Would You Trust RFID-Enabled ATM Cards?

race_k2 asks: "As a regular Slashdot reader I've followed the development and implementation of RFID devices in many ubiquitous areas such as clothing, passports and even people. Given that our environment is becoming increasingly tagged, often without our knowledge or consent, and can be monitored or hacked by anyone with the proper hardware, skills and motivation, I viewed the recent arrival of two new ATM cards containing RFID chips with skepticism. While this feature may bring the increased convenience of speedy checkouts, it is not something I am completely comfortable using and decided that the safety of my personal data was more important than the ability to buy things quickly. The vulnerable nature of RFID security coupled with recent, though unrelated, reports of a Possible Security Flaw In ATMs make me seriously question whether the marriage of wireless data transfer with personal finance is a wise application of technology." So race's question basically boils down to: How safe and secure are the RFID chips that are being embedded in debit and credit cards? To add another issue on to the fire: Would you trust RFID technology on your cards?

race_k2 continues: "My concerns were well received by representatives at Chase and after checking with a supervisor the rep said that a new chip-less card was on its way. On the other hand, the people at HSBC could not fathom why I would not want to have this fantastic new technology in my pocket everywhere I go. The customer service agent said that cards without RFID tags were simply unavailable and I could opt to not use the feature at checkout. The concept of unauthorized reading of the ATM card by a mobile RFID scanner fell on deaf ears and questions regarding the level of security on the RFID ATM card chips were not answered to the technical level that I was hoping for. The stated 'Don't worry, we use encryption' did little to allay my concerns.

Is the unauthorized access of sensitive personal data on an ATM card chip by a home-brew RFID scanner a real possibility? Will we have to worry about the spread of RFID viruses to our back pockets and purses? Finally, are there any passive methods to permanently inactivate an RFID chip without having to resort to its removal or destruction?"

Re:Yes but.....

[tttonyyy]

I would, but everyone seems to forget that you can have RFID and a PIN or other second form of ID. I would have no problem as long as there was an OPTION for a second method of authentication to be applied.

Sure, it would cut down on convenience, but only a little, and would more than make up for it in added safety.

-Charlie Tell you what, why not post your card details here (including the three digits on the reverse), but NOT THE PIN, and we'll see how many of us can buy something with it.

Willing to stand by your statement? Are you sure you still don't have a problem with other people having access to your card data?

Nuke it

[brunes69]

An RFID chip will fry in seconds in a microwave. It takes much longer than that to affect the plastic. And the magnetic stripe will not be affected at all, until the plastic starts to melt.

Putting the card in the microwave for 3-5 seconds should do the trick. The worst that can happen is you ruin your bank card, so just go to the bank and get another. They don't cost anything.

Re:Not suprised about HSBC

[Bazman]

Talk to a financial journalist. Not only will they have contacts at the bank, but the bank will fear them more than they fear you...

Re:Liability for unauthorised transactions?

[bhima]

Do you honestly think that banks don't pass every single expense they incur along to the customer?

No matter who pays at first, in the end we all pay more because of shitty security.

why should they care abotu security, it's...

been made your problem by way of the 'identyty theft' myth. There's no such thing as identity theft. When someone gives your money or loas their money to the wrong person, thinking it's you, THEY ARE AT FAULT.

Effing brainwashed sheep have bought into the identity theft ruse hook, line, sinker, and hummer to the fisherman.

Re:why should they care abotu security, it's...

[multisync]

When someone gives your money or loas their money to the wrong person, thinking it's you, THEY ARE AT FAULT.

They may be at fault, but you are the one who is screwed.

Re: Check the incentive

[Erick+Lionheart]

Uh... no? If the credit card companies were the ones paying for the fraud done with credit cards, there would BE next to 0 fraud.

As it is, they make the -merchant- pay for it! And not only do they make us cover the price of the fraudulent transaction, but they ALSO tag an extra $25 -per fraud transaction- !! Heck, at this rate they might actually be MAKING money from fraud!!

If one customer buys 3 times with same fraudulent cc over a few days (say, for $5 items!), we pay $75 in -addition- to the cc company taking back the $15!!!!!

With the hundreds of Billions they process every day, do you really think there would be so much fraud if the cc companies were the ones really paying for it?? :/

Re:Absolutely not

[nasor]

If your bank really wants to make it easy for people to rip them off, it's not really your problem is it? I've never understood why people care so much about credit card security. If someone steals your credit card number and uses it to buy something, you just report the charge as fraudulent. No credit card company charges customers from fraudulent charges made on there account.

Using a credit card seems much safer than cash. If someone steals my cash, I'm out of luck. If someone steals my credit card or uses my account number without my authorization, I don't lose anything except the 10 minutes or so that I have to spend on the phone with the credit card company.