April 30, 2008
Credit card companies in the Gulf have begun deploying "contactless" credit cards that use radio frequency identification (RFID) technology to streamline their use. Unfortunately, this may mean that your credit card is not safe even in your own wallet!
Researchers have known since 2006 that RFID cards are vulnerable to attack. While most cards today need a signature or a physical swiping, these cards rely on radio waves for authentication. This issue has again surfaced in a recent video that shows a hacker at this year's Emerging Technology Conference capturing credit-card data using equipment purchased on e-Bay for $8.00.
As the video shows, despite the credit card companies' assertion that the data on cards is encrypted to prevent digital eavesdropping, sometimes unencrypted data is stored on the card. The cardholder's name, the card's number, and the card's expiration date may be captured with a contactless reader. In fact, it is not even true that this information must always be combined with a verification token. Some cards revealed the credit card number without requiring a token.
Imagine now that a card skimmer is walking in a crowded place... The amount of personal data that he or she can steal off of all those credit cards is astonishing.
What can you do? The video demonstrates one way to avoid being a victim of this type of fraud: keep your credit card in a metal cover to prevent the information on the card from being sniffed. In addition, always take a few minutes to examine your credit card bills to ensure that no fraudulent charges have been made.