IP Source

Monday, 20 February 2012

Credit card RFID theft protection is as simple as an ‘on’ button

University researchers are working on a simple solution to the unnervingly easy-to-hack radio frequency ID chips (RFID) and near-field communication cards (NFC) installed in credit cards.

Think of it as button that activates the cards when ready to be used for payment.

While scanning credit cards rather than swiping them is convenient, the need for better security derives from unforeseen loopholes in the technology that have been exposed since its introduction. In the case of credit cards installed with RFID chips, the first step to stealing an unsuspecting victim’s credit card information  is as simple as an eBay purchase.

A simple Google search for “credit card rfid hack” turns up numerous YouTube videos of hacks, and even step-by-step outlines. More unnerving is the realization that contactless RFID readers can be purchased on eBay for as low as $50. But while RFID credit card supporters claim cards must be 1 to 3 inches from a reader to pull data, eliminating the possibility of falling victim to theft, long-distance reading has in fact been around for a while.

In the summer of 2005 during DefCon13, Flexilis, now known as Lookout Mobile Security, proved the feasibility of a homemade long-range RFID scanner. The company’s build, successful in scanning passive RFID chips, reached over 69 feet! A quick Google search again pulls up in-depth and detailed instruction from 2006 for building a long-range scanner for a mere investment of $100. Much cheaper now.

While luckily scanning is not rampant, and far from lucrative due to predetermined RFID spending caps, researchers from the Pittsburgh Swanson School of Engineering are building a credit card “switch” allowing for the card to turn “on” and “off.” Upon applying contact with a specified area on the credit card, whether hidden behind a logo or emblem, the switch would complete the circuit and switch the card “on.” In the absence of contact, “The RFID or NFC credit card is disabled if left in a pocket or lying on a surface and unreadable by thieves using portable scanners,” professor Marlin Mickle explains.

Besides credit cards, RFID chips are used in pharmacies, shipping, tracking, and even passports (which use active RFID chips). 

No comments:

Post a Comment

Send a plain text, no attachments, email from any client to comment. Only registered users or OpenID have this access.