@hisold My bank stopped issuing #girocard cards with #magstrip 10+ years ago as magstrip was phased out and #NFC was phased in as well as #PSD1 being introduced.

Even before that merchants rarely accepted magstrips and those who did asked for #ID as soon as purchases [i.e. fuel at a gas station) exceeded like €100 because unlike #Chip + #PIN the payment processor does not guarantee them that the payment will be accepted and the amount guaranteed.

That's the main push factor: Alongside lower processing fees and faster processing, the Chip+PIN & #NFC systems actually request a blockage of the amount and will automatically decline without incuring fees if the balance / limit is below that amount - sometimes even before the PIN has been entered (it'll just not show it until the PIN is entered so fraudsters can't just abuse this as a means to check balance.

There's a nice podcast with #JohnBoseak where he explains how stuff used to [and allegeldy still does] work in the #USA re: #CreditCards. Given that I worked for a #PaymentProcessor in the past this is some basic knowledge re: #security, because one needs to understand how stuff like CNP ("Card not Present") works and how the system is architected to the point that even if someone were to hack the database of said payment processor, they'd never find any CCs or the CVVs stored there at all.

It's also insightful because #fraud would be way more rampant if the card issuer, payment processor and card system operator [i.e. AMEX, VISA, MasterCard] didn't all run their own AFE [Anti-Fraud Engine] each automatically assessing risks within less than a second for every transaction.

That's why one can get their #CC blocked when using a #VPN and why fraudsters need the location of their victims because if I had a CC and used it regularly and someone were to try to swipe a skilled copy of that at a Walmart or Best Buy on the East Coast of the USA less than 24 hours of my last use in Germany, that would automatically get declined as fraud and the person at the cashier will call security because noone is travelling that quickly that far.

But that's just some cold OSINT based off #TechSupport and peeking behind the curtains professionally...

There's way more but I can't go into details on that.

Rest assured if you have a CC you can be as certain that someone tried to abuse it as I'm certain my bank blocked fraudulent money orders against my account because of AFEs working - it's just > 99% of all fraud attempts get blocked instantly and merchants rate-limited or kicked off the system when they do something suspicious.

Same reason why one can't frame someone for a crime by just wiring obviously illicit funds to their account: AML (Anti-Money Laundering) will catch that and unless the account holder were to ask "Where's the money/transaction?" #FinCEN et. al. won't even bother calling the account holder up simply because "oops I wired money to the wrong account. Can you please send it back?"- #scam is a well-known method to turn unsuspecting people into money launderers.

So yeah, that "#magstrip" may be just lacquer but unless it's specifically advertised otherwise only holds the CC & CVV as well as service codes [i.e. chip+pin only] to tell the terminal "Don't accept magstrip, mandate Chip+PIN"]...

Outside the #USA, this is the norm due to #PSD2 exceeding #PCIDSS by quite a lot!

Only underdeveloped countries like the #US still use #Magstrips and #credit and not Chip+PIN & #debit!

YouTubeMiami’s Darklord of Credit Card Scams | John BoseakBy Danny Jones

**NFL News** @nfl@channels.im · May 12

May 12

NFL News @nfl@channels.im

2025 NFL schedule: 3 tiers for the Falcons’ non-NFC South opponents https://www.rawchili.com/nfl/44723/ #Atlanta #AtlantaFalcons #AtlantaFalconsSchedule #AtlantaFalcons #falcoholic #Falcons #Football #for #FrontPage #NFC #NFL #non #opponents #schedule #South #the #tiers

**Cappy Ishihara** @cappy@fedi.fyralabs.com · May 9

May 9

Cappy Ishihara @cappy@fedi.fyralabs.com

Looking for aspiring Linux hardware and software hackers to work on NFC-F/FeliCa (Secure NFC) support in Linux! We're interested!

Imagine Linux emulating transit cards— also logging into SEGA (Aime), Namco (BaNaPassPort), Konami (e-Amusement) arcade games!

Join us @hq and let's turn Linux phones into transit (or arcade) cards! Let's ride the train, on Linux! #nfc #nfcf #felica #linux #hardwarehacking

**heise online** @heiseonline@social.heise.de · May 8

May 8

heise online @heiseonline@social.heise.de

#heiseshow: PayPal-Wallet, Mozilla-Finanzen, Scan-Autos

In der #heiseshow: PayPal plant kontaktloses Bezahlen ohne Karte, Mozilla kämpft mit Geldproblemen und Scan-Autos sollen Parksünder in Stuttgart aufspüren.

https://www.heise.de/news/heiseshow-PayPal-Wallet-Mozilla-Finanzen-Scan-Autos-10374706.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

heise online · May 8#heiseshow: PayPal-Wallet, Mozilla-Finanzen, Scan-AutosBy Malte Kirchner

#Entertainment #IT #Mozilla

**Akahito** @Akahito@furry.engineer · May 2

May 2

Akahito @Akahito@furry.engineer

The Dragon Trouble Squad was out and about at the #NFC!
Here, inspecting a lifebuoy

@preturnax
Me
Liraxtor
neapolitanpuppy

#FursuitFriday

**heise online English** @heiseonlineenglish@social.heise.de · Apr 25

Apr 25

heise online English @heiseonlineenglish@social.heise.de

Volksbanks bring Girocard to the iPhone – away from Apple Pay

The Volksbanken and Raiffeisenbanken are using the NFC opening wrested from Apple to integrate the Girocard into their own banking app – apart from Apple Pay.

https://www.heise.de/en/news/Volksbanks-bring-Girocard-to-the-iPhone-away-from-Apple-Pay-10363285.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

heise online · Apr 25Volksbanks bring Girocard to the iPhone – away from Apple PayBy Leo Becker

#ApplePay #Bezahldienst #EU

**Brian Greenberg** @brian_greenberg@infosec.exchange · Apr 25

Apr 25

Brian Greenberg @brian_greenberg@infosec.exchange

Mobile security risk: New Android malware "SuperCard X" enables contactless payment fraud via NFC relay attacks

Here’s how it works:
Victims are socially engineered through fake bank alerts (smishing + calls)
Tricked into installing a rogue app posing as “security software”
NFC data is intercepted from real debit/credit cards
Attackers relay stolen credentials to PoS terminals and ATMs for fraudulent cashouts

Why it matters:
• Attackers no longer need stolen physical cards — just proximity + deception
• Banking customers, payment providers, and card issuers are all at risk
• Google is working on Android protections — but vigilance is key now

Tip: Always scrutinize app installs, verify messages before acting, and keep Google Play Protect enabled.

#CyberSecurity #MobileSecurity #Malware #NFC #FinancialFraud #ThreatIntel #security #privacy #cloud #infosec

https://thehackernews.com/2025/04/supercard-x-android-malware-enables.html

The Hacker NewsSuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay AttacksSuperCard X malware exploits NFC relay and social engineering to steal card data in Italy, enabling ATM fraud.

**Efani** @Efani@infosec.exchange · Apr 21

Apr 21

Efani @Efani@infosec.exchange

A new Android malware campaign is using NFC relay attacks to clone credit cards — and it’s nearly invisible to antivirus tools.

Security researchers have discovered 'SuperCard X', a malware-as-a-service (MaaS) platform that allows cybercriminals to steal card data and make contactless payments using compromised Android devices.

Key highlights from the report:
- Distributed via social engineering scams through fake SMS or WhatsApp messages
- Victims are tricked into installing a malicious app disguised as a bank “verification” tool
- Once installed, it uses NFC to read card chip data and sends it to a second attacker device
- Attackers use a companion app to emulate the victim’s card and make payments or ATM withdrawals

What makes it dangerous:
- SuperCard X requests minimal permissions, making it hard to detect
- It uses ATR-based card emulation and mutual TLS (mTLS) for secure communication
- Malware is not flagged by any antivirus engines on VirusTotal
- Transactions are small, instant, and look legitimate to banks — making them harder to detect or reverse

Google responded saying Play Protect is active and currently no such apps are listed on Google Play. But since these apps spread outside the store, Android users remain at risk — especially if they sideload apps or fall for impersonation scams.

This is a textbook example of how mobile payment infrastructure is being exploited — and why NFC security deserves more attention in mobile-first threat models.

At @Efani we’re committed to helping protect high-risk users from silent, evasive mobile threats just like this.

#Cybersecurity #AndroidMalware #NFC

**Snow Foxx** @Snow_Foxx@bark.lgbt · Apr 18

Apr 18

Snow Foxx @Snow_Foxx@bark.lgbt

No crossing without paying the bridge fee! You can either pay by taking me with you and petting me all day long, or by buying me a lifetime supply of treats

: @hek

A photography of a fox fursuiter sitting on a red wooden bridge and completely blocking it. With his paws, which are revealing some sharp looking claws, placed in front of him onto his ankled knees he's looking into the camera in a challenging way, with his head tilted slightly to the side. The background shows an artificial garden with a cherry blossom tree and a river underneath the bridge, placed at Valhalla, the second venue of NordicFuzzCon 2025.

#FursuitFriday #furry #fursuit

**IT News** @itnewsbot@schleuss.online · Mar 31

Mar 31

IT News @itnewsbot@schleuss.online

A Music Box Commanded By NFC Tags - [Luca Dentella] recently encountered a toy, which was programmed to read different... - https://hackaday.com/2025/03/31/a-music-box-commanded-by-nfc-tags/ #mischacks #mp3player #nfcreader #nfc

Hackaday · Mar 31A Music Box Commanded By NFC Tags[Luca Dentella] recently encountered a toy, which was programmed to read different stories aloud based on the figurine placed on top. It inspired him to build an audio device using the same concept…

**IT News** @itnewsbot@schleuss.online · Mar 30

Mar 30

IT News @itnewsbot@schleuss.online

Yaydio, a Music Player For Kids - Music consumption has followed a trend over the last decade or more of abandoning ... - https://hackaday.com/2025/03/29/yaydio-a-music-player-for-kids/ #digitalaudiohacks #musicplayer #toyhacks #mp3 #nfc

Hackaday · Mar 30Yaydio, A Music Player For KidsMusic consumption has followed a trend over the last decade or more of abandoning physical media for online or streaming alternatives. This can present a problem for young children however, for who…

**vanta rainbow black** @vantablack@cyberpunk.lol · Mar 29

Mar 29

vanta rainbow black @vantablack@cyberpunk.lol

fuck it, i put all my contact info onto an NFC tag thingy and put that on this collar

so i can say i'm microchipped lmfao :3

selfie of me vanta enby girl extraordinaire wearing black eyeliner and black lipstick and pink hair and my hot pink bucket hat with cat ears and patches sewn on and rainbow collar with an nfc tag hanging off of it and rainbow dress. hell yeah. i'm smiling happily

vanta.vcf open in a text editor

BEGIN:VCARD
VERSION:3.0
FN;CHARSET=UTF-8:Vanta Rainbow Black
N;CHARSET=UTF-8:Black;Vanta;Rainbow;;
GENDER:F
BDAY:19961112
ANNIVERSARY:20191223
EMAIL;CHARSET=UTF-8;type=HOME,INTERNET:v4nt4bl4ck@protonmail.com
TEL;TYPE=CELL:[REDACTED]
ROLE;CHARSET=UTF-8:cat
URL;CHARSET=UTF-8:https://vantaa.black
X-SOCIALPROFILE;TYPE=fediverse:https://cyberpunk.lol/@vantablack
REV:2025-03-29T14:05:04.511Z
END:VCARD

#vantaselfie #NFC #caturday

**Violet** @Violet@chitter.xyz · Feb 23

Feb 23

Violet @Violet@chitter.xyz

If anyone is still at #NFC and wants to say goodbye or missed me during the con, I'm chilling out at the jam stage next to the piano

**Luana** @luana@wetdry.world · Feb 21

Feb 21

Luana @luana@wetdry.world

How does stuff like those nfc chips some people implant on themselves work for credit card payments and stuff? Does it work like Apple Pay or something like that? Does the bank need to do anything to support it or do they just see it as a regular apple/google pay device?

Also, if the banks don’t need to do anything to support them then why don’t we have like open source reimplementations of google pay for postmarketOS or something?

#nfc #OpenSource #BodyHacking

Replied in thread

**Kevin Karhan** @kkarhan@infosec.space · Feb 10 *

Feb 10 *

Kevin Karhan @kkarhan@infosec.space

@unseenjapan I think #pasmo and #Suica (as well as other #FeliCa-based systems like #Octopus) are really super convenient in terms of Pre-#NFC #RFIC-based #cashless #payment systems, to the point that #vPay, #PayPass and #girocard (as well as the flopped #GeldKarte) are just bad imitations of those!

**Violet** @Violet@chitter.xyz · Feb 6 *

Feb 6 *

Violet @Violet@chitter.xyz

Are you a furry who is curious about computer art and the demoscene?

Find me at Nordic Fuzz Con on Thursday the 20th at 20:00 (GMT+1) in the Vet Chamber, Valhalla!

I will be covering all the essential topics surrounding the demoscene, how furries have been getting involved with the scene and how you too can get involved.

https://nfuzz.co/event/DSQWGH