The Secret Spy Tech Inside Every Credit Card

Veritasium28m 43s

Credit card contactless payment technology traces its origins to Cold War CIA espionage devices and Soviet bugs that operated without power sources. The evolution from magnetic stripe cards to chip-and-pin to NFC contactless payments represents a constant balance between transaction speed and security.

Summary

The video reveals how modern credit card technology evolved from Cold War espionage. In 1945, Soviet children gifted the US ambassador a wooden plaque containing a revolutionary listening device called 'The Thing' - the first passive bug with no power source that remained undetected for seven years. Created by Leon Theremin while imprisoned in a Soviet Gulag, this device used radio wave resonance and amplitude modulation to transmit conversations when activated remotely by Soviet operators. The CIA reverse-engineered this technology and developed their own enhanced versions for counter-surveillance operations like Project Easy Chair. Meanwhile, banks were developing credit cards to solve payment friction, starting with Bank of America's BankAmericard in 1958. Early magnetic stripe cards (invented by IBM's Forrest Parry using iron-on tape) were easily cloned, leading to massive fraud. The industry responded with EMV chip-and-pin technology in the early 2000s, which used cryptographic keys to create unique transaction codes. However, chip transactions were slower, adding 116 million hours annually to US checkout times. This drove development of contactless NFC technology, which applies the same principles as Cold War bugs - using magnetic fields to power chips and communicate wirelessly. The COVID-19 pandemic accelerated contactless adoption by 150% in the US. While more convenient, contactless cards are vulnerable to digital pickpocketing and ghost tapping, though protections include transaction limits and mobile wallet integration.

About this episode

How safe are the cards we use? Sponsored by Saily - Prepare for your next destination today! Download the Saily app now or go to https://saily.com/veritasium and use code ‘veritasium’ for 15% off. Share your referral code with friends and family to collect more credit for your next trip. If you’re looking for a molecular modelling kit, try Snatoms, a kit I invented where the atoms snap together magnetically - https://ve42.co/SnatomsV Sign up for the Veritasium newsletter for weekly science updates - https://ve42.co/Newsletter ▀▀▀ 0:00 Dissolving A Card In Acetone 1:32 The Soviets’ Powerless Bug 6:24 The First Credit Card 8:21 Magnetic Stripe Credit Cards 11:51 How To Clone A Credit Card 13:50 Chip and Pin 18:03 Operation Easy Chair 19:58 How does a contactless card work? 23:39 Digital Pickpocketing ▀▀▀ We’d love to thank some of the experts who helped us on this video. Firstly, a huge thank you to Neil Smith for sharing his technical and historical knowledge of “The Thing” and operation Easy Chair. These devices are crazy complicated! And Neil (given that he’s actually built a working replica of “The Thing!”) gave invaluable insight into how it works, and detailed feedback on early versions of the video. You can see even a more detailed explanation of “The Thing” from Neil here – "Leon Theremin Changed Spying FOREVER with this 1940s invention!", on his channel: @MachiningandMicrowaves Thanks to R. Paul Wilson for a comprehensive overview of the potential ways that credit cards and contactless payments can be compromised, and for connecting us with Christopher Forte. A big thank you to Christopher for his technical advice on different attack vectors for NFC transactions, his insights into the “cat and mouse game” between hackers and security providers, and feedback on different parts of the video. Thanks to Pavel Zhovner, CEO of Flipper Devices, for talking us through the various security layers in NFC transactions, showing us round the Flipper HQ, and even giving us several Flippers to experiment and film with! Thanks as well to Tony Sales, for his candid – and thoroughly entertaining(!) – recounts of credit card vulnerabilities, and explaining the work he does today in testing them. Thanks to @mkbhd and his team for filming all the different demo’s with us – and of course, putting himself forward for the hack we’ll cover in part 2 of this video! And last but definitely not least, a big thank you to professors Tom Chothia and Ioana Boureanu, for their technical support on the video, and of course, talking us through in great detail and even lending us the equipment for the hack we’ll be attempting in part 2! ▀▀▀ References: https://ve42.co/Spies&CardsRefs ▀▀▀ Special thanks to our Patreon supporters: Adam Foreman, Albert Wenger, Alex Porter, Alexander Tamas, André Powell, Anton Ragin, armedtoe, Balkrishna Heroor, Bertrand Serlet, Blake Byers, Bruce, Charles Ian Norman Venn, Daniel Martins, Data Don, Dave Kircher, David Johnston, David Tseng, EJ Alexandra, Evgeny Skvortsov, Garrett Mueller, Gnare, Hayden Christensen, Hong Thai Le, Ibby Hadeed, Jeromy Johnson, Jesse Brandsoy, Jon Jamison, Juan Benet, Kelcey Steele, KeyWestr, Kyi, Lee Redden, Marinus Kuivenhoven, Mark Heising, Martin Paull, Meekay, meg noah, Michael Krugman, Moebiusol - Cristian, Orlando Bassotto, Parsee Health, Paul Peijzel, Richard Sundvall, Robson, Sam Lutfi, Shalva Bukia, Sinan Taifour, Tj Steyn, Ubiquity Ventures, Vahe Andonians, wolfee ▀▀▀ Writers: James Moore, Casper Mebius & Henry van Dyck Producer & Director: James Moore Presenters: Derek Muller & Henry van Dyck Editor: Peter Nelson Animators: Andrew Neet, Domonkos Józsa, Alex Drakoulis & Ulugbek Islamov Illustrator: Jakub Misiek Assistant Writers: Aakash Singh Bagga & Darius Garewal Assistant Editor: James Stuart Researchers: Aakash Singh Bagga, Darius Garewal & Callum Cuttle Camera Operators: Andrew Abballe, Henry van Dyck, Gregor Čavlović & Andy Perez Thumbnail Designers: Abdallah Rabah, Ren Hurley & Ben Powell Production Team: Jess Bishop-Laggett, Matthew Cavanagh, Anna Milkovic & Sulli Yost Executive Producers: Derek Muller & Casper Mebius Additional video/photos supplied by Getty Images & Storyblocks Music from Epidemic Sound

Key Insights

  • The Soviet bug called 'The Thing' remained undetected for seven years because it had no power source and laid totally dormant until activated remotely by radio waves
  • CIA officials discovered the Soviet bug could change its resonant frequency by as little as 10 nanometers of diaphragm movement, enough to modulate amplitude and transmit conversations
  • Tony Sales operated a credit card fraud operation with 300 employees in restaurants and bars, generating thousands of stolen card numbers weekly and accumulating half a million pounds under his bed at age 16
  • The introduction of chip-and-pin technology reduced counterfeit fraud in the UK by 63% over seven years, but added 116 million hours annually to US checkout waiting times due to slower transactions
  • Contactless payment fraud through digital pickpocketing requires being within two centimeters of a victim's pocket, and the US uniquely has no upper limit on single contactless transactions unlike other countries

Topics

Cold War espionage technologyCredit card evolutionMagnetic stripe vulnerabilitiesEMV chip securityContactless NFC paymentsDigital pickpocketing fraud

Transcript

[0:00] - Watch what happens if you take a credit card and stick it in a beaker of acetone. - Nail polish remover basically? - Nail polish remover. - Okay. - [Henry] It does start to work very quickly. - [Marques] That is crazy. - [Henry] This is one that we started about 30 minutes ago. We'll do a little- - That's a credit card from 30 minutes ago? - [Henry] Yeah. - [Marques] Why does it look, okay, so I see this like, this like frame on the inside now. - [Henry] Yes. - [Marques] Is that all antenna bands basically? - Exactly. That's the antenna. And the chip right there in the middle. [0:30] And what we're gonna…

Full transcript available for MurmurCast members

Sign Up to Access

More from Veritasium

Get AI summaries like this delivered to your inbox daily

Get AI summaries delivered to your inbox

MurmurCast summarizes your YouTube channels, podcasts, and newsletters into one daily email digest.