[bluGill]

This article is light in details, but I'm going to guess that the money stolen was crypto of some sort. It is unlikely you could pull this off with regular banks as banks log everything. Sure if I gave you my checking account number you could take all the money I have in there - but the banks all know who got that money and so when I go to the police there is a trail to trace and much higher odds I get it back. This is one reason why crime goes through Swiss banks (traditionally) or Cayman islands (more likely) - the banks there are much less likely to cooperate with any police I go to and so it is much harder to reverse charges.

I still won't post my checking account number publicly though. Bank logs are not fool proof, but they are a lot better than crypto.

[rglullis]

It says right in the first paragraph it was crypto.

Still, if you think the problem doesn't apply to "real money": there was this story in Brazil some years ago of thieves going around to Carnival parties with NFC-enabled payment machines. They got away with hundreds of thousands of BRL just by walking in the middle of the crowd with the machine set to collect a small payment.

IOW, people were getting robbed because we've become too lazy to type a PIN code.

[skybrian]

US passports have a cover that makes it hard to read the chip unless opened. I don’t know how well it works, but it seems like something similar would be useful for payment cards, even if there’s no PIN.

[bluGill]

I didn't say it doesn't apply to real money. I said there is a lot more logging so you have a better chance of finding where the money went, catching them, and getting your money back. It isn't perfect, and it does depend on Brazil's courts. It also depends on someone going through a lot of effort, it isn't automatic.

[rglullis]

Still, we are now being forced to spend an uncountable amount of time and resources to create a system that can mitigate an issue brought by some technology which was supposed to save us what, 10 seconds of each in-person transaction? It makes no sense.

[samatman]

There is no way to set Apple Pay to activate without user input, is this not true in Android?

[wlesieutre]

Tap-to-pay NFC credit cards

Chip and pin or even chip and signature is just too much effort to pay for something

[aqfamnzc]

To do this, are they using some kind of modified payment terminal with extended range somehow? My understanding is that the NFC coils have to be very close, like single-digit cm to get any kind of power or data through.

[GauntletWizard]

At carnival in Bazil, you bump into people; Like, when they talk packed streets, they're talking body to body contact filling the street for blocks and blocks. All you'd have to do is put a terminal around your waist and you'd get close enough to activate NFC for hundreds of people just pushing through the crowd.

https://en.wikipedia.org/wiki/Brazilian_Carnival#/media/File...

[ricardobeat]

If I remember correctly, yes, they had a modified terminal that picked up cards more than a meter away. But the other comment is overestimating the damage, there is no way they took 'hundreds of thousands', more like thousands in total. Especially since contactless payments usually have a very low transaction limit (something around R$100 in Brazil).

[aqfamnzc]

(Reply depth reached) I guess if you're filtering through a big crowd then indeed you could get really close to people and their wallets. I thought GP was saying you could immediately skim every person in a crowd at once.

[rglullis]

Have you been to a Carnival party in Brazil? Most of the time, you won't have "single-digit cm" between you and the next closest to you.

[eternityforest]

Chip and pin can be unreliable because of bad contacts