Credit cards & RFID

Credit card companies are now experimenting with RFID. What sounded like a dubious idea to me in passports, now sounds almost ridiculous. Quoting from the Engadget blog:

"Our latest security problem du jour is that credit card companies are apparently issuing plastic that relays your digits wirelessly; as you might have guessed, security researchers are checking into this, and in a demonstration for The New York Times, easily hacked a University of Massachusetts computer science professor's newfangled RFID credit card. In short order (and with his permission), a researcher working with RSA Labs was able to steal the professor's name and credit card number that was being transmitted in cleartext -- thereby poking massive holes in Visa, MasterCard and American Express' claims that these card include "the highest level of encryption allowed by the U.S. government." Predictably, the credit card companies have already dismissed claims that the populus will be greatly affected by this hack. Brian Triplett, senior vice president for emerging-product development for Visa, told the Gray Lady: "This is an interesting technical exercise, but as a real threat to a consumer - that threat really doesn't exist."

Check out the tech report, from the NYTimes. It details the supposed RFID credit card vulnerabilities.

Thanks to a Stanford colleague for pointing out the credit card RFID story that appeared in the NY Times.

Makes you think again about what's in your wallet, doesn't it?