If the question is: “what’s in your wallet?” The surprising answer is – lots of people don’t really know.
Like the woman we met at the mall who was a carrying a credit card she had forgotten about, until we told her.
“It looks like I got your Wells Fargo Visa card,” said Walt Augustinowicz to the surprised shopper.
And if there is a secret in your wallet, wait until you hear what can be taken out of your wallet without you ever knowing, and without your wallet ever leaving your pocket or purse.
Augustinowicz is an electronic pickpocket.
It used to be a pickpocket needed some serious skill and quick fingers. But all a guy like Walt needs is a little black case. It looks exactly like a cell phone. But instead it’s a scanner that can read the information on credit cards and even the security badge you use to get into work.
And it can read the information from inches away.
“If you’re walking through a crowd with hundreds of people, you’re going to get enough cards. You could live pretty good on scanning these cards,” Augustinowicz said.
So that’s what we did at Arden Fair Mall.
But there were a few differences between us an the bad guys: we asked permission, and explained what we were doing first, before we scanned anybody’s purse or pockets.
Augustinowicz rigged his scanner to vibrate and buzz when we get a hit. A real thief wouldn’t do that. But he would get the same things we are getting: card number, expiration date, even that three or four digit security code on back.
What we’re looking for is a card with a Radio Frequency ID (RFID) chip built in – a symbol with radio waves on the card this usually means you have one.
It makes swiping the card easier in both senses of the word.
“The stores like the fact that they could move people through the line quicker. And they were willing to try it out, and people seem to spend more money with that. So that seemed to be the driving factor. But there was this huge security hole right from the beginning,” Augustinowicz said.
Augustinowicz is an inventor with one heck of a sales-pitch. He’s selling you your own money. He’s designed sleeves, and wallets, and swipe card holders that block the scammers with scanners.
“This type of thing, to my knowledge, we haven’t had that here,” said Steve Reed, the head of Security at Arden Fair Mall when we showed him how electronic pickpocketing works.
He called is “scary,” and said it’s something Mall Security will be thinking about this holiday season as things get busy.
“We had 104,000 people here black Friday, 90 thousand the day after Christmas. So you’re going to have a lot of people in close proximity,” Reed said.
The scanner Augustinowicz uses to read credit cards is disguised as a cell phone. But he says a real cell phone, your cell phone, can be programmed to do the same thing.
Download the wrong app, and malware can turn your phone into a scanner just like Walt’s. If you stick that phone in a pocket next to a credit card, suddenly, automatically your information being send to a thief anywhere in the world.
But it’s not just credit cards using the RFID technology.
You know that swipe card hanging around your neck? The one that gets you into the building where you work? Just look around next time you’re out for a walk and count how many you see, because that’s what a thief might be doing too.
So we gave Walt Augustinowicz a mission: could he crack the security at a State Building somewhere in Sacramento?
For this one we needed help, an observer. We met Assemblyman Roger Dickenson at a locked door and gave Walt five minutes.
He used the same technology he used to read credit cards, and everything he used was made with parts anyone could buy at an electronics store. In 5 minutes and 2 seconds, Augustinowicz had made a duplicate of the Assemblyman’s key card, after brushing a scanner by his pocket.
“We interact with people every day. That’s what we do, that’s our job. So, I think, perhaps we’re somewhat less concerned with our security than the people around us – the CHP, the Sergeants,” Assemblyman Dickenson said.
And whether it’s building security or financial security, it’s clear that the market for cards loaded with bogus information is flourishing.
We head as much from a store clerk who me met during our experiment.
She said she can just tell that sometimes, when somebody comes in with a gift card or several, it’s not on the level.
“Yes, and then if one doesn’t work, they say, ‘Try this one… try this one…’ They have a lot of them. And they do it over and over and over again,” said Sinporya Allen, a store clerk from Sacramento.
It’s a numbers game and criminals know it, according to Augustinowicz. Even if it doesn’t work some of the time, all it takes is one card in 10 or 20.
Now imagine if that one card, is yours.