Television group reveals serious security flaws with RFID-equipped credit and debit cards
By ECM Plus staff
ECM Plus +++ A consumer television report into the insecurity of radio frequency ID – or so-called ‘RFID’ -equipped credit and debit card chips has shocked the security industry.
One vendor, SecurEnvoy said the apparent ease with which RFID has been hacked to create a `magic wand’. With the ability for anyone to effectively read RFID cards at a distance clearly demonstrates that RFID is no longers fit for purpose, observers say.
Apparently, the report from the Portland, Oregon-based TV channel Katu, found that a mere US$20-worth of electronics could read card details of payment cards in people’s wallets at a range of four inches.
According to security firm SecurEnvoy, while four inches may not seem much of a distance, in a crowded subway, tube or on a bus, with people pressed up close to each other, the possibilities for card fraud are “significant” they said.
Although the RFID system seen on Visa Paywave and Mastercard Paypass are designed for low value transactions, once the card details have been downloaded into a reader wand’s memory, they can then be used – as these researchers have clearly proven – to make fraudulent online purchases, a SecurEnvoy spokesman said.
With stores in many city areas of the USA and Canada accepting Paywave and Paypass – and now even Britain increasing the quantity of RFID-accepting merchants in preparation for the Olympic Games in 2012, if the TV station had discovered this loophole in the Visa/Mastercard RFID system, then criminals are certain to have also made similar discoveries, a SecurEnvoy spokesman added.
“And even if they haven’t tumbled to the security problem yet, once news of this TV station’s breathtaking research spreads, they will start deploying this technology to harvest card details from unsuspecting commuters,” he added.