Will Contactless Payment Cut Down on ID Theft?
There has been a small amount of controversy over the new RFID-enabled credit cards that allow contactless payment processing. Old cards will soon be obsolete as card issuers began passing around cards like MasterCard’s Paypass, Visa’s payWave and American Express’ Express Pay. Just a quick swipe and you go.
But how secure are these devices? As with all new technology, there will undoubtedly be some glitches to work out. For instance, a Marquette University Law School study cited a security incident with the ExxonMobil Speedpass key fob:
“The Texas Instruments Digital Signature Transponder (DST) used in the ExxonMobil Speedpass key fob features a forty-bit, unpublished, proprietary key that a research team cracked and used to clone a device capable of completing fraudulent gasoline purchase transactions at ExxonMobil stores.”
Proponents of cards issued by major creditors say that security is much higher on the newer devices. They have a cryptogram that changes with each transaction and security measures to prevent other radio frequency ID readers from picking up on the code inside credit cards. For instance, the radio frequency embedded in the cards is very low frequency and cannot be read from further than 4 to 6 inches away.
The Marquette University report questions whether this security is enough. For instance, even though the credit card devices may be nearly impossible to clone, how easy might it be for one to swipe the credit card number? This wouldn’t be through the storage of that information on any one computer system, because there won’t be any such storage. Instead, the credit card numbers might be swiped through an RFID reader, one would suppose. One thing is for sure, the world will be a much more secure place for a certain amount of time until the identity thieves figure this one out!
November 28th, 2007 at 7:01 am
[…] MSN Money staff with wire reports had some great ideas on this topic.You can read a snippet of the post here. […]
February 5th, 2008 at 3:29 pm
Actually the card number, name, and expiration date are readable with any card reader. Card readers can be aquired quite easily. I simply asked a manufacturer for a test model and was sent one.
Also two criminals could work together to relay a transaction from your card to a distant reader. One person stands near you in a bookstore at the mall and a partner buys diamonds at the jewelry store with a fake card relaying your card data. Just Google contacless relay attack for a white paper.
Your best protection is an Identity Stronghold Secure Sleeve. So far the credit card companies have decided against providing these sleeve to their customers. You can buy them at www.idstronghold.com .
Passports and Enhanced drivers licenses are also vulnerable.
June 6th, 2008 at 10:35 pm
[…] discussed the contactless payment trend that requires a consumer to merely wave their payment card in front of a reader to pay at the […]
June 6th, 2008 at 11:22 pm
[…] the world of credit card payment key fobs, there is now one less competitor. American Express has stopped offering Express Pay, its version […]