[eknkc]

In Turkey when the contactless payments became ubiquitous one concern / urban myth was that people were using actual pos devices in public transport to lift money from wallets at back pockets and stuff. I guess that would work but that kind of fraud gets shut down pretty fast.

Relaying the thing seems like a workable thing but the timeout aspect is interesting. I wonder how fast can a short direct radio link would operate. Say someone inside an Apple store relays a card from another shopper while the accomplice checks out. In the line of sight of victim?

[PreInternet01]

> In the line of sight of victim

Yeah, you can actually check out the details in https://www.emvco.com/specifications/contactless-specificati... -- relevant parameter is "Device Estimated Transmission Time For Relay Resistance R-APDU", which is specified as "typically 1.5ms".

That's already hard to achieve reliably (in-store WiFi is right out, but possibly Bluetooth?) but would definitely make the required on-device malware even more complicated...

[eknkc]

Also, the underlying processing also takes some time obviously. Hence the 1.5ms timeout. If the cards take 0.5ms on average to respond in real world that leaves even less time to relay.

But I bet in close proximity, sub 1ms would not be a big deal for specialized hardware. Just flood the room with infrared if it gets the job done.