Sunday, November 26, 2006

SPY CHIPS IN CREDIT CARDS COULD BE READ FROM A DISTANCE

CASPIAN - The New York Times reports that a team of security researchers
has found that virtually every one of these cards tested is vulnerable
to unauthorized charges and puts consumers at risk for identity theft.

Radio Frequency Identification is a controversial technology that uses
tiny microchips to transmit information at a distance. These RFID
microchips have earned the nickname "spy chips" because the data they
contain can be read silently and invisibly by radio waves without an
individual's knowledge or consent. The technology has long been the
target of criticism by privacy and civil liberties groups.

"For these financial institutions to put RFID in credit cards, one of
the most sensitive items we carry, is absolute lunacy," said Dr.
Katherine Albrecht, founder and director of CASPIAN, a consumer group
with over 12,000 members in 30 countries worldwide.

Researchers are showing how a thief could skim information from the
cards right through purses, backpacks and wallets. This information
includes the cardholder's name, credit card number, expiration date and
other data that would be sufficient to make unauthorized purchases. They
say the information could even be used to identify and track people, a
scenario Albrecht and co-author Liz McIntyre lay out in their book, "Spy
chips: How Major Corporations and Government Plan to Track Your Every
Purchase and Watch Your Every Move."

Despite earlier assurances by the issuing companies that the data
contained in the credit cards would be secure, researchers found that
the majority of cards they tested did not use encryption or protect the
data in any way. The information on them was readily available to
unauthorized parties using equipment that could be assembled for as
little as $50, the researchers said.

"We cautioned companies against using item-level RFID, and they didn't
heed us. Now the credit card industry is facing an unprecedented PR and
financial disaster," says McIntyre, who is also a former bank examiner.
She points to the astronomical cost to replace the cards, not to mention
the potential financial losses, litigation expenses, and erosion of
consumer trust.

CASPIAN is advising consumers to immediately remove the credit cards
from their wallets and call
the 800 number on the back to insist on an RFID-free replacement card.
The group is cautioning consumers not to mail the cards back or simply
throw them away due to the risk of their personal information being
skimmed.

http://www.nytimes.com/2006/10/23/business/23card.html?ref=business

RESEARCH REPORT
http://www.nytimes.com/packages/pdf/business/20061023_CARD/techreport.pdf


||||||||||||||||||||||||||||||||||||||||||||||||||||||||

1 comment:

Anonymous said...

How does a person ascertain whether a particular credit card in his or her wallet is of the RFID type?