Izzy whizzy, thieves get busy
17 May 2011
TV station reveals serious security flaws with RFID-equipped credit and debit cards.
Commenting on a consumer TV report into the insecurity of RFID-equipped credit and debit cards, SecurEnvoy says that the apparent ease with which researchers have been able to create a `magic wand’ that reads cards at a distance shows that more work needs to be done on wireless encryption.
"The report from the Portland, Oregon-based TV channel Katu, in which researchers found that $20 worth of electronics could read the card details of payment cards in people's wallets and purses, at a range of four inches, is very worrying," said Andy Kemshall, Technical Director of the two factor authentication company.
"Here at SecurEnvoy, we spend our time advising clients on their best options to better defend their data assets, yet here we apparently have a number of card associations issuing payment cards that can have their details lifted by waving a fraudulent reader at users' wallets, purses and pockets, as they walk past," he added.
Whilst four inches may not sound much of a distance, in a crowded subway, tube or bus when people are pressed up close to each other, the possibilities for card fraud are significant.
Although the RFID system seen on Visa Paywave and Mastercard Paypass are designed for low value transactions, once the card details have been downloaded into a reader wand's memory, they can then be used – as these researchers have proven – to make fraudulent online purchases.
With stores in many city areas of the US and Canada accepting Paywave and Paypass, and the UK ramping up the number of RFID-accepting merchants in preparation for the London Olympics, it is feared that as TV station researchers have discovered this loophole, criminals are certain to have made similar discoveries.
Contact Details and Archive...
Related Articles...
Most Viewed Articles...