Are RFID Credit Cards Easy to Hack?
By Justin McHenry
The New York Times is reporting today on an experiment by a University of Massachusetts professor and graduate student that used a cheaply-made card reader to decode the supposedly encrypted information on credit cards equipped with radio frequency identification technology (RFID). RFID credit cards allow cardholders to pay for purchases by just tapping their cards on readers at retail locations. No swiping is necessary and no signature is required for the smaller purchases that the technology is intended to encourage.
Companies that make and issue the RFID cards were guarded in their responses to the experiment. A Visa spokesman said the experiment did not translate to real-world card usage, implying that the experiment was not easily duplicated in a place where the cards might actually be used. A MasterCard spokesman criticized the sample size, saying that finding a few cards without RFID encryption was not akin to an industry-wide problem. The article states that the banks issuing the cards can choose how high a level of security to embed in a card.
The Times noted that the radio waves of the cards could only be intercepted by someone in close proximity to the card, but noted that the experiment showed cards being read even through a wallet or envelope.
RFID cards have come under attack by some consumer advocates and security experts, and an article such as the one in today’s Times is sure to keep the heat on. Whether it will affect the rollout of RFID credit cards, or affect the acceptance of such cards from consumers, remains to be seen.