xyz
posted 10/09/09 03:40 PM | updated 10/09/09 03:40 PM
Featured Post! | Views: 169 | Comments : 2 | Business

Cyberthieves are Picking Pockets with RFID

By RVO
Recommend this story (0 votes)

On Monday, I got a call from the bank that issued me a credit card six years ago.  The woman on the other end of the line asked me to call back using the number on the back of the card for security purposes.

When I called back, I was directed to the fraud department, where the same woman who had just called me answered the phone.

“Hello,” said the woman on the line. “Have you made any purchases in Florida today?” I said I hadn’t used the card at all in months, not since I was in Florida last June while on vacation. The woman said several thousand dollars had been charged, and declined, at a Ross in Fort Myers.

It turns out that my card information was stolen from my card’s embedded radio-frequency signal, the technology that allows it to be swiped over scanner without inputting a code.

That’s right. My credit card information was stolen from my wallet while it was in my pocket.

If you have a credit card that was issued in the past year or two, pull it out and look at the back. If it has a little wireless signal on it, your card has radio-frequency identification (RFID) technology that allows you to speed through retail transactions by just waving your card. No code or signature is needed.

Now, I never asked for this technology, and I’ve never used it in that form. When my last card expired, a new one was sent with this technology already embedded. It turns out that enterprising thieves have figured out a way to steal (or build their own) scanning technology. They put these scanners in a handbag, backpack or computer case, and simply walk through crowds stealing the signals from cards. If you'd like to practice at home, Boing Boing has an instructional video: "How to hack RFID-enabled credit cards for $8."

The problem is you can’t turn the signal off. Even cutting the card up may not work. Unless you kill the chip, it just keeps sending out your information.

My bank told me the information is encrypted. But they also told me someone had my card number and was attempting to use it. You be the judge of whether encryption worked. Stung by the theft of my card number, I asked a group attending a lecture I gave last night (on the ongoing effects of the recession) how many of them had a theft of credit card information. Nearly the entire crowd raised their hands.

Most had lost data from a stolen purse or wallet. One lost their credit card, checking and savings information from a skimming machine at their bank’s ATM. But several confirmed that the RFID technology from their cards was the culprit.

The point is that hard times are making thieves smarter and any technology can, and probably will, be hacked. If you are concerned about having wireless data transmitted from your card, consider asking your bank to cancel your card and reissue one without the technology. Or consider making or buying some kind of blocking sleeve.

Save and Share this article
Tags: rfid, security, credit card, hacked, theft, encryption
savecancel
CommentsRSS Feed
It's not Rocket Science
We have been warned about this capability for years. Few read or listen. More details at:

www.privacyauthority.org

http://privacy-pimp.blogspot.com/2009/08/feds-at-defcon-alar

http://privacy-pimp.blogspot.com/2009/07/chips-in-official-i

http://jonathan-warren.blogspot.com/2009/07/chips-in-officia
Comment by Jonathan
2 days ago
( 0 votes)
( report abuse ) ( )
It actually gets worse
When we got our last ATM/VISA card, I noticed it had RFID. Being in the tech biz, I was well aware of exactly the kind of threat you describe.

The friendly support person assured me there was no possibility of a problem. When I told her, 'a yeah, but there is, so can I turn off that feature?', I was told that the only way to turn it off was to disable ATM/VISA access for the account.

Kinda makes you feel good all over, doesn't it?
Comment by bilco
2 days ago
( 0 votes)
( report abuse ) ( )
Add Your Comment
Name:
Email:
(will not be displayed)
Subject:
Comment: