Slashdot Mirror

← Back to Stories (view on slashdot.org)

Privacy Pitfalls in No-Swipe Credit Cards

Posted by ryuzaki0 on from the swipe-this dept.

Nrbelex writes to mention a New York Times article about the privacy pitfalls of 'no-swipe' credit cards. Despite assurances from the card companies, researchers Tom Heydt-Benjamin and Kevin Fu were able to easily retrieve data from the new cards ... data available without encryption and in plain text. From the article: "They could skim and store the information from a card with a device the size of a couple of paperback books, which they cobbled together from readily available computer and radio components for $150. They say they could probably make another one even smaller and cheaper: about the size of a pack of gum for less than $50. And because the cards can be read even through a wallet or an item of clothing, the security of the information, the researchers say, is startlingly weak. 'Would you be comfortable wearing your name, your credit card number and your card expiration date on your T-shirt?' Mr. Heydt-Benjamin, a graduate student, asked."

3 of 261 comments (clear)

  1. Oyster Cards on the London Underground by QuatermassX · · Score: 5, Interesting
    In London, TfL can track my movements for the past several years, but I do wonder how often people have their Oyster data swiped. Of course, what would the purpose be, really ... use and abuse that season ticket? Hmmm ...

    Of course, I found this interesting blog post from several years ago: http://www.spy.org.uk/spyblog/2004/02/foiling_the_ oyster_card.html

    I just wish TfL would get the bloody Silverlink / North London Line railways on the system rather than posting stormtrooper rent-a-cops at selected stations on random mornings. I actually do pay my fare, but I'm deeply distressed by the rudeness of some of the non-TfL staff. Treat customers not as potential fare-evaders but customers!

  2. Why are we upgrading again? by boyfaceddog · · Score: 5, Interesting

    Okay, magnetic swipe cards are better than the old way of making a carbon from the raised info on the little plastic cards, but what is the advantage of an RFID credit card? I still need to get the RFID-thing out of my wallet or out of my pocket to use it. Is saving five seconds such a big deal that I wouldn't spend that five seconds in order to protect my identity?

    Upgrades for the sake of the "wow-factor" are stupid.

    --
    Here will be an old abusing of God's patience and the king's English.
  3. Re:Dumber then not signing by Alpha232 · · Score: 5, Interesting

    Working in the hotel business, I handle a large number of credit cards. The trend I have seen for people wanting to "disable" the RF portion is to use a hole punch through the chip. I've seen about ten or so this past month, all have the little radio icon on the back and a hole punched right through the card. Not a bad way to do it I must say.