Vulnerabilities in First-Generation RFID-enabled Credit Cards (PDF; 194 KB)
Source: University of Massachusetts/RSA Labs
“RFID-enabled credit cards are widely deployed in the United States and other countries, but no public study has thoroughly analyzed the mechanisms that provide both security and privacy. Using samples from a variety of RFID-enabled credit cards, our study observes that (1) the cardholder’s name and often credit card number and expiration are leaked in plaintext to unauthenticated readers, (2) our homemade device costing around $150 effectively clones one type of skimmed cards — providing a proof-of-concept of the RF replay attack for cards, (3) information revealed by the RFID transmission cross contaminates the security of non-RFID payment media, and (4) RFID-enabled credit cards are susceptible in various degrees to a range of other traditional RFID attacks such as skimming and relaying.”
See also: Researchers See Privacy Pitfalls in No-Swipe Credit Cards (New York Times)

This entry was posted on Monday, October 23rd, 2006 at 6:17 pm and is filed under Business and economics, Privacy, Technology. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.