[quote]cryptik wrote:
[quote]johnnytang24 wrote:
[quote]cryptik wrote:
Sounds like a easy place to put a carding device to capture your card info. That RFID based card is even easier to steal your info.[/quote]
There is no personal info on it. Probably just the card number and amount in it. It would be a pretty ballsy move to set up a scheme to steal the info, then refill a card with a new amount, since they would know right away that your card has the wrong amount on it. Perhaps it is possible, but I haven’t heard of it happening.
The most common type of fraud is using a child or senior reduced fare card.[/quote]
EDIT: and this was in 2006[/quote]
So it is theoretically possible.
From the always accurate wikipedia page:
“The Octopus card uses encryption for all airborne communication and performs mutual authentication between the card and reader based on the ISO 9798-2 three-pass mutual authentication protocol.[60] In other words, data communications are only established when the card and reader have mutually authenticated based on a shared secret access key. This means that the security of the Octopus card system would be jeopardized should the access key be exposed. A stolen Octopus card reader could be used with stolen Octopus software, for example, to add value (up to HK$1,000) to any Octopus card without authorization.[61] Nevertheless, as of 2003, the Octopus card and system have never been successfully hacked.”