What is the origin of credit card technology?

Credit card technology traces its roots back to a top-secret CIA counter-surveillance operation in the 1950s, which sought to create passive listening devices.

What were the initial problems with early credit cards?

Early credit cards lacked speed and security. Transactions were manual and slow, and fraud was rampant, costing banks millions annually.

How does EMV chip technology improve credit card security?

The EMV chip acts like a mini-computer, encrypting transaction data with a unique key for each transaction, making it incredibly difficult to clone and much more secure than static magnetic stripes.

What are the vulnerabilities of contactless credit cards?

Contactless cards can be vulnerable to 'digital pickpocketing' or 'ghost tapping' where a reader within centimeters can skim card information. While many countries limit single transaction amounts, the US does not, posing a risk for larger losses.

What is Near Field Communication (NFC)?

NFC is the technology powering contactless credit cards. It allows devices to communicate securely via a shared magnetic field when brought close together, enabling quick transactions without physical contact.

How can I protect myself from contactless payment fraud?

Enable transaction notifications on your banking app, use a Faraday cage wallet, and consider using mobile wallets on your phone, which store tokenized card numbers instead of your actual card details.

Key Moments

The Secret Spy Tech Inside Every Credit Card

Veritasium

Education7 min read29 min video

Mar 26, 2026|584,508 views|37,702|2,335

veritasium science physics Veritasium contactless cards credit card debit card card mastercard visa acetone MKBHD

Save to Pod

Key Moments

TL;DR

Credit card tech evolved from passive Soviet spy devices to active contactless payments, but each advancement introduced new vulnerabilities, from magnetic stripe cloning to 'ghost tapping.'

Key Insights

The 'The Thing' bug, a precursor to modern contactless tech, was a passive device activated remotely by radio waves, which resonated at a specific frequency tied to its capacitance.

Early credit cards used raised imprints and magnetic stripes, which were easily cloned, leading to significant fraud – costing the UK over £400 million annually by the early 2000s.

The introduction of EMV chips and PINs dramatically reduced counterfeit fraud (76% drop in the US with wider rollout) but increased transaction times by over 10 seconds.

Contactless payments (NFC) use magnetic fields from readers to power card chips, enabling rapid, touch-free transactions but creating risks like 'ghost tapping' for small, repeated fraudulent amounts.

The US market saw a significant lag in adopting chip-and-PIN and contactless payments, with US card fraud increasing by 70% while the UK saw declines, until major breaches like Target's in 2013 accelerated change.

Digital pickpocketing using NFC devices can skim card numbers and expiration dates, though cloning for major purchases is hindered by the need for the CVV and the chip's secure key.

From passive Soviet bugs to the 'thing' that spied for years

The origin of credit card technology can be traced back to a seemingly innocuous Soviet listening device called 'The Thing.' This device, hidden within a carved plaque gifted to the US ambassador in 1945, was revolutionary because it had no internal power source. It lay dormant, undetectable by standard counter-surveillance sweeps. Its operation relied on being remotely activated by radio waves. When radio waves hit the device's antenna at its resonant frequency (around 900 MHz in the demonstration), the electrons within the antenna oscillated, creating a signal. This signal was modulated by a tiny diaphragm that vibrated with sound waves in the room, altering the cavity's capacitance and thus the resonant frequency. A nearby Soviet operator would then receive this modulated radio wave, extract the sound information, and effectively listen in. The Americans, who discovered it years later, were stunned by its sophistication, dubbing it 'The Thing' and reverse-engineering it to develop their own passive listening devices.

The magnetic stripe: convenience at the cost of security

The advent of the credit card in the late 1950s and early 1960s aimed to simplify transactions beyond cash or checks, which were slow and cumbersome. Early cards relied on imprints, but the magnetic stripe, developed by IBM engineer Forest Perry in the early 1960s (famously with his wife’s ironing suggestion to adhere the tape), revolutionized data storage. Introduced in 1970, magnetic stripes encoded cardholder information as binary data, drastically speeding up transaction processing. This also made it easier for banks to flag suspicious activity. However, the data on the magnetic stripe was static and easily readable by 'grabbers' or skimmers. This ease of duplication led to widespread fraud. Tony Sales, a former fraudster, described running businesses where employees would swipe customer cards with simple devices, generating thousands of numbers weekly. By the early 2000s, magnetic stripe skimming was the primary driver of credit card fraud, costing the UK over £400 million annually.

Chip and PIN: a robust defense against cloning

To combat the pervasive magnetic stripe skimming, major card networks collaborated to create the EMV standard (Europay, Mastercard, and Visa). This led to the widespread adoption of the chip card, integrated with a Personal Identification Number (PIN) for verification. Unlike the static data of the magnetic stripe, the chip acts as a mini-computer. For each transaction, it generates a unique encrypted code using a secret key known only to the chip and the issuing bank. When a card is inserted, the reader sends transaction details and a random number; the chip encrypts this into a unique code. The bank verifies this code against its own encryption of the transaction data. This process makes each transaction code non-reusable and the chip's secret key virtually impossible to extract without extremely costly and time-consuming methods. The introduction of chip and PIN significantly reduced counterfeit fraud; in the UK, it fell by 63% over seven years, contributing to a 27% overall fraud decline. In contrast, the US saw card fraud increase by 70% during the same period due to slower adoption.

The speed trade-off of chip and PIN

While chip and PIN systems offered a substantial leap in security, they introduced a significant drawback: transaction time. The complex encryption and verification process more than doubled the time required for a typical transaction, adding an average of 10 seconds per interaction. This seemingly small delay accumulates dramatically across billions of transactions. In the US, it was estimated that chip and PIN added approximately 116 million hours annually waiting at cash registers. This friction is a major concern for businesses, as even a few seconds saved in online checkouts, for instance, can significantly increase spending. The added time prompted banks and retailers to seek faster, more seamless payment solutions, shifting focus back towards speed without compromising security.

Near Field Communication (NFC): contactless payments powered by magnetic fields

The evolution from passive Soviet bugs to active, powered devices continued with Radio Frequency Identification (RFID), first applied to toll booth identification tags. These tags used a radio wave from a reader to power a chip, which then altered its current to modulate the returning radio wave with its ID. This technology formed the basis for modern contactless payments via Near Field Communication (NFC). In credit cards, instead of radio waves, a coil in the card reader generates a dynamically changing magnetic field. When a credit card with an NFC chip is brought close (within centimeters), this magnetic field induces a current in the card's antenna, powering the chip. The chip then alters the magnetic field, communicating a unique transaction code back to the reader. This process is cryptographically similar to chip and PIN but avoids physical contact. Contactless payments, initially slow to catch on, surged by over 40% globally in early 2020 and 150% in the US that year due to health concerns around physical touchpoints.

Digital pickpocketing and the vulnerability of contactless

Despite the security of the underlying encryption in NFC, contactless payments introduce new vulnerabilities. Devices like the Flipper Zero or even smartphone apps can read basic card information (number, expiration date) by simply tapping. However, replicating a card for large fraudulent transactions is difficult because the secure chip key is not transmitted, and the CVV code on the back of the card is not stored on the chip. A more concerning threat is 'digital pickpocketing' or 'ghost tapping.' This involves a clandestine NFC reader, often placed very close (within 2 cm) to a person's pocket, to initiate small, repeated fraudulent transactions. While most countries impose transaction limits (e.g., £100 in the UK) to mitigate losses, the absence of such limits in the US theoretically allows for significant single-tap theft. To combat this, users can employ Faraday cage wallets, keep multiple cards together, or, crucially, enable transaction notifications from their bank.

Mobile wallets as the future: balancing speed and security

The ultimate solution for balancing speed and security appears to be mobile wallets. When a credit card is added to a phone's mobile wallet, its actual card number is tokenized; a unique, encrypted identifier is generated for that device and transaction, completely separate from the physical card details. This token is what is transmitted during a contactless payment. If the phone is lost or stolen, the payment method is further protected by device-level security like fingerprint or facial recognition. This negates the risk of digital pickpocketing and remote skimming, as the actual card details are never exposed. While the technology powering these wallets has evolved over two decades, adding features for convenience, the core principle of tokenization integrated with biometric security offers the most robust protection currently available, addressing the historical trade-off between transaction speed and financial security.

Mentioned in This Episode

●Supplements

●Products

●Software & Apps

●Companies

●Organizations

●Concepts

●People Referenced

Credit Card Technology & Security Cheat Sheet

Practical takeaways from this episode

Do This

Utilize chip-and-PIN for in-person transactions for enhanced security.

Enable transaction notifications on your mobile banking app to monitor for suspicious activity.

Store contactless cards in a Faraday cage wallet or group them together to minimize unauthorized reads.

Consider using mobile wallets (like Apple Pay) for transactions as they don't store your real card numbers.

Be aware of your surroundings at ATMs to prevent PIN theft.

Avoid This

Do not rely solely on the magnetic stripe for security, as it's easily cloned.

Avoid using unsecured public Wi-Fi for financial transactions.

Be cautious of phishing attempts or social engineering tactics to reveal your CVV or PIN.

Don't assume contactless transactions are always limited; be aware of potential unlimited transactions in some regions.

Common Questions

Credit cards can be dissolved in solvents like acetone (nail polish remover) to reveal the embedded antenna and chip, demonstrating their internal structure.

Topics

Health & Longevity Technology & Innovation Consumer Electronics Surveillance Technology Fraud Prevention Payment Systems NFC Technology RFID Technology

Mentioned in this video

Supplements

Acetone

Used to dissolve credit cards, revealing the internal antenna and chip.

Organizations

CIA

The organization that developed counter-surveillance technology based on Soviet designs, leading to advancements in credit card security.

People

Joseph Bezian

A key figure in the discovery of 'The Thing', a listening device hidden in a plaque.

Leon Theremin

Soviet inventor of 'The Thing', a passive listening device, and the Theremin musical instrument.

Tony Sales

Co-founder of 'We Fight Fin Crime', formerly known as Britain's greatest fraudster, who discusses magnetic stripe card cloning.

Companies

Bank of America

Launched the first universal credit card, the Bank America card, in 1958.

Visa

The global brand that evolved from the early Bank America card.

IBM

The company that employed engineer Forest Perry, who developed the magnetic stripe technology for credit cards.

Target

A superstore chain that experienced a massive data breach in 2013, contributing to the US shift to chip-and-PIN technology.

Software & Apps

Sponsor of the video, providing eSIM solutions for travelers.

Apple Pay

Mentioned in the context of attempting to steal money from a locked iPhone, with questions about transaction limits.

Concepts

Project Easy Chair

A CIA counter-espionage operation that involved embedding listening devices in furniture.

Products

Faraday cage wallet

A wallet designed to block electromagnetic fields, used as a protection against digital pickpocketing.

Flipper Zero

A device with an NFC reader demonstrated for its ability to read contactless credit card information.

Found this useful? Build your knowledge library

Get AI-powered summaries of any YouTube video, podcast, or article in seconds. Save them to your personal pods and access them anytime.

Try Summify free