Credit Card Tech Evolution: From Spy Bugs to Contactless Payments

Name: I Dissolved My Credit Card To Understand How It Works
Uploaded: 2026-03-26T18:04:45.184541+00:00
Duration: 28 min 42 s
Channel: Veritasium
Description: Summary and key takeaways on I Dissolved My Credit Card To Understand How It Works — Summary, covering A credit card soaked in acetone for 30 minutes still

Veritasium

Mar 26, 2026

•

28 min video

•

3 min read

YouTube video ID: YSJY3DvnybE

Source: YouTube video by Veritasium — Watch original video

PDF

A credit card soaked in acetone for 30 minutes still worked, proving that the antenna and chip are essential for its operation. This simple experiment sets the stage for a deeper look at the hidden technologies that have shaped modern payment methods.

The “Thing” – A Precursor to Modern Tech

In 1945 a Soviet listening device, nicknamed “The Thing,” was concealed in a plaque presented to the U.S. ambassador. Invented by Leon Theremin, the bug had no battery or power source and remained undetected for seven years. It operated passively: radio waves at roughly 900 MHz struck its antenna, causing electrons to oscillate and re‑radiate a signal. Sound vibrations altered the capacitance inside a resonant cavity, shifting the resonant frequency and modulating the amplitude of the re‑radiated signal, effectively encoding audio information. The United States later produced an enhanced version called “Project Easy Chair.”

Evolution of Payment Methods

Bank of America launched the first universal credit card, BankAmericard (later Visa), in 1958. Early cards required physical imprinting on paper slips, creating delays and security risks. IBM engineer Forrest Parry adapted audio‑cassette technology to create magnetic stripes, which stored data as magnetic patterns of ones and zeros readable by magnetic heads. Rolled out in 1970, magnetic stripes sped up transactions but introduced a critical weakness: the data were static, allowing criminals to clone cards by skimming. Fraudsters such as Tony Sales harvested thousands of card numbers weekly, and by the early 2000s magnetic‑stripe skimming was a major source of fraud in the UK, costing over £400 million annually.

The Chip Revolution

The EMV (chip and PIN) standard was introduced to address magnetic‑stripe vulnerabilities. The chip functions as a miniature computer that encrypts transaction data with a secret key shared only with the issuing bank. Each purchase generates a unique, one‑time code, preventing reuse of stolen data. Cloning a chip card requires costly physical tampering, making it extremely difficult. Adoption of chip and PIN in the UK in 2003 cut counterfeit fraud by 63% over seven years, though the added processing time—about ten seconds per transaction—accumulated an estimated 116 million waiting hours annually in the United States.

Contactless Payments (NFC)

Contactless cards evolved from RFID technology originally used for vehicle identification at toll booths. Near‑Field Communication (NFC) relies on a magnetic field generated by a reader; when a card is brought within a few centimeters, the field powers the card’s antenna and chip, which then modulates the field with transaction data. The short range limits accidental reads, but “digital pickpocketing” or “ghost tapping” can capture basic card details from a pocket. While the card number and expiration date can be read, cloning for fraudulent purchases remains hard without the CVV and dynamic transaction codes. The United States lacks a single‑tap transaction limit, making it more vulnerable to large‑scale digital pickpocketing, whereas the UK caps single‑tap purchases at £100.

Modern Security Measures and Future Trends

Mobile wallets store tokenized versions of card numbers rather than the actual details, adding a layer of security. Access is protected by biometric authentication such as fingerprints or facial recognition. Demonstrations attempting to steal $10,000 from a locked iPhone using a payment terminal failed, underscoring the robustness of current mobile‑payment safeguards. As payment speed continues to improve, the industry must balance convenience with evolving security challenges.

Takeaways

A credit card soaked in acetone for 30 minutes still works, showing the antenna and chip are vital for functionality.
The Soviet listening device "The Thing" operated without power by resonating at 900 MHz and modulating sound via capacitance changes.
Magnetic‑stripe cards, introduced in 1970, sped up transactions but were vulnerable to cloning because their data were static.
EMV chip cards generate a unique code for each purchase, dramatically reducing counterfeit fraud despite adding processing time.
Contactless NFC payments offer speed and convenience, yet they can be skimmed by digital pickpocketing, prompting the use of tokenized mobile wallets.

Frequently Asked Questions

How does "The Thing" function as a passive listening device?

It works by resonating at about 900 MHz when radio waves hit its antenna, causing electrons to oscillate and re‑radiate a signal. Sound vibrations change the cavity’s capacitance, shifting the resonant frequency and modulating the amplitude, which encodes audio information.

Why were magnetic stripe cards easy to clone?

The magnetic stripe stores data as a static pattern of magnetic bits, which can be read and copied with a simple skimmer. Because the information does not change between transactions, thieves can duplicate the stripe and use the clone for fraudulent purchases.

Who is Veritasium on YouTube?

Veritasium is a YouTube channel that publishes videos on a range of topics. Browse more summaries from this channel below.

Does this page include the full transcript of the video?

Yes, the full transcript for this video is available on this page. Click 'Show transcript' in the sidebar to read it.

Helpful resources related to this video

If you want to practice or explore the concepts discussed in the video, these commonly used tools may help.

Faraday Cage Wallet Rfid Blocking Recommended

Protects contactless credit cards from unauthorized scanning, preventing 'digital pickpocketing' as discussed in the video.

Amazon →

Emv Chip Card Reader

Allows for the use of secure EMV chip technology for transactions, which is highlighted as a significant improvement over magnetic stripes.

Amazon →

Nfc Payment Terminal

Enables contactless payments, a key evolution in credit card technology discussed in the video, offering convenience.

Amazon →

Credit Card Security Book

Provides deeper knowledge on the evolution of credit card technology, security measures, and their trade-offs, as explored in the video.

Amazon →

Links may be affiliate links. We only include resources that are genuinely relevant to the topic.

Summarize another video

Full Transcript YouTube

- Watch what happens if
you take a credit card
and stick it in a beaker of acetone.
- Nail polish remover basically?
- Nail polish remover.
- Okay.
- [Henry] It does start
to work very quickly.
- [Marques] That is crazy.
- [Henry] This is one that we
started about 30 minutes ago.
We'll do a little-
- That's a credit card
from 30 minutes ago?
- [Henry] Yeah.
- [Marques] Why does it look,
okay, so I see this like,
this like frame on the inside now.
- [Henry] Yes.
- [Marques] Is that all
antenna bands basically?
- Exactly. That's the antenna.
And the chip right there in the middle.
And what we're gonna do now
is show it's still working.
- [Marques] Ah. Okay.
- [Henry] Oh, that's the
important part, all right.
- [Marques] That's it.
- [Henry] Yeah, that's your credit card.
- Theoretically, if you
just touch that here,
I think it would work.
Come on, little card.
You can do it.
You still have $20.
You gotta believe.
I guess that's why the
antennas are so important.
- Yeah, right?
(phone beeps)
- [Henry] Right, with the
antenna, it works now.
- That worked? Wow!
- How cool is that?
- This is just one of the technologies
hidden inside a credit card.
And you can trace its origins
back to a top secret CIA
counter surveillance operation.
In this pair of videos,
we're going to uncover
all of the credit card's hidden features
and put them to the test to
see how secure they really are,
including attempting to steal $10,000
from MKBHD's locked iPhone.
- That's a lot of zeros.
Careful with that.
Oh my God.
I don't like that at all. (chuckles)
- [Derek] In 1945, at the
end of the Second World War,
a group of Soviet school children
visited the US ambassador
to the Soviet Union.
They presented him with
a hand-carved plaque,
of the great seal of the United States,
a gift to acknowledge the
country's recent alliance.
The ambassador proudly displayed
the plaque in his office.
But what he didn't know
was that hidden inside
was a secret listening device, a bug.
This bug was the first of its kind.
It had no battery, no plug point,
no power source of any kind.
So when the US counter
surveillance team swept the office,
they couldn't find it.
In fact, the bug remained
undetected for years.
But then in 1951,
something strange happened.
An operator at the nearby British embassy
was monitoring Soviet radio channels
when he heard people speaking,
not Russian, but English.
English that was coming
from inside the US ambassador's residence.
But despite multiple
sweeps of the building,
the Americans couldn't find
any hidden listening devices.
Then in 1952,
they detected a radio signal
coming from the ambassador's office.
- They said, "It's coming from over there
behind that plaque on the wall."
And they took the plaque down
and put it down somewhere,
so they tore all the plaster out,
trying to find the microphones
that were hidden in the wall.
Of course, there was nothing.
Absolutely nothing.
Joseph Bezjian, who was a total hero,
pointed at the plaque and said,
"Don't say anything.
Just come outside and let's talk."
And then they said, "Right,
let's take it to bits."
- [Derek] They prized open the seal,
and to their horror, discovered the bug.
It looked simple,
an antenna attached to
a small copper cavity.
But what made this
device so hard to detect
was that it had no power source.
It laid totally dormant
until it was activated
remotely by the Soviets.
To see how it works,
we're gonna simulate sending
some radio waves at the bug
and monitor any signal we get back.
We'll start at 800 megahertz
and then gradually ramp up the frequency.
At first, nothing much happens,
but then around 900 megahertz,
we get a strong signal back.
That's because as the radio
waves hit the antenna,
their electric field tugs
on the electrons inside,
causing them to oscillate
and create an alternating
current inside the antenna,
which in turn re-radiates a signal out.
At most frequencies,
that signal is very weak,
but around 900 megahertz,
each push from the radio waves lines up
almost perfectly with how
the electrons oscillate.
So each cycle reinforces the
last and you get resonance.
As a result, you get a
strongly reradiated signal.
This resonant frequency is unique
to a given object or circuit,
and it changes based on
its electrical properties
like capacitance.
So the Soviets realized
they could use this
by adding a cavity.
- What we need to do is
have a resonant cavity
that's very, very highly tuned,
like a tuning fork for radio.
(metal chimes)
Now, obviously there's a capacitance
between this end and the sheet,
and as the diaphragm moves in and out,
the capacitance changes,
so that changes the tuning of
this electronic tuning fork.
- [Derek] So as people
in the room speak,
the sound vibrates the diaphragm,
and that changes the capacitance
between the two plates,
which in turn alters
the resonant frequency.
- So you get a 10-nanometer movement,
that's enough to move
the resonant frequency.
- That changes the
amplitude of the radio waves
that get reradiated.
So you end up with this,
a return signal that contains
the original radio wave,
but it's enveloped within the sound wave.
It's a technique called
amplitude modulation,
and it's the same technique
used to create AM radio.
So whenever the Soviets wanted
to listen to a conversation,
they blasted radio waves from outside,
likely from a van or a nearby building.
And then they received the radio wave
they got back from the bug
and extracted the sound information
modulating that radio signal.
The Americans nicknamed
the bug "The Thing,"
since at first, they
didn't know how it worked.
It was created by Soviet
inventor, Leon Theremin,
who'd been coerced into
building the device
while imprisoned in a
Gulag during the 1940s.
This is the same guy
who invented the contactless
electrical instrument
named after him.
So what did the president and the CIA do
after discovering the bug
that had been spying on
them for seven years?
They told no one.
They realized the thing was years ahead
of their own spying technology.
- This was new and
nobody done this before.
There were no countermeasures.
- [Derek] So they secretly began working
on their own enhanced
version of the device.
(bright upbeat music)
- [Henry] Meanwhile, in the
rest of the United States,
the post-war economy was booming.
For the first time, ordinary
families could afford things
that used to be luxuries,
TVs, cars, even flights.
But paying for these
expensive items was clunky.
You either had to carry
a huge wad of cash,
or you wrote a check that
might take days to clear.
- So banks saw an opportunity.
If you could make buying
things even easier,
then spending could explode.
- [Henry] The first bank to
capitalize was Bank of America.
In 1958, they launched their-
- [Announcer] BankAmericard.
It's money in a more versatile form.
- Allowing customers to buy
all kinds of expensive items on credit.
This was the first universal credit card.
By the end of the decade,
two million cards were in circulation,
and over 20,000 merchants
had agreed to accept it.
A few decades later,
this card was being used
worldwide under a different name,
Visa.
But these early cards
had two main problems.
First, for each transaction,
the seller had to physically
imprint the card details
onto two slips.
One for the customer,
and then one they'd
later send to the bank.
That's why the numbers on older
cards are slightly raised.
However, this whole process
was inconvenient for the customer,
who was still used to
just handing over cash,
but it was even more
inconvenient for the seller.
They had to mail all
these slips to the bank
or take them over themselves.
The bank would then visually inspect them
in order to authorize a payment.
This meant that it could take days
before the seller actually
received the funds
in their account.
So that first problem was speed.
And this actually led to the
second problem, security.
A criminal could buy something
with a stolen or counterfeit card,
and by the time the banks realized
they'd been defrauded several days later,
well, the criminal was long gone.
And as criminals got
smarter, fraud kept growing.
By the late '60s, credit card fraud
was costing the banks $100 million a year,
around a billion in today's money.
So the banks needed to
make a better system,
one that was faster, but also more secure.
Back at CIA headquarters,
they were facing a similar problem.
To enter the building, staff
presented an ID card to a guard
who would inspect it and
decide whether to let them in.
This process was slow
and all the information was
clearly visible on the cards.
So if you think about it,
it wouldn't be that hard
for a card to be cloned by,
say, a Soviet spy.
Then in the early 1960s,
they wanted to create
a more secure ID card
for CIA officials,
and to do that,
they brought in IBM
engineer Forrest Parry.
Parry knew that audio cassettes
stored their information
on magnetic tape,
and he wondered if he
could use the same tape
to store data on the ID cards.
He managed that part easily enough,
but no matter what he tried,
he couldn't get the tape
to stick to the cards.
It would just keep falling off.
Frustrated, he shared
the issue with his wife
while she was doing the
ironing, and legend has it,
she suggested just ironing
the tape onto the card,
and the idea quite literally stuck.
So what's very interesting
about magnetic stripes,
and this is an old card from
our fellow writer, Casper,
and what we're gonna
do is we're gonna show
that if you get a little
bit of iron filings
on the back of this card,
we're just gonna run it through here.
So you kinda see it's like
sticking to that magnetic stripe.
- Yeah.
- Right?
And if we knock off a bit of this,
you see there's sort of ones and zeros.
- [Marques] Just because it's magnetic.
- [Henry] Yeah.
So you can read a magnetic stripe
with only magnetic filings.
- I don't know, I guess
that makes perfect sense.
Right, okay.
- But you can also see
how simple it is, right?
At the end of the day,
it's just ones and zeros,
you know, in a code.
And that code can be read by this machine
So that is all the information
there, Casper Mebius.
- Oh, yeah.
- Yep.
- That's the name, the card number?
- Yeah, right there.
The first magnetic stripe credit cards
were rolled out in 1970.
These new cards slashed the time required
to process transactions.
Not only did that make
spending way easier,
but it became easier for the bank
to quickly identify and
block suspicious payments.
So these new cards seem
to solve the problem,
speed and security,
and that's what today's
sponsor Saily is all about.
And right now I'm traveling to New York,
and when I touch down,
I'm gonna use Saily to make sure
that I'm seamlessly connected when I land.
All you have to do is first
download the Saily app,
then you're gonna search
for your destination,
I'm gonna select the United States,
and then you pick a data
plan that fits your trip.
And then right here at checkout,
you can apply the code Veritasium
to get 15% off on your order.
And the best part of this
is the moment I touch down,
I can just use my mobile data as normal.
I can open Maps, call an Uber,
or call my mom to let her
know that I got there safely.
All this without rushing
to get on airport Wi-Fi
or any other unsecured public network,
or waiting in line for a local SIM,
or relying on hefty fees
that your carrier charges for roaming.
It's also so much better
than swapping tiny physical SIM cards.
Once the Saily eSIM is installed,
you don't have to install a new one
when you visit different countries.
You just go into the app
and you can change it there.
And Saily offers plans across
over 200 different destinations.
So if you're traveling
across multiple countries,
get a regional plan or a global plan.
And the Saily Ultra Plan takes
convenience even further.
It gives you unlimited data
and special perks like
access to airport lounges,
fast track services,
and advanced online security tools.
So download the Saily app via
the QR code that's on screen,
and when you're at checkout,
use code Veritasium,
and then you can share
your own referral code
with your friends to get
even more off your next trip.
I wanna thank Saily for
sponsoring this video,
and now back to the show.
So, these new cards seem
to solve the problems
of speed and security,
but this magnetic stripe
had a critical weakness.
This is how you read credit cards,
but also you can write to them, right?
So this is just a blank card.
So if we get some, like,
magnetic dust on there,
it's not really doing anything,
but if we write to this one,
let's try reading it and
see if we got anything.
- Oh, it's reading as if
it's the same Casper's card
with the 0009 and the
super long stripe number.
- Exactly.
- So does that mean if you
put magnetic filings on it now
it will show that it's written-
- [Henry] So now you see
we're getting something.
- [Marques] Yeah, yep.
- But you can, like, line them up
and you can see that
they're the same code.
Maybe it's a little hard
to see in the light.
Cloning cards in this way
and then using that to steal money
was so easy and so effective
that some people made
entire businesses out of it.
- Back then, right, we would
have what we call a grabber,
which is a card reader.
I ended up having, like, 300 people
working for me in restaurants, bars.
- [Henry] This is Tony Sales,
co-founder of We Fight Fincrime,
but around 20 years ago,
he had a different title,
Britain's greatest fraudster.
- I'd give them a grabber, yeah,
and I'd just say to them,
"Just swipe the numbers.
Just when someone comes
to pay, swipe their card,
then swipe that one on there."
You know, I'm gathering thousands
and thousands of numbers weekly.
But I'm also becoming a
wholesaler of the numbers.
You know, at 16, I was
paying, like, loads of people,
300 quid a week wages.
- The problem is that the data
on that magnetic stripe is static.
So if you have a skimmer,
you can clone the card in seconds
and then reuse it again and again,
draining the funds before
the card owners realized.
- Yeah, well, I had half a
million quid under my bed,
didn't I, at 16?
It's crazy how easy it was.
- [Henry] By the early 2000s,
card fraud was costing the UK
over 400 million pounds a year,
and the single biggest culprit
was magnetic stripe skimming.
- The UK was just getting hit massively
with credit card fraud.
- So the biggest card
networks got together
to solve the problem.
They created the EMV standard,
a 700-page document that defined
how to make secure card payments.
The result was this, the chip.
(lively music)
It's what you use every
time you enter your card
to a payment terminal, and
then you enter the pin.
In other words, chip and pin.
Now, the way the chip works
is fundamentally different
from the magnetic stripe.
That's because the magnetic stripe
encodes information statically,
so every time you use it,
it sends the same information
first onto the card reader,
then onto the issuing bank.
But the chip is different.
That's because it's
basically a mini computer.
So it can encrypt its
information using a secret key
known only by itself and the issuing bank.
When you insert the chip,
the reader sends it a long message
containing all the transaction details
as well as a long random
number generated by the reader.
The chip then uses its secret
key to garble the message
into a unique code, which
it sends back to the reader.
The reader then forwards
this onto the bank,
along with the raw transaction details
and the random number.
The bank then applies its own
key to the raw data as well,
and if the output matches
the code from the card,
well, the bank knows
the transaction's valid.
Then, and only then does the
bank authorize the transaction.
This process makes the chip
more secure for two reasons.
First, each transaction
creates a new, unique code,
so you can't steal a code and reuse it.
Second, a chip is incredibly
difficult to clone.
That's because its secret key
is never revealed in a transaction,
and it's stored in memory cells
buried deep within the chip silicon.
Now, to extract the secret key,
you'd have to pry open the card,
strip away layers of silicon,
and then overcome multiple countermeasures
designed to destroy the data
if tampering is detected.
It is theoretically possible,
but it would take days of work,
hundreds of thousands of
dollars of specialist equipment,
so it's not really practical,
unless, of course, you get your hands
on a billionaire's credit card.
With the move from the
mag stripe to the chip,
the easiest way to commit
fraud was just to steal a card.
That's why banks paired each
chip with a four-digit pin,
known only to the card holder.
- But stealing PIN numbers
is not very difficult,
and there are multiple
ways in which a PIN number
could be stolen from you
before your card was then compromised.
Over the shoulder at the ATM,
with a hidden camera at the ATM,
all these types of different things.
- [Henry] It's not that hard,
but it's much harder than
just forging a signature.
- When chip and pin comes in,
our business is dead in the water.
But then it weren't
because America didn't
adopt it till much later,
so now we can sell them in the States.
- Chip and pin was
introduced in the UK in 2003,
and over the next seven years,
counterfeit fraud in the UK fell by 63%,
leading to a 27% decline in fraud overall.
But over the same period, US
card fraud increased by 70%.
It took until 2013 for
a huge wake-up call.
Criminals stole 40 million card numbers
from the superstore chain Target.
They used the details
to create cloned cards,
which they then swiped around the country.
Finally, the US began to recognize
the need to shift to chip and pin.
And as EMV chip cards were
rolled out more widely
over the next few years,
counterfeit fraud dropped by 76%.
But the improved security came at a price.
The time it took to do a
transaction more than doubled,
adding on average around 10
seconds onto each transaction.
That may not sound like much,
but if you consider all the transactions
taking place across the country,
it soon adds up.
In the US, it's been
estimated that chip and pin
added about 116 million hours every year
waiting at cash registers.
That's why businesses care so much
about the tiniest bit
of friction to spending.
For example, it's been found
that one-click checkouts online
can increase spending by almost 30%.
So now the banks switched their attention
from security back to speed.
And they began to wonder.
What if you could take a second
off of every transaction?
What about two?
What if you could make each transaction
basically instant without
having to make contact at all?
Well, that would require sending
a signal across a distance
and then getting back a
reply at the speed of light.
- Kind of like the Soviets
did with 'The Thing',
which brings us back to
the CIA in the 1950s.
While reverse engineering
the Soviet device,
the Americans realized its
design had one major flaw.
- The main issue with it
is that it is so
hypersensitive to disturbance,
they would have to retune
and recalibrate every
time the room temperature
changed drastically or
somebody slammed a door.
- The device is tuned to work
over a small range of frequencies.
If the transmission signal
is too close to the resonant frequency,
the change in amplitude
due to the movement of the
diaphragm is too small to detect.
The same is true if it's too far away
from the resonant frequency.
Therefore, you only get enough sensitivity
in this tiny region,
either side of the resonant frequency.
So the Americans set about
creating something more robust,
something that wasn't so reliant
on this ultra-precise frequency.
And to do that, they stopped
thinking about radio waves
as something they could modify with sound,
and instead, they started
thinking of radio waves
as a source of power.
So inside the device,
they added a rectifier,
which converted the alternating current
from the antenna into a direct current.
- And they used that to
power a hearing aid amplifier
with a tiny little microphone.
- [Derek] This amplified microphone output
was sent back to the antenna,
which created a modulated return signal
that was sent out and could be picked up.
- That microphone and the antenna
and everything else was hidden
inside pieces of furniture.
They tried it inside the hollow legs,
they actually drilled holes lengthwise
through the legs of the furniture.
They compromised a furniture
factory to be able to do this,
a stunning piece of work that one was.
- [Derek] This became known
as Project Easy Chair,
and the CIA used it to
get back at the Soviets
by planting their own listening device
in the Soviet embassy in the Hague.
(horn honking)
It wasn't until the 1970s
when a former rocket engineer,
Mario Cardullo, gave this
technology a modern twist
to solve a problem involving toll booths.
Throughout the States,
cars had been queuing to pay for years.
To speed up the process
and reduce queue times,
Cardullo invented a small
tag that could be used
to identify a vehicle remotely.
The tag had two key components,
a coil of wire to act as
the antenna, and a chip.
Like the bugs, the antenna
receives a radio wave
as it passes through the toll booth.
That creates alternating current,
which passes through a
diode to power the chip.
The chip then flips a series
of transistors on and off,
which subtly alters the
current in the antenna.
This modulates the radio wave,
encoding the ID number of the card,
which the antenna sends back
to a reader in the toll booth.
So the process is almost identical
to the Cold War spying devices,
but whereas they relied on
sound to modulate the wave,
here it's a tiny circuit inside the chip.
This technology is called
radio frequency identification,
or RFID for short.
And today, it's used in toll
booths, clothing stores,
and warehouses all over the world.
(device beeps)
- And also, your credit card.
This is a credit card
that we're gonna go try to buy lunch with.
You guys take tap?
- Yeah.
- This is a credit card.
- Yeah, yeah.
- And we're gonna see if it works.
- Okay, yeah.
- Where do I put it?
- Don't lose it.
- That's pretty cool, eh?
I ran it through the wash.
But there is one more important difference
in the way credit cards work.
See, some of these other RFID devices
function over ranges of 10 meters or more.
But for a credit card,
that's just not how you want it to work.
You don't wanna accidentally
trigger a transaction
from meters away.
(device beeps)
So the card providers had to find a way
to shorten the range.
The solution was to stop
relying on radio waves,
and instead to rely on magnetic fields.
Inside a card reader is a small coil.
When you pass an alternating
current through this coil,
it creates a changing magnetic field.
Then if you move your
credit card close enough
so that the changing magnetic field
cuts through the card's antenna,
well, it induces an alternating
current in the antenna.
And you can see this in action
using a special chip with an LED.
This is one of those chips.
What's very interesting is, like,
that these chips don't have batteries in them.
If I come in with the reader,
if you watch really closely,
you'll see it'll start to light up.
Yeah, there you go.
See?
Yeah, so that's showing that all the power
is coming from the reader.
That current passes through a diode
to power the card's chip.
The chip then alters the
current in its antenna.
This modulates the magnetic
field around the antenna,
which the coil in the reader detects.
That modulated signal
carries the unique code
for that transaction,
which the reader then sends onto the bank.
Cryptographically, this
works just like chip and pin.
Except now, instead of
using metal contacts,
the chip and reader
communicate through a
shared magnetic field.
This technology is called
near-field communication, or NFC,
and it's what powers all
contactless credit cards today.
The first contactless payment cards
were launched in the mid-2000s,
around the same time as chip and pin,
but contactless took
much longer to catch on,
particularly in the United States.
Customers were cautious,
and banks were waiting
for enough retailers
to get the right card readers,
while retailers were
waiting for enough customers
to get the contactless
cards from the banks.
That all changed in 2020.
Suddenly, touching keypads
and handing over cards felt risky.
And tap to pay meant
you could avoid physical
contact altogether.
So in the first three months of 2020,
global contactless
transactions grew by over 40%.
And over that same year,
contactless payments
in the US grew by 150%.
- And so, along comes contactless.
And the first thing that struck me was,
what if you could read a contactless card
through somebody's pocket?
- This is a Flipper Zero.
One thing it does is has
an NFC reader in there.
- Okay.
- So we're just gonna put
a little read, do a little tap,
and then you get the
credit card information.
- [Marques] It pulled the
card number, the expiration.
- [Henry] So this seems
kinda crazy, right?
That you can just go up and tap
and get any information
about any card that simply.
- [Marques] That was pretty quick, yeah.
- But the same thing can be done
with any old land NFC cable device.
Like, I have a credit card
reader app right here.
And
so there you go.
- [Marques] It's the same
card number right there.
- But in terms of credit card fraud,
that's actually a lot less
useful than you might think.
The chip secret key is never revealed
in any sort of communication,
and without that, you
can't clone the card.
Now, you might think
to use the card details
in an online transaction, but
for that, you need the CVV,
three-digit code that's not
stored on the chip itself.
It's actually only written
on the back of the card physically.
So if you wanna read that number,
you're gonna have to find a way
to socially engineer that
number out of someone.
- But the truth is that
if I can clone a card
by getting close to it,
then I can almost certainly
video that card as well.
I take a photograph of that card.
That three-digit number on
the back is on the back.
So if I can get access
to the card to clone it,
all I gotta do is add the extra step
to get access to the card to see it.
- But there's an even easier way
to commit contactless fraud.
This is called digital
pickpocketing or ghost tapping,
and when I tried it, I found you had to be
within about two centimeters
of the victim's pocket.
But in most countries,
contactless transactions
have an upper limit,
so you can only lose so much
in a single transaction.
In the UK, that's grown
over time to 100 pounds.
- But what if you could
do it thousands of times?
- [Henry] That's exactly
what a 36-year-old woman
thought in Italy in 2025.
She was arrested after tapping money
from unknowing tourists in
the busy streets of Rome.
And crowded places like
this could be vulnerable
to even more sophisticated scams.
- So what if you were to
put a contactless reader
into a public space, like, for example,
between the walkway where you
go through into the subway
or the underground, right?
You have to go through a narrow space.
What if I could hide a reader in there?
Or if enough people have cards
in a pocket at the right position,
I could maybe read hundreds
or thousands of cards a day.
- [Henry] And while
most countries do limit
the amount you can pay in a
single tap, the US doesn't.
So in a single tap, you could
lose thousands of dollars.
One way to protect against
digital pick pockets
is keeping your cards in
a Faraday cage wallet,
or having multiple
cards next to each other
also makes each individual
card a lot harder to read.
But of course, that's not
much use if you lose your card
or it gets stolen.
- What happens when you make a payment?
Do you get a notification on your phone?
Does the bank tell you?
'Cause the banks will offer that service,
and you should do it.
And I think if everybody watching this,
I watch, you know, I watch Veritasium,
by the way, I'm a fan, I like them a lot.
With the millions of people
you have watching it,
if you can get half of those people
just to go onto their phone
app and put notifications on.
If you do that,
you will have the biggest
impact on vulnerability
when it comes to contactless
payment than anybody.
- With notifications on,
you can contact your bank as soon
as you spot a suspicious payment.
But why not go one step further
and transfer all your cards
to the mobile wallet on your phone?
There, your real card
numbers aren't stored,
so they can't be stolen.
And even if you lose your
phone, your card is safe,
protected by fingerprint
or facial recognition.
It seems like the mobile phone
is the perfect blend
of speed and security.
But the thing is, tap to pay has evolved
far beyond its original design.
Over the last 20 years, new
features have been added,
some for security, others for convenience,
and that convenience comes at a cost.
Coming soon to Veritasium.
I'm here with MKBHD,
and we're gonna try to steal
$10,000 from his locked iPhone.
- Really hope it doesn't work.
I really hope it doesn't work.
- I'm gonna get you to put that phone down
on top of this device.
This is just a regular payment terminal.
Nothing weird about that.
- Careful.
Careful with that, careful, careful.
That's a lot of zeros.
Careful with that.
Oh my God, okay.
- Do you even think it's
possible, firstly, $10,000?
- I don't know if Apple
Pay will let you do that.
- Let's see, let's see if it works,
I feel like I'm a bit of a magician,
but I'm like, I haven't
changed anything, right?
- [Marques] Okay, yeah.
- It's still locked.
- It's locked.
- [Henry] Nothing else.
- Yeah.
- Okay.
We're gonna start the script again.
(dramatic music)
(phone beeps)
- [Marques] What just
happened on my phone?
(Henry laughs)