by Mike Bevel, CollectionIndustry.com



Got $150 bucks and a devious streak? Then. according to InformationWeek.com, you could rack up some names, credit card numbers, and expiration dates from unsuspecting consumers. I should also insert that I?m not above accepting cuts of profits based off of ideas I pass on second hand.



Tom Heydt-Benjamin and Kevin Fu, of the RFID Consortium for Security and Privacy (RFID-CUSP), showed how to glean information, like names, card numbers and expiration dates from credit cards. The details were released in a report Monday, which highlights the latest in a series of demonstrations showing vulnerabilities in some of the cards.



?What the RFID-CUSP report highlights most significantly is the new physical dimension of vulnerability that RFID credit cards introduce,” the group stated on its blog. “Without even removing their cards from wallets or pockets, consumers can potentially see their privacy and security compromised. A scanner in a crowded subway station might surreptitiously harvest credit-card data from passersby.”


The team also points to the possibility of “Johnny Carson” attacks, named after Carson’s Carnac the Magnificent act, in which he deciphered the contents of sealed envelopes held against his forehead. This could be deployed near mailboxes, according to RFID-CUSP. The researchers said that some of the cards they tested were not encrypted, despite common assurances to the contrary.



“Given that RFID as a broad technology is already a flashpoint for consumer fears, the choice of credit-card associations not to confer stronger protections on RFID-enabled cards is somewhat surprising,” RFID-CUSP stated. “Numerous media reports have drawn attention to consumer concerns about RFID privacy and security, and various government bodies are mulling over RFID-privacy regulations.”


The researchers produced a video that was made available on YouTube highlighting the vulnerabilities. The video can be viewed below:




Next Article: First Data Certified to Process Healthcare Transactions ...

Advertisement