"Akit is the man. He knows Clipper." (spenta)
"It’s a fantastic blog for any San Franciscan."
"Your blog is always on point, and well researched!" (Nina Decker)
"Everyone's favorite volunteer public policy consultant..." (Eve Batey, SF Appeal)
"You are doing a great job keeping on top of Translink stuff. Keep up the good work!"
(Greg Dewar, N Judah Chronicles)
"...I don't even bother subscribing anywhere else for my local public transportation info. You have it all..."
(Empowered Follower)
"If anyone at City Hall wants to make public transit better for all San Franciscans, it would be wise to follow Akit religiously...
or, better yet, give him a job."
(Brock Keeling, SFist)

Wednesday, February 8, 2012

Hacking a Clipper Card? Easy and Cheap Solutions to Protect Yourself

There's been some word around that someone was able to hack a Clipper card.

I know how to hack a Clipper card, just give me a saw.

Actually, it's the other type of hack, some person was able to find how to exploit the Clipper card by being able to somehow get through the encryption and obtain the data. In the worst case scenario, someone could be able to use that data to make clone cards and either make fake card balances and passes to sell, or steal one's information and make a clone card (similar to someone skimming a credit card's magnetic stripe).

Am I concerned? Sure I am, but I'm protected like an electronically tested condom (which reminds me, time to visit Costco for an economy pack).

There's no fear in this; odds are very low that someone will skim your Clipper card and ride Muni free for the rest of the month. Even then, stealing the info and e-cash balance and trying to get cash back is really difficult: You have to prove to Clipper customer service that you are the registered user of the card. Also, if Clipper knows your card is funded or partially funded with commuter benefits (even just one cent), they are not allowed to cancel the card's balance and mail you a check.

If you are just paranoid, get your tin foil hats and learn about this: There are products on the market that is able to shield your Clipper card from people skimming information. You could wrap it in tin foil, that's a cheap option. There are sleeves that people can use to slip their card in to protect it. But the problem with a tin foil or sleeve shield is that you will have to pull your Clipper card out every time when you want to scan it.

One solution I suggest is what is shown in the picture on this blog post. I use a badge holder. This one I have from Identity Stronghold works fine, and I also added a retractable reel to it so I can hook it to my belt. What makes it easy is you don't have to remove the card to scan, you just squeeze the top of the card to open it, scan the card, and un-squeeze to protect the card. I tried the holder with it protected/secured and Clipper card readers doesn't even know the card is there, but with a little squeeze, the card can be read.

So really folks, there's nothing to really fear. You don't need a replacement card if they come out with the newest generation of cards that are more secure. When more secure measures comes out, hackers always try to outsmart it. But with sleeve or badge holder that is shielded, there's no way to electronically pickpocket you.

1 comment:

sfsmskater said...

I went and got the Stronghold holder, but it disables my clipper card and I can't tag with it.