Why Does My Credit Card Have a Hole in It?

How long do you sit there with your arms crossed staring at the camera before you start your "hay everyone"??

I actually discovered how to disable RFID/NFC cards the hard way when one day I got the idea, "Hey, what if I hole punch the corner of my badge so I can put it on my keychain?"

Hahaha, I ran into this with smart card access.
Our maintenance guys drilled holes in their access cards, to loop a string thru for a lanyard, which nuked the card.
So we had to hand out card pouches with lanyards so they would stop punching holes thru the cards.

I think there was a guide in a German tech magazine a while ago on how to disable NFC, and they advised checking with the lamp and then cutting away next to the pads with an exacto knife

Also I'm pretty sure Samsung Pay predates Apple Pay, and was significant in that they held the patent on using the wireless charging coil as a magstripe emulating transmitter. Back before NFC payment was ubiquitous and I daily drove a Note5 I would routinely have cashiers say "oh, sorry we don't take Apple Pay" as I held it up to their stripe reader for it to then beep and accept it anyway. It really gave off the "I am a technowizard" vibe.

Also useful for if you want to protect your card from RFID/NFC sniffers paced near payment terminals. An RFID blocking wallet is useful at protecting the cards normally, but won’t protect if the shady gas station attendant hid a reader right under the counter where you remove your card from the shielding of the wallet.

It may be silly, sure. But as someone who hissed at a goose (it hissed at me first) because I wanted to establish dominance and make it move off the sidewalk I was on (I worked), im a firm believer in "it ain't stupid if it works"

The first tap-to-pay debit card I got here in Australia in the 2000s was clear plastic on the back, so you could see the little copper wires of the antenna doing laps around the circumference. I don't have any NFC enabled on my phone so I don't need to mod my card.

I quite like the idea of drilling a hole to disable the antenna. It reminds me of that early Xbox 360 hack that involved carefully drilling into the DVD drive's controller chip to cut a line inside the chip to enable flashing of custom drive firmware that allowed loading of copied discs. Companies even made jigs that sat over the chip, to allow super precise drilling - and if you drilled too deep, or in the wrong spot, you killed the drive.

As a Capital One rep, I wish I could recommend this video to certain callers. Also wish we were able to request non tap to pay enabled cards still... And no this does not violate any agreement.

Hi Deviant! Indeed, phone-based payments do work even if the device doesn't have connectivity. It's all about the secret token that's needed to perform the handshake between the terminal and the card. I saw a video about the NFC implants and how one RUclipsr with such an implant had asked, I think Venmo, for such a secret token, so that he can program it onto his implant and pay with his hand.

Google Wallet, Android pay in 2011 and Apple Pay in 2014 were quite late entry into contactless payment. Contactless (tap and pay) systems have been around since 1995.
In the county I'm in we have had contactless bank cards from 2007.

As an electrician in Australia, my drivers licence has a chip on it no ever uses.... Never got in trouble if it never worked; so we just smash 1000V DC across it with our test tools lol.

I believe the reason EMV chips caught on all of a sudden in the US was because the rules changed. Before, the issuing bank was always responsible for handling fraud. But now, if the merchant doesn’t accept the card’s most secure payment method, then the merchant is responsible for any fraud. So they scrambled to support chips. If only it had come a year later, all the merchants would have scrambled to support NFC.

I had an indentation made into a access badge once by the card holder, just where the antenna was. Hardly noticeable, killed the NFC entirely

For bonus points, figure if you could splice in a tiny switch (maybe just a membrane keypad dome?) back into the antenna, so that it still works when you squeeze it.

Thanks for the video. Norfolk Virginia has issues with people sitting in malls with an oversized antenna pulling $1 and $2 dollar transactions off of NFC cards. They get smart and use an in state but out of city business [ read as out of jurisdiction] address. The people are smart - they move like locus from one mall to another then onto another city. Very troublesome to prosecute.
Being able to nuke the antenna and keep the chip is great.
Also hearing you say "apple pay is secure" is the good house keeping seal of approval.

Android Pay (the predecessor Google Pay) was around in 2012. There was even a promotion to use it where you would get a small credit (it was like 5-10 dollars) to use it. I had used it a few times with my Nexus 7tablet to redeem that credit at McDonalds.
Apple Pay didn't roll around till 2 years later in 2014.
Regardless, like you I hated that I was thrust into having tap and pay cards because my phone picks them up, but I am not brave enough to try and do what you have done here. I just try and keep my wallet and phone air gapped a few inches.

I was worried this was going to be a weird paranoid thing at the start. This is actually really cool. Thanks for the tip!

That's actually a great method to solve this. I bought some cheap rf blocking sleeves on Amazon which is my current solution as I have this trouble regularly... now I'm considering drilling a small hole in my credit card so I don't have to fuss with pulling a card out of a sleeve and putting it back when I need it.

Never thought of using a bright light to see where the antenna is. I don't have a need to disable the RFID on any of my cards, but it's still interesting to see. Cards from different banks also seem to us different layouts for the traces.
(Also I'm now partially blind from my Nitecore MH12 on full blast accidentally peeking out from behind the edge of a card)

I believe you can use Tasker with an NFC trigger to ignore certain NFC tags. I have root on my phone so I'm not sure if that requires privileges but I do recall being able to ignore my work badge when it was picked up by NFC on my phone.

I ALWAYS request cards without tap to pay. Most of my banks used to give them to me after a little arguing, but I haven't been able to get one without it for a few years now. I am definitley going to try your trick on my cards from now on.

Clever. I have to test a lot of card readers in my line of work, so I soft-disabled the tap on my bank card to avoid making any accidental tap payments. But this is even better.

A lot of smaller credit unions are using these new ones where everything including the antenna is under the contact pads. I assume this is just a manufacturing cost thing but it makes disabling the NFC antenna damn near impossible.

I see your camera quality has now by leaps and bounds better video quality than the older videos you had. The audio is clipping quite a lot, so maybe re-check the mic amp settings and post-processing filters?

I thought it was going to be a tactile dimple, so you always know which way it's oriented without ever looking. I do it with my housekeys.
Stopping the NFC makes sense too

I deactivate the magnetic strip on my cards now after they were cloned a few times. In Canada nobody accepts swipe to pay anyways, and they haven't in many many years. Even several years ago in the US, if they had a chip reader on their units they would still work even though they thought it didn't and I've surprised a number of people when I successfully used it. The conversation usually went "Lets try and find out. Maybe I'm this cool" and it worked. The very rare time the chip reader didn't work I just used cash, which to be honest at the time was a PITA for doing my expenses.

Had the same issue with trying to put an ORCA card (a regional tap to pay transit card) anywhere near a phone with NFC enabled. And of course disabling nfc on that card makes it un-usable.
So I end up using rf shield sleeves around my cards

Here, (Canada) tap-to-pay first appeared, at least in my experience, on gas pumps. The cards definitely came out before NFC phones.

Now that's a neat solution for the all too common in-wallet card collisions! Makes me wonder if there's an easy way to make this toggleable with a bit of conductive tape or a low-profile dome switch or something without having to spend a lot of time tuning it.

I think it should be perfectly okay for the bank. As far as the bank is concerned, your card simply "happens" to have a broken NFC antenna and unless you need a replacement card because of that issue, it just appears to the bank that you simply never ever use the NFC feature.
I actually had one card that was still in mint condition visually but its chip features were flakey and I had to replace it. I guess there was a fracture in the chip or one of the wires because it might have been temperature sensitive whenever it happened to work or not. The bank even agreed to replace the card without having to pay for the new card.

The downside to the "tap and pay" I run into at some frequency is when the POS terminal isn't working with tap and people actually have to put the chip in and can't remember their pin (in Canada we use pin for Debit/creidt transactions almost exclusively).

When tap first came out I drilled all my cards to protect against remote cloning. That turned out to not be much of a threat in the real world(I also live in rural Canada where criminals think crowbars are high tech) so last time my cards where replaced I didn't drill them and started using tap and it's pretty darn handy.

In Canada you can just ask the bank to disable it, and as far as I am aware it does not scan with anything after that (rather than just scanning and showing a blank tag)

Just got my new Capital one card and immediately thought of this video! So glad for the info!

Btw, there are tiny sleeves for credit cards that still fit everywhere the card does and block the antenna of the card, so it doesn't work contactlessly unless you remove it from the sleeve.

As soon as I saw the title I figured it was to disable tap-to-pay, but I didn't consider hitting just the antenna to keep chip payment active.
We've had chip and pin up in Canada for a long time now, with tap to pay being around for a while as well. It always amazes me how far behind payment cards were in the USA. I remember reading about a special USA model of a Samsung phone with "MST" payment, that could somehow transmit card data to a magstripe reader, and I had to ask one of my friends down south why such a thing would be needed.

It occurs to me to wish for a momentary button of sorts built in to the card, that would physically disconnect the RF antenna (much as you did) with the normally-open switch, but then if you squeeze the card in the right way (or perhaps any of several (2? 3? more?) available ways, with multiple electrical paths), it closes the circuit and the card can be used. I imagine this could be done -- either a membrane-type button that's just two contacts around a void in the central plastic (where the user would squeeze the thickness of the card in a particular spot), and/or an edge-based thing where squeezing the edges at a certain spot would close the connection (seems more ergonomic)... that'd solve the phone problem.

I keep the wireless cards inside a metallized card pouch (you can get them for cheap, search "nfc blocker") which blocks NFC (I checked, does not read the card if it is in the pouch).
Maybe that is an issue for your phone too if you keep them in the same case but for most people where the cards are in a wallet it's ok like that

The lengths we go to in order to keep our tech happy.

Ok so that laptop was Dell trying to compete with the Panasonic Tough Book. Also great idea for how to knock out NFC while still keeping the chip enabled. Another thing worth saying is that if you are trying to do the mod yourself you need to use a drill bit that’s flat on the bottom and I would guess that not many people have a key machine or some tiny end mills laying around so just keep that in mind if you are not trying to go all the way through the card

There are phone cases that also block the chip in cards from communicating. I’m not sure if they affect phone reception but you can always take your phone out of the case in a pinch. Beats disabling features.

Dev, I am one of those few users who uses that style of phone case... and oh my god, I LOVE it even though all of my friends tell me how they couldn't handle the stress of all those eggs in one basket, which is a totally fair risk appetite acceptance model.
That being said, I've gone back and forth on enabling the phone-based tap to pay... "Do I want anyone who compromises my Google/Apple account (in that scenario) to also gain access to my credit cards?" and I'm still not sure what my personal risk appetite is on the topic.
Either way, good GOD it was annoying to leave NFC turned on on my phone for the very reason you mentioned in the video. I was so confused the first few times NFC tools alerted me to successfully captured data until I realized that me wanting to leave NFC Tools on and the convenience of Tasker IfTTT commands that used NFC were causing me to go crazy... 😅

The conundrum of a free laptop from Deviant: It's either clean as a whistle or you're pwned the second you open the box.
Edit: Possibly as soon as the box gets near any of your devices.

Apple Pay works offline because the actual card is on the phones secure element but Android Pay uses “host card emulation” where the actual card is on a cloud server and the phone thus needs internet to work. (To answer the subtitle question). I am not sure if any android or Samsung etc options support a true native card on the phone.

The worst overlap I've experienced was at some European train stations. The turnstiles can both sense NFC and scan a QR code, but if you have your QR code displaying on your NFC enabled phone (because the tickets you have were delivered as a QR code) the phone will pop up your NFC options/wallet when you get too close, hiding the QR code. It took several attempts of trying to sneak up and get the QR code scanned before the NFC could kick in or, in one case, a friendly staff member with a handheld non-NFC scanner to get to my train.
All these devices need a simple "stop doing NFC for a minute" switch somewhere...

I was avoiding this recommendation for so long because it seemed super click baity, but this was a genuinely good video for what it was. I was absolutely not disappointed by the explanation.

lol, I'm pretty sure you have me on your mailing list.
I like the controlled way you went at cutting the RFID. Its not the sledgehammer approach of degaussing or microwaving your card. And its so much more controlled then a drillpress or CMC.

TLDW is that he put a hole in his card to disable tap-to-pay

If you want to "opt out" of tap to pay for security reasons rather than interference, some mobile banks let you actually stop your card from being used with tap to pay. I know for the UK Revolut allow this and I think Starling do also.

In Canada we have a wireless fare payment card called PRESTO and they tell you explicitly not to hole punch through it or it could wipe out the antenna. If you are worried about violating TOS, or want to do it a lazy way, a hole punch in the right spot will do the same result with some deniable plausibility.

I wonder how long it took him to notice he gave everyone his card information

Huh. Your cards still have mag stripes? Here (Australia) there are few that have that still, but all new cards for a while are just NFC + chipcard.

Back when NFC first rolled out mainstream to cards around the mid-late 2000's here in the states i had a bank card that i just used a hole puncher on LMAO. I kinda went overkill, but got to the same solution as you.

Commenting just to improve the RUclips algorithm. Keep up the great work and the good content!

Google's confusing naming and constant changes got me confused with another app. Comment is irrelevant now

In reference to 3:40 or so: yes you can use apple/google/samsung pay without network connectivity in my experience. Revolut is good too, with their physical card you can temporarily disable or reenable NFC*
*disabling NFC stops you from getting contactless charged on the train or something it won't stop the card from being actually detected by a reader which was your issue.

Thie video brought to mind an episode of NCIS from awhile ago where a woman was walking down the street with a cell phone and stealing people's credit card information wirelessly. I think the episode aired around the time credit card companies started rolling out this technology in the US.

I've been meaning to extract the NFC coil/etc from a bank card and put it into a ring. Just so I can wave my hand over the machine to pay for stuff.

As a Canadian it's so funny you guys didn't have chip and pin until tap, I got my first card at 7 years old, and all my cards have had chip didn't have tap until the past 10 years. I've only ever swiped or had to sign like 4 times in 20 years.

An NFC blocking sleeve on the card would have worked just as well and still given you the flexibility to still tap with the card.

I had this exact conversation with my bank, "Can I get a card without tap-to-pay". The answer is a resounding, "Uhhhh, no".
I carry several cards in a wad in my pocket and when tapping the whole wad against a reader without taking one card out results in an error on the POS that often says something like, "only 1 card". So I took a strong flashlight, blasted it through the card, and marked a small dot on an antenna line on all cards except the one I use 99% of the time. I drilled a through hole on many cards and I never get a second look, but a partial drill with some nail polish is a nice touch.

I have an active NFC jamming card - it's an active chip that basically sees NFC and responds with a colliding signal. The key is it collides but doesn't disable itself (which is how NFC handles collisions - it reads until a collision and that happens when a chip tries to send a 1 but reads a 0 from another chip, which means the chip sending 1 detects it and temporarily disables itself until the next read while the chip sending 0 (which doesn't know about the collision) keeps going. After that it disables itself for the next read which will let the first card send. A jammer sends constant 0 and disables cards in its proximity so they can never be read.

You are correct, phone payment (google at least, though pretty sure apple pay too) still works even if the smartphone has no network connectivity. My local supermarket has no phone signal at all, and i use phone payment there all the time.

I did something similar a while back using an x-acto knife. I put a tiny pinhole all the way through the card. As a result, it no longer interfered with my NFC bus pass. I use tap to pay on my phone anyway for paying for stuff.

We have had to use a bunch of old laptops as portable temporary console servers on remote routers for upgrades that require the entire drive of the router to be formatted and rebuilt from a usb drive.

I've been reading about "card clash" on the London public transport system. You offer your phone or wallet or purse and there may be multiple chips in there and it's a mixup. As you need to tap in and tap out, confusion can ensue

My bank is behind the curve with NFC, but I don’t want to use it once it’s available and I was thinking about this exact topic over the weekend while trying to set up some GPS tracking units that I can hopefully catch some thieves with.

That is super cool! Never thought of that

Tap to pay was on Android via the original Google Wallet app years before Apple Pay,. It never saw widespread adoption because Google only supported it on Nexus (and later early Pixel) phones and if you didn't have one you needed to root to install it.
I remember quite a few times I saw the little contactless symbol on a payment terminal and would just pay with my phone and 9 times out of 10 cashiers looked at me either like I was a wizard or like I was some sort of "hacker".

A few years ago when I was first trying Apple Pay, I was in Canada at a Starbucks and was able to pay while my my iPhone was in airplane and Wi-Fi turned off. That was before most cell plans included roaming in Canada and Mexico lol, but good to know network connection is not required.

Id love to see you test the RF Blocking metal sleves you can put card in.

It's slightly easier to do this with a box cutter / x-acto knife. When you know which side of the chip the antenna wires are coming into (on my cards it has always been on the left, but it looks like in your card it comes in on the right) you can run the knife down the kinda groove in the plastic next to the chip and it easily cuts the leads. This method is a lot less skill intensive than trying to mill out a chunk of your card and you can do it with a very basic tool :)

Yep. My Samsung galaxy Nexus had Google wallet in 2011. And places started enabling the readers until 2014 when apple pay came out and apple had to get their cut from retailer, so retailers started turning off the readers. It took about 2 years to get back to where it was in 2011.

Reminds me of the Kamikaze hack for the Xbox 360. You'd drill in to one of the chips to short specific traces to bypass a write lockout. Produced one of the funniest console homebrew related images I've ever seen.

Thank you about the card. The laptop sounds good to me. What would it cost to get your current recommendation for a rugged laptop? ie what do you carry now? -M Henley

Thank you, thank you, thank you for solving a problem i was too lazy to solve myself.

Haven't thought about that hack. Love it...

Something was floating around a few years back about how cards with the chip removed could be refused because it was "a sign of tampering". Though I can't find any language that specifically notes this.
I'll keep looking for a bit, and update if I come across it

Note that Australia (and I believe most of Europe) were using tap to pay since 2006 - way before Apple Pay. I believe it’s only new in the USA. I don’t think I ever had my iphone pick my cards up, maybe because Apple Pay can’t receive payment here, only send them? Since digital drivers licenses and Apple Pay I now only carry my phone.

I hope you don't lose your phone.

Hey I was looking on Red team tools and I’m not seeing the tamper sticker removal kit. Do you guys no longer sell it?

Now that you mentioned your phone, could you tell how you set up your phone? Custom ROM? MicroG? NoGoolag? or something completely different?

We've had these in Canada for a decade or so. Always baffled me how it never caught on in the states.

At my last job the door with a tap-reader card was only locked in the morning before 8 AM so I never really wanted to carry that card on a clip so I preferred to keep it in my wallet. Had the same reading conflict issue because of how many tap-to-pay cards I carry.

1. Android Pay was first, but evolved into Google Pay; it was a different approach however in which Google paid for you then you paid Google. This was changed as it meant all transactions were considered to be to Google so rewards reflected that - often only 1%.
2. Most of the card is just useless plastic, you probably don’t need to be careful. My card split right above the mag stripe almost to the end of the card and both chip and stripe still worked. I only replaced it because I forgot my bank uses those ATMs that pull the card into another dimension and it almost got stuck.

Haha, I did the opposite. I don't need more than one NFC device so I just let the card do the work. I did notice that if I had NFC on my phone my card wouldn't work from the case. As a temporary thing to have phone nfc I have just been using the card outside of the case too. Glad to see I wasn't crazy.

I really appreciate your insights!

Was nice to hear a shout-out to floatplane.

This is your bank, we received notice from an un named three letter gov’t agency that they are unable to effectively track you; they have had to move to using outsourced methods from your phone manufacturer and are tired of paying the premium. With this coming to light, we will be issuing you a new card. Thank you -bank manager

I just wrapped my card in aluminum foil. I don't really travel and honestly my card and my bank card stays home digital version on my phone with NFC so it's like kind of redundant so I just wrapped it in aluminium foil so that even in the extremely rare chance someone was going by and somehow had a powerful enough reader to read it it would make it harder.

I figured out why the hole was there immediately, but the reason for it is completely different from what I thought you were gonna say (was expecting something about security, paying something without your knowledge, ...)

I always thought that hole was due to over use....Very informative vid.

FWIW I just put my two most used cards in a RFID blocking sleeve and put that in my phone case. The sleeve itself doesn't add enough bulk to be problematic, but granted I use more of a folding wallet phone case which has a little extra wiggle room to begin with so your YMMV. And, so, I can use apple pay w/out any issues, but if a merchant doesn't have apple pay and I still need to spend money there, I still have the option with the CC to tap, dip, or (heaven forbid) swipe. (for ultimate last resort, I also keep a bit of emergency cash in the case too. I always try to keep enough for cab ride home no matter where in the city I am. Just in case.)

You're right that the NFC payment system doesn't require both devices to have an active network connection. They just figure your phone is more likely to than the POS system, so it banks in the phone as the reliable end. IT support will tell you how awful it is keeping that stuff online.

I remember my days in helping my elementary/HS over the summer set up 2 carts.... 65 laptops each, for those... very rugged and hard to damage.

I have an account (not one of those you mentioned) where the phone app allows you to turn on or off certain features of the card, such as whether it's near the phone (uses location and merchant location), Y/N to ATM withdrawals, Y/N to contactless, etc. Kinda handy and it works. Interesting to test whether this is tied to the reader in some way or not. Thanks!!

You snort through it once you've carded up the power just be str8 with us 😂😂✌🏽

Do the rf blocking sleaves not work well enough? (like those that come with your passport card)