purchasing.
If it claims to Jam does it have FCC approval?
If it claims to have patented technology is there a reference to a patent? (don’t be fooled by a ™ next to a word, that does not constitute a patent but merely a logo or term being trademarked)
If it claims to be active does it have a battery?
As a consumer you must do your research and due diligence until there is a regulatory body who can help govern the claims being made. Protecting your identity from theft is a serious business and you should only look for companies and products who are serious about protecting your data & not who just want to jump on the band wagon for a quick dollar.
The decision is ultimately yours as to how much worth protecting your personal data is to you.
Beware, Be Aware and Stay Vigilant.
December 22nd, 2015
Armourcard has a stand at CES 2016 (Consumer Electronic Show) in Las Vegas January 6th – 9th
We are very excited to be present with a stand at CES 2016 this coming January. You will be able to come say hello to the inventors and founders plus see the Armourcard product for US launch.
You will also be privy to a new Armourcard product for the protection of NFC enabled smartphones & tablets to be released soon.
Our stand will located in the Personal & Cyber Security marketplace so if you are lucky enough to be going come by and see us.
Booth number: 21931
Venue: LVCC South 1
Marketplace: Personal & Cyber Security
For media opportunities please contact Tyler Harris firstname.lastname@example.org
To arrange times to discuss US sales opportunities please contact Tyler email@example.com
We look forward to seeing you in Vegas.
December 21st, 2015
Armourcard review by APC magazine
APC or Australian Personal Computing has featured Armourcard in a recent article on travel goods and travel essentials.
Lindsay Handmer one of the journalists at APC reviewed Armourcard and tested and gave a very good review of 4 stars.
(in-fact no product got a higher score from all the products reviewed.)
Next time you travel the article that reviews Armourcard as an essential travel good to take with you, especially with ePassports, tap & go credit / debit cards and many hotel keys able to be skimmed.
Don’t travel without one, the Armourcard reviews say.
To read the full review Read APC article
TravelTalk one of the premier travel industry publications recently had a chat with our CEO Tyler Harris on how to best protect yourself while travelling from this invisible crime called ‘Electronic Pickpocketing’.
Harris explains how the crime happens and how ‘we’ as consumers/travellers need to be very aware of how easy it now is to gain access to your personal data. This includes your ePassports, ‘tap & go’ credit and debit cards along with many hotel room key cards that all use RFID technology to transmit your data over open airways that can be intercepted by criminals with ease.
Cloning credit cards today – 9 October 2014, its not hard to do as expert shows.
The new age of credit card skimming and cloning credit cards is on show today at the Breakpoint security conference in Melbourne.
Peter Fillmore an Australian money hacker & security boffin will demonstrate how he probed the protocols behind Visa and Mastercard payment cards and proved the viability of an attack by successfully using cloned versions of his credit cards to shop at supermarket chain Woolworths, and buy beer at a Sydney pub.
He will show today via modded Nexus 4 phone and how it steals data from Paywave and Paypass cards that could be introduced into cloned cards.
While the phone tactic is an inconspicuous attack, Fillmore told Vulture South that enterprising criminal gangs could make a killing by using his tactics with more powerful custom equipment to scam commuters on their way to work.
“The phone needs to be really close to someone’s wallet to work so it’s more of a proof-of-concept. [However], the attack I would be worried about is a criminal gang with a [reader] in a briefcase who captures a whole lot of cards on a tram and uploads them to a central server,” Fillmore said.
“Someone located far away could then wait until their phone pings with the stolen information and start using the cards,” he added.
“This is better than a relay attack because you can store the transactions and you don’t have a timeframe,” he said.
There’s another advantage for the potential criminal, as when the trick fails, it appears to the retailers and banks to be a mundane error, rather than a fraud attempt, which could trigger a well-resourced bank and police investigation.
Large retailers are first choice targets for attack (rather than small new businesses) as they were likely, as in the case of Woolworths, to operate legacy point-of-sale payment equipment and therefore be more open to fraudulent moves.
The Nexus 4 (as Fillmore discovered) served as an efficient and discrete hardware fuzzer for contactless cards. The popular Cyanogen mod gave access to an otherwise inaccessible application programming interface called ‘Host Card Emulation’ that he said is a “great platform” for cloning cards.
Fillmore plans to write an exploit app for a popular but as yet unnamed card reader that would be delivered through the phone.
His attack worked in part by exploiting payment terminal’s legacy support for magnetic stripe cards. The EMV (the gold chip on credit cards) protocol meant cards told terminals if it supported EMV, which then allowed an attacker to pushed payment processing back to mag stripes.
It captured details, including an application transaction counter, which was incremented each time a transaction was made. Attackers needed to conduct the fraud before the next transaction was made or an error would occur.
The attacks weren’t due to particular problems with a given bank, although the Australia and New Zealand Banking Group (unlike the National Australia Bank) was found to have not implemented a randomisation number which while affording additional security, did not prevent the attack.
Fillmore said new startups may be harder targets as they may use new technology that could be, like one tested at a NAB ATM, capable of determining if a contactless credit card was ‘lying’ about not supporting EMV.
Blocking the attack would require the very slow process of dropping legacy support for non-EMV transactions, a feat that could be done faster in Australia than the US.
“I believe that EMV interfaces in general (both RFID and physical) is an area ripe for implementation bugs and errors,” Fillmore said. “Its just the lack of available/affordable test equipment which has prevented researchers from exploiting this area.”
He said the attack may work similar to Cupertino’s Apple Pay platform which supported non-EMV transactions.
Fillmore’s work built on the shoulders of Michael Roland and Josef Langer from NFC Research Lab detailed in the paper
April 24th, 2015
Harvey Norman to stock Armourcard in-store for Christmas.
The heavy-hitting national retailer Harvey Norman has jumped on board to stock Armourcard in their top 60 metropolitan stores across Australia in the lead up to Christmas.
The CEO of Armourcard Tyler Harris when interviewed said:
We are extremely excited to be stocked in Harvey Normans Electronic & Computer stores, Gerry Harvey is an Australian retail icon and to be represented within his stores is fantastic for the Armourcard brand.
The great thing about being represented in these high profile?brick & mortar stores is that it now exposes Armourcard & its superior technology to more consumers & also allows the consumers who do not want to purchase Armourcard via their?online channel to go in-store to make the purchase.
Harvey Norman is expected to have them displayed at the payment counters so be sure to keep an eye out and make your purchase through these great retailers in the lead up to Christmas.
Ask instore and support us and these great national retailers by buying your Armourcard through Harvey Norman.
Travel Weekly Magazine and Website – “Why Travel Insurance Won’t Protect Your Cards”
A great article was written by HANNAH EDENSOR of Travel Weekly who recently interviewed our CEO Tyler Harris on the emergence of this new form of crime and how best to protect your credit cards and passport while your travelling.
Travel Weekly the highly respected travel magazine has spoken with Armourcard CEO Tyler Harris about how to best protect yourself while travelling from the new wave of skimming crime that can now lift your ePassports, credit cards and even hotel keys without you ever knowing.
Thanks to Travel Weekly for your support.
March 5th, 2015
In an article titled “Australians build a preventative invention for your wallet”
the tech guide interviewed one of the directors of Armourcard.
Tyler Harris went on to say about the interview:
Overall it was a positive interview & review of our product, but a few key points were left out from Leigh’s write up that where discussed in the interview such as how an Australian ‘White Hat Hacker’ Peter Fillmore as recently as Oct 2014 tested the security protocols behind Visa and Mastercard payment cards and proved the viability of an attack by successfully using cloned versions of his credit cards to shop at supermarket chain Woolworths, and buy beer at a Sydney pub.
Which Leigh only referred to a previous Mastercard interview from 2013 which Matt Barr, MasterCard’s head of Market Development in Australia refers to other RFID protective products as just creating noise to sell a product, we found that those comments from a company who is rolling out this technology right on the corporate line and what would be expected from a company that “creates a lot of noise” about their ‘Tap & Go’ technology in what appears to be a sell to the consumers on ‘its ok to use’ and don’t worry about any fraud.
Unfortunately had the article referenced the latest example of how criminals can skim & use your money as mentioned from the passage above it may have shown the readers that there is always two sides to the story ( one from corporate card issuing companies who have invested billions rolling out this technology, and the other from the hacking community and security experts like Peter Fillmore who still to this day show us how easy it happens & it can happen)
Until there is a 100% guarantee that the technology is safe, then why wouldn’t you protect yourself and Armourcard offers that protection.