We use cookies to provide you with a better experience. By continuing to browse the site you are agreeing to our use of cookies in accordance with our Cookie Policy.
  • INDUSTRY PRESS ROOM
  • ABOUT
  • CONTACT
  • MEDIA FILE
  • Create Account
  • Sign In
  • Sign Out
  • My Account
Free Newsletters
  • MAGAZINE
    • Current Issue
    • Archives
    • Digital Edition
    • Subscribe
    • Newsletters
    • Mobile Apps
  • TRANSPORTATION
  • MATERIAL HANDLING
  • TECHNOLOGY
  • LIFT TRUCKS
  • PODCAST ETC
    • Podcast
    • Webcasts
    • Blogs
      • One-Off Sound Off
      • Global Logistics and Risk
      • Empowering Your Performance Edge
      • Analytics & Big Data
      • Submit your blog post
    • Events
    • White Papers
    • Industry Press Room
      • Upload Your News
    • New Products
      • Upload Your Product News
    • Conference Guides
    • Conference Reports
    • Newsletters
    • Mobile Apps
  • DCV-TV
    • DCV-TV 1: News
    • DCV-TV 2: Case Studies
    • DCV-TV 3: Webcasts
    • DCV-TV 4: Viewer Contributed
    • DCV-TV 5: Solution Profiles
    • Parcel Forum 2022
    • MODEX 2022
    • Upload Your Video
  • MAGAZINE
    • Current Issue
    • Archives
    • Digital Edition
    • Subscribe
    • Newsletters
    • Mobile Apps
  • TRANSPORTATION
  • MATERIAL HANDLING
  • TECHNOLOGY
  • LIFT TRUCKS
  • PODCAST ETC
    • Podcast
    • Webcasts
    • Blogs
      • One-Off Sound Off
      • Global Logistics and Risk
      • Empowering Your Performance Edge
      • Analytics & Big Data
      • Submit your blog post
    • Events
    • White Papers
    • Industry Press Room
      • Upload Your News
    • New Products
      • Upload Your Product News
    • Conference Guides
    • Conference Reports
    • Newsletters
    • Mobile Apps
  • DCV-TV
    • DCV-TV 1: News
    • DCV-TV 2: Case Studies
    • DCV-TV 3: Webcasts
    • DCV-TV 4: Viewer Contributed
    • DCV-TV 5: Solution Profiles
    • Parcel Forum 2022
    • MODEX 2022
    • Upload Your Video
Home » how secure is your RFID credit card?
rfidwatch

how secure is your RFID credit card?

December 1, 2006
John R. Johnson
No Comments

The next time you pull up to the drive-through window at McDonald's, you might want to reach into your pocket for some good-old fashioned cash. The "swipe free" credit card you've gotten accustomed to using to pay for a Big Mac and fries might actually be putting your personal information at risk.

In tests conducted this fall, researchers from the RFID Consortium for Security and Privacy were able to hack into the information stored on first-generation "swipe free" credit cards that use RFID technology. Though the information is supposedly encrypted, the group reported that all of the cards it tested revealed important personal information whose disclosure could lead to identity fraud and theft.

Nearly 20 million of the RFID-enabled cards have been issued by credit card companies like American Express and MasterCard, and are now being used by consumers at a growing number of retail outlets, including CVS drug stores and McDonald's.

Researchers from the consortium, which includes members from both industry and academia, found problems with all of the cards they tested, although they tested fewer than two dozen cards. "Every single RFID credit card and debit card that I have seen in my lab has revealed at the least the full user name and card expiration date, and the vast majority also revealed the full credit card number," says Tom Heydt-Benjamin, a graduate student at the University of Massachusetts and one of the study's architects.

Because the information is transmitted via radio waves, the cards can be read through a wallet, an item of clothing or an envelope. To illustrate how easily personal data could be skimmed from cards, Heydt-Benjamin outlined a scenario in which somebody posing as a campaign volunteer walked the streets stuffing fliers into mailboxes. It would be a simple matter for that person to use a concealed RFID reader to skim information from any credit cards that happened to be in those mailboxes, he said.

Privacy advocates called for credit card issuers to recall all of the cards in question and replace them with more secure versions. The group Consumers Against Supermarket Privacy Invasion and Numbering (CASPIAN) advised consumers to remove the credit cards from their wallets immediately and request an RFID-free replacement card. The group is cautioning consumers not to mail the cards back because of the risk that their personal information might be exposed.

Although he acknowledges that RFIDenabled cards have security flaws that must be addressed, Heydt-Benjamin says that when it comes to the overall risk of identity theft, "leaky" cards pose only a minor risk. Practices like phishing, he says, represent a much bigger threat to individual consumers.

"I hope this doesn't set the whole technology back," says Heydt-Benjamin. "We firmly believe that RFID is not a dangerous technology. Our research is about bringing appropriate security and privacy mechanisms into the RFID world. Our message is that while this issue is something that very much should be part of the RFID privacy debate, we don't see it as indicating that RFID technology is an evil or dangerous technology."

all RFID, all the time

If you're going to tag 65 products, you might as well tag them all. That at least appears to be Hewlett-Packard's thinking. The consumer electronics giant is considering the monumental step of applying RFID tags to all of the products it makes. Right now, it is tagging 65 product SKUs that it supplies to Wal-Mart, Target and Best Buy in compliance with the retailers' mandates. But company executives say HP has an internal study under way to determine if it would be more efficient to just tag everything.

Last year, HP used about 6 million RFID tags. That number is expected to reach 10 million by the end of 2006, making HP one of the largest consumers of RFID tags.

HP, which started running RFID pilots four years ago, now has 34 facilities that are RFID-enabled. The company is already doing some item-level tagging for products like computer printers that ship one product to a case.

Automatic Data Capture RFID
  • Related Articles

    how secure is your DC?

John Johnson joined the DC Velocity team in March 2004. A veteran business journalist, John has over a dozen years of experience covering the supply chain field, including time as chief editor of Warehousing Management. In addition, he has covered the venture capital community and previously was a sports reporter covering professional and collegiate sports in the Boston area. John served as senior editor and chief editor of DC Velocity until April 2008.

Recent Articles by John Johnson

supply chain 2010 ... are you ready?

RFID: ready to roll

earning its stripes

You must login or register in order to post a comment.

Report Abusive Comment

Most Popular Articles

  • Schneider welcomes first battery-electric truck

  • Fred Smith is not worried about Amazon

  • RJW LOGISTICS GROUP EXPANDS RETAIL LOGISTICS OPERATION TO DALLAS

  • Outlook 2023: What’s in store for logistics/supply chain?

  • Maersk deploys indoor drones for warehouse inventory counts

Now Playing on DCV-TV

5afe63a5 7125 4318 b851 1e5738df1c91

Patterson Fan Co. | HVLS V-Series Ceiling Fan | Staging Area Air Movement

DCV-TV 4: Viewer Contributed
The Patterson V-Series is a high-volume, low-speed industrial ceiling fan that is designed to circulate a lot of air at a very low speed. These fans, ranging in diameters of 8’ all the way to 24’, are perfect for large, open spaces such as staging and shipping areas. One 24’ fan can generate a cooling effect of 6 –...

FEATURED WHITE PAPERS

  • The five best applications for robotic lift trucks in warehouse environments

  • Fulfillment Facility Improved Efficiencies by 4x

  • 3PLs: Complete Orders Faster with Flexible Automation

  • Reusable Packaging for the New Wave of Supply Chain Automation

View More

Subscribe to DC Velocity Magazine

GET YOUR FREE SUBSCRIPTION
  • SUBSCRIBE
  • NEWSLETTERS
  • ADVERTISING
  • CUSTOMER CARE
  • CONTACT
  • ABOUT
  • STAFF
  • PRIVACY POLICY

Copyright ©2023. All Rights ReservedDesign, CMS, Hosting & Web Development :: ePublishing