Problem with icard and walletmor

So basically here’s the problem.

Icard in their genius wisdom, told me to remove the NFC Implant from my account because there was a problem. I’ve tried to get it reinstated, with no success, and now basically I’ve received an email telling me that I am in breach of icard terms and conditions and that my account has been closed and in short won’t be allowed further future access… This probably comes because I suggested at legal action against icard for essentially bricking this implant, even though I should be able to use ANY NFC device… So it looks like they are cherry picking when it suits them.

So, any other ideas as to what I can do? Is the 11 digit activation number somehow hackable? Is it possible to use a proxmark3 to recode this chip and try again, what else can I do?

Walletmor seem like a pretty cool company though and wojciech seems like a really cool guy, I wonder if he will have any plans for the future to find a way around this problem. I’d love to still do business with him, it’s just now after being booted off icard, I don’t know what my other options for NFC payment implants are.

Any sane working ideas, let me know

So is the assumption that you told them your wearable was under your skin correct?

Can you get somebody else to get you a card on your behalf?
Partner, parent, sibling, friend :man_shrugging:

If it was me, I would just get my Mrs to get one…

No partner and don’t want one, parents are both dead and no siblings… And having something implanted in your body that is in someone else’s name is a really REALLY bad idea and does not fit the definition of a sane idea.

I’m basically blocked from icard and that’s all there is to it.

Edited

I’ve just phoned up the FCA to get advice and log the issue, so we will have to see what the financial conduct authority do and come up with… Even icard actually admit you can use ANY NFC enabled device… I have that in chat screenshots too.

I don’t expect the FCA to do anything here, but I might as well cause a ruckus if there is no other option and see what happens when I pile on the pressure… Might even see if I can get a court injunction to force them to reactivate it… That would be hilarious

that’s still what I would do
:logo_walletmor: :flex:
…I think I’m pretty sane, but an insane person would probably think that also :thinking:

My approach would be

“Ban me?..Fuck You!”

I’m not going to give this up because I really like the idea of walletmor and love the concept… So yeah, it’s going to cost me thousands in law suits, and maybe even more than thousands, but if it means that we can use our devices, then the struggle will be worth it.

So it looks like I have to fill out form N16A and submit that to a court and file an injunction order to force them to reinstate it

You do realize iCard is headquartered in Bulgaria right?

Of course I had no idea… That’s why a search of their website address told me that it is indeed in Bulgaria… Still have to be registered by the FCA here in the UK if you are carrying out this particular business… It is why the FCA and trading standards have been notified.

There are other things that I potentially have on icard as well, and some of which could be serious breach of terms and contract. I’m not going to give anything away here yet, because I don’t want them any possibility to catch wind of what I have thus far…

Anyone else in similar problems will also probably need to contact the European consumer center…

A UK based interim injunction order may well work against icard, but because they are in Bulgaria, the case will need to be filed against them also in a Bulgarian Court. My legal team will probably advise best on how to proceed with this.

We will see what happens here on out, but hopefully for icard, things might get a bit painful for them… We should have the right to use whatever devices we see fit, and we should be able to use our implants

There is a way around it.

1… Change of name deed = deed poll
2… Change details with regular banks
3… Change delivery and residential address
4… Order a new passport in new name (passport numbers change)
5… Get contact lenses in a different colour
6… Change appearance and maybe grow a beard from when you get a video call from them.

Personally though, I don’t think I will bother with all of that nonsense…

Got so far, almost was living the dream, but now it’s most likely all over

image

2 Likes

I’m still unclear why iCard said you were violating their TOS: did you or did you not tell them your wearable was an implant, and if so, is this what they have their kaks in a knot over?

Quite… You got the popcorn ready… This will probably end up as some kind of horror show but one where I end up forking out a lot of cash in legal expenses trying this case.

There is another way around the Implant problem… Can that 11 digit activation code be changed??? If it can, then maybe you could order a replacement key fob from them, take the 11 digit code and essentially clone the tag. Would that be possible, or once it is written that’s it??

You can’t clone the tag. As for the 11 digit code, my understanding is that it’s just a one-time activation code - i.e. now that it’s used up, it’s as good as useless.

…this is starting to sound like that other popcorn thread

So I’m assuming the physical parameters of the chip mean essentially it’s a write once affair on that 11 digit number.

Otherwise in theory you could order a replacement tag from icard… Copy that number and flash it to the Implant… I’m assuming then this isn’t going to be possible

You can’t do anything to the chip because it’s protected by a key you don’t have. The long and the short of it is, assuming your implant hasn’t been stricken off the Mastercard network altogether, the only way to use it is if iCard allows it.

Which bring me back to the question I’ve already asked you twice: can you tell us exactly why iCard says you violated their TOS in the first place? I think this bit of information would be of value to other Walletmor wearers so they don’t get themselves into the same situation.

4 Likes

This basically is the sum of it… If they find out you’ve been tampering or have a walletmor, they can and WILL kick you off the system.

Even go as far as to take your money from you too…

Thank you for that.

So three things are very clear:

1/ Modifying an authorized wearable is not allowed…

2/ …therefore those of you who have a Walletmor, don’t tell them your wearable is implanted under any circumstances (that it’s a bad idea was kind of obvious before, but your mishap confirms that it’s a very real threat) and make sure you don’t post information on the forum that can be linked back to your real name and account.

3/ They are very much aware that devices are being implanted, and that there are forums where people discuss it.

1 Like

Reflecting back on all this, I think I can see how the whole Walletmor construct functions:

  • You as a customer can’t modify a wearable, on pain of being banned from the iCard system. But Walletmor isn’t an iCard customer: nothing prevents them from buying wearables and doing whatever the hell they want with them, and resell the modified device.

  • Even better: Walletmor doesn’t modify anything. They contract DT to do it. Strictly speaking, DT doesn’t have a clue what the chip is or is for: they extract the chip and make an implant out of it. For all DT knows, it’s an NFC card for a bubble gum machine.

  • Walletmor customers buy implants, not payment wearables. They don’t modify anything, therefore technically don’t run afoul of the iCard TOS. Although I guess that’s where things get muddy: can registering a modified wearable with iCard in full knowledge of the fact that it has been modified be construed as willingly violating the TOS? Technically, Walletmor didn’t inform them of any such TOS and didn’t inform them that the implant is a modified wearable. I guess it all hinges on proving that the customer had prior knowledge of exactly what the Walletmor implant is and proceeded with the registration anyway.

IANAL, but logic seems to dictate that it’s all legally in the clear, albeit in a rather grey sort of clear. I’m genuinely curious to know what will happen with Pentester’s legal action. I’m afraid it’ll just be a big waste of money for him, but it’ll be interesting for sure.

(Feel free to zap this post if it’s controversial or something - or ask me and I’ll do it)

2 Likes

Your analysis is pretty interstellar and interesting, but breach of contract on several actions has attracted the attention of action fraud, and for a potential discrimination case… Can’t go in to particular of this as of yet because I don’t want to prejudice any law suit in a public domain.

For the fact that money was and has been taken from me by icard, would indeed constitute a potential theft case, and it is strongly advised that you check your credit report and keep up to date on any advisory details your primary bank informs you of.

Interestingly enough, there is other legislation that should be mentioned in icard terms and conditions that here in the UK is mandatory for any financial business to abide by, and icard have failed this duty… The implications of this could be serious, and trading standards, the police, action fraud and European consumer center are now aware of it… A damages suit and formal injunction is likely to follow if I pursue this to a formal statement

I hope this helps and yes, I’m taking this very seriously!