Underground News you may have missed...
[><] OFU MEDIA CENTRE [><] --Virtual Underground News--: Uses of RFID in credit cards, passports raise doubtsOFU MEDIA CENTRE

Thank you for visiting today...

26 December 2006

Uses of RFID in credit cards, passports raise doubts

Hope anyone out there that may visit the site had a good Christmas.
My 2 older sons got guitars, plus the got Guitar Hero 2 for their ps2.
We're Rockin out at the Stanton house today!

Here's an article I ran across this morning...after waking up at 4 in the morning and unloading 20,000 pounds of food for good old Cracker Barrel.

Uses of radio frequency ID raise doubts

Critics wary of credit cards, passports; others play down privacy fears

Radio frequency identification technology is still a tough sell to a lot of people.

Massive companies and organizations that want to manage their supply chains more effectively have wholeheartedly embraced the tiny wireless computer chips. But some critics, politicians and even industry insiders say there are reasons to be concerned about bringing the tracking technology into the consumer arena.

"Privacy and security should always be a concern with any technology," said Rick Billo, associate dean of engineering research at the University of Texas at Arlington and founder of an RFID research center at the school.

Most of the objections have revolved around security and privacy concerns, and those themes are once again taking center stage in a couple of RFID applications.

The first application is in credit and debit cards, and the second is in identification documents that U.S. citizens could soon be using to cross the Mexican and Canadian borders.

The concerns are largely the same: that it's possible for thieves to surreptitiously read the data on the chips.

A few weeks ago, Sen. Charles Schumer, D-N.Y., a member of the Senate Finance Committee, issued a news release saying that RFID credit cards are not secure enough.

"If you are using a no-swipe credit card, when you put your card in your back pocket or in your pocketbook, you might as well print your credit card number across your back," Mr. Schumer said.

"Holiday shoppers need to be extremely careful with their credit cards, and these companies need to step up their efforts to protect people from identity theft."

Longtime RFID privacy critic Katherine Albrecht said that Congress should set some guidelines.

"It's about time for Capitol Hill to recognize the dangers of RFID," Ms. Albrecht, founder and director of Consumers Against Supermarket Privacy Invasion and Numbering, said in a prepared statement.

"Perhaps now members of Congress will listen to their concerned constituents and work to pass long-overdue bipartisan RFID labeling legislation, not only for credit cards but other RFID-tagged consumer items as well."

A growing number of shoppers have cards with radio frequency identification chips in the plastic, allowing the user to simply wave the card over a reader to complete a purchase. For example, there are about 11 million MasterCard cards in use worldwide with RFID chips.

That's a fraction of the roughly 1 billion MasterCard cards in use, but issuing banks are increasingly making RFID cards the default replacement cards sent to users when their old cards expire.

Banks are not required to tell cardholders that the cards have RFID chips, but experts say banks have an incentive to do so since research shows people who know they have such a card tend to spend more.

In October, researchers at the University of Massachusetts released a report claiming that most RFID cards on the market transmit signals that can easily be intercepted.

"Although RFID-enabled credit cards are widely reported to use sophisticated cryptography, our experiments found several surprising vulnerabilities in every system we examined," the researchers said.

That report generated a lot of publicity, but Art Kranzley, executive vice president and group executive of advanced payments at MasterCard Worldwide, said researchers missed the point.

Security measures

Even if a thief can scan the account number on your card with a wireless scanner, other security measures in the retailer's card reader and in MasterCard's computers prevent thieves from using that number to make a purchase, Mr. Kranzley said.

Furthermore, most thieves aren't interested in building elaborate systems to steal a single account number from someone in a store, he said. Crooks would rather hack into credit card databases and get thousands or millions of card numbers and other information.

"The fraudsters are after big volumes and big dollars," Mr. Kranzley said.

Daniel Engels, director of the RFID center at the University of Texas at Arlington, said it's a lot easier for someone to eavesdrop on a cellphone conversation being conducted over a wireless Bluetooth headset than it is to swipe wireless information off an RFID credit card.

"The Big Brother scenario never seems to bother us when it's a device we know and love and use, such as a cellphone," he said.

Even so, card makers and retailers should go out of their way to make users comfortable, Mr. Billo of UT-Arlington said. "In terms of warning labels and things like that, I think it's a good idea." He said that retailers and credit card companies need to adopt the same strategy they did the last time a new payment technology was introduced.

"There was a lot of mistrust of the bar code when it was first implemented," Mr. Billo said. "I remember when I went into stores, there was a guarantee that if they came up with the wrong number, you got the item for free."

Passport worries

The other consumer application of RFID that's getting a lot of attention right now is in PASS cards, a document proposed by the State Department that would replace passports for U.S. citizens crossing land borders.

Recently, several trade groups, as well Dallas-based Texas Instruments Inc., issued public complaints about the long-range RFID technology that the State Department is considering. The chips would let Americans wave their cards near a reader at a border crossing and then keep going.

But the groups say it would be a mistake to use the same long-range, low-security chips in the PASS card that are used for inventory tracking by companies like Wal-Mart.

"I think the government has given a lot of thought to the technology," said V.C. Kumar, manager for emerging markets in the RFID division at Texas Instruments.

"We just believe there is a better way."

TI and industry groups like the Smart Card Alliance and the Secure ID Coalition have weighed in against using the long-range chips, arguing that short-range chips with stronger security would be more appropriate.

TI makes both kinds of chips.

Mr. Kumar said a final decision from the State Department is still awhile off, and he hopes the agency will reconsider its initial proposal before it starts issuing the cards.

"I think there's still some need for education," he said. "I think there's still a need to clear up some misconceptions. But on the whole, I think the technology is going quite well."

E-mail vgodinez@dallasnews.com and tell him to kiss my ass.


Post a Comment

<< Home