Sorry, I wasn’t clear – you do not need to be in contact with a card to read the mag stripe. There are devices that can read the mag stripe of a card at 30cm. This is reading it straight off of the mag stripe - not the contactless interface.
1 Like
30cm. That’s one of the scariest things I’ve ever heard!!
Can I have a card without magstripe please 
or whats the easiest way of killing the magstripe but not the chip!
Turn it off in the app for ATM
Would a big magnet work to kill it?
I was just googling that ha ha ha
1 Like
But then you’re in trouble if you need it enabled for foreign cash machines etc, so definitely not advisable
2 Likes
We need a way to turn off magstripe in app for ALL transactions then. Is that not possible???
Seems like it 
2 Likes
I think some further options would be good. I know Starling allow a little more control. Although saying that I do like the simplicity that Monzo have gone for here.
1 Like
I had my card replaced by HSBC in the past in order to prevent fraud. I found it annoying at the time because it was never explained why.
Thank you Monzo for explaining the process! Now I actually feel grateful instead of annoyed. Transparency is really one of the core values that I enjoy most about Monzo.
1 Like
Reading a magnetic stripe at 30cm? That sounds incredibly unlikely. I’d go as far as to say impossible.
Even contactless would be hard at that range and that’s designed to be read at a distance.
1 Like
So it’s stories like this that really show Monzo is making a difference to the world of banking.
I was affected by this. What angers me is that my transaction was only a couple of weeks ago therefore if they took the information they were given and took the issue seriously I would not have had any issues.
1 Like
Sorry to contradict Monzo staff, but again, that just seems more the stuff of urban legends than reality. You can’t distinguish bits because you can’t focus on magnetic fields.
I think there may be some confusion here with ‘contactless magstripe mode’ - but this isn’t reading the literal, actual stripe. It’s using the contactless interface, just in a less secure way than the modern EMV mode. Importantly, magstripe is referring to the data format, which is like a magnetic stripe, not to the same data. On the actual magnetic stripe, CVC1 is used, whereas contactless magstripe mode uses the dynamic CVC3.
This isn’t totally secure, as it’s vulnerable to pre-play attacks, but not to cloning (e.g. you can get transactions out of it to use later, but not make a clone that functions identically to the original card).
Importantly, you can later see how the data was skimmed since a clone of the magstripe (with a physical skimmer) and pre-play transactions from contactless magstripe mode will have difference CVCs presented (this is where the infamous American/Israeli Coke machine CVC mismatch problem comes from - they don’t correctly identify what interface was used).
1 Like
Reading a mag stripe works by moving the magnetic stripe through a reader and measuring the electromagnetic field. When the mag stripe is near the reader this is so trivial you can use hardware that wasn’t designed for that purpose e.g. the headphone jack on a phone to read the mag stripe.
With specialist hardware you can do this further away, 30cm is probably about the limit (maybe even slightly beyond the limit) but it is certainly possible at a much greater distance than someone would consider “contact” – you can trivially do it for cards within unshielded envelopes. I don’t actually know the answer to this, but it’s an interesting question to ponder – what do you think you’d see if you put a debit card in an MRI machine?
It’s entirely fair to say that this is not something that is really done in practice, there are far easier ways for criminals to skim details.
1 Like
Amazed by Monzo’s hard work and transparency - this is one more reason I’m glad you’re my main bank!
1 Like
Do you have any references for this?
Putting a card into an MRI would erase it instantly, the magnetic flux is around a Tesla.
1 Like
If you meant does he have a reference for the MRI. The answer will be no - he didn’t say it’s fact, just said an interesting question to ponder.
The reference request is for remote reading of magstripes
2 Likes
Agreed. At best, I could imagine it maybe in a lab environment - no magnetic interference, totally still card, ability to analyse it however you want.
A card in an envelope is easy of course. The magstripe can be read through a sheet of paper in a swipe reader. No doubt there at all.
But someone reading it remotely in a real world environment? Sorry I just can’t believe that’s possible.
That said, the ingenuity of attackers never ceases to amaze me. Look at Sceptre and Meltdown… If we had some of these people developing for the good guys…
3 Likes