Slashdot Mirror

← Back to Stories (view on slashdot.org)

MasterCard To Distribute RFID Credit Cards

Posted by ScuttleMonkey on from the next-stop-rfid-theft dept.

wellington writes "Reuters is reporting that MasterCard expects to have 4 million "pay pass" cards in circulation by year's end. These new cards will be equipped with a radio-frequency chip that allows customers to pay for purchases by simply waving their cards at readers posted near cash registers or gas pumps." The cards, previously covered on Slashdot, were announced earlier this year.

6 of 382 comments (clear)

  1. Get some facts by scdeimos · · Score: 4, Informative

    PayPass FAQ page: http://www.paypass.com/faq.html

    I'm not sure what the benefit of these are since you still have to take your card out of your pocket/wallet/handbag to swipe it over the scanner (only works within an inch). Anyone who has trouble swiping cards with mag stripes (which seems to be becoming a more-common problem as technology progresses) will likely think this a good thing - one swipe and that's it.

    The issue of Card ID theft isn't really that much more than it already is.

  2. Not the same "RFID" by RzUpAnmsCwrds · · Score: 5, Informative

    The MasterCard system, like all of its type, uses the ISO/IEC 14443 contactless smartcard standard.

    ISO 14443, unlike most RFID standards, is a cryptographically strong system that renders easedropping useless.

  3. Re:Range? by tooth · · Score: 5, Informative

    When you bring the card near the reader it induces a current in the card to power it (Passive RFID). This is why you need to put it close to the reader. Once this happens you can snoop the signal from the card from nearby.

  4. Re:More fraud? by petej2310 · · Score: 5, Informative

    Spreading FUD...u should all work for BILL!!!
    These cards are based on SMARTCARDS and the EMV standards (3DES, PKI, challenge-auth techniques) against which millions of credit and debit cards have been issued. The only difference is that they use an RF interface to provide comms and power the chip.
    See http://en.wikipedia.org/wiki/ISO_14443/
    They ARE NOT RFID tags, they do not emit your card number, banks (as other have correctly posted) are smart enough to NOT provide OTHER avenues of fraud.

  5. Re:Range? by joe_bruin · · Score: 4, Informative

    You put your card up to the reader not because that is the range of the signal coming out of the card. Rather, it is the range of the magnetic induction field coming out of the reader to power the card. The signal the card emits can probably be read at 100 meters by a person with a high gain directional antenna.

    Of course, Suica cards are not that prone to theft because the most that person could do is take a spin around the Yamanote Line at your expense. When there's serious money involved, you will see someone place a high powered field generator in a trash can by the entrance to a mall, and then sit in a car nearby and gather access numbers from everyone going in or out and massively cash out. Non-contact based transactions are a bad idea. Faraday-cage wallet, here I come.

  6. Re:More fraud? by DrXym · · Score: 4, Informative
    I believe some countries allow you to use your rapid transit card to make small purchases. In addition of swiping your card to be allowed through a gate you can buy a bar of chocolate or a newspaper or other small transactions. Apparently London is piloting doing such a thing with their Oyster card.


    It makes sense that if you have a card which is acting like pocket change to allow this. You deplete the credit and then you top it up. You can only spend as much as you have on the card so it has a natural cutoff. Since you buy the card with cash from a machine, the card is effectively acting like semi-anonymous currency.


    It doesn't make much sense to do the same with a credit card, unless the credit card imposes a hard limit on what you can spend in such a manner. And I don't mean per item - I mean total that you deplete and must be topped up either by you or a preset top up. Otherwise what's to stop someone reading your RFID and making their own purchases by spoofing yours?


    It doesn't really make sense to even embed the RFID into the credit card anyway. Are Mastercard going to be happy with reissuing cards to hundreds of people for the sake of thieves leeching $10 a day off them? How does a customer or Mastercard even spot suspicious transactions for tiny items anyway until the statement arrives?


    It seems smarter for the RFID to be on separate card - to be more like a gift card that can be topped up at the discretion of main card holder. These could be sold anywhere and it would be easy for someone to buy a couple of them and set them up with their main account. Then if someone steals one, you simply don't top it up anymore. This would of course require Mastercard or whoever to stop gouging owners of these cards by charging a monthly "administration fee", but if they wanted to see the scheme work, they'd waive it.