RFID Journal Blog
Text size:
T
T
T
ABC Eyewitness News Presents Selective Facts About RFID Credit Cards
2 CommentsI received a call a couple of weeks ago from a reporter named Darla Miles, who works at ABC Eyewitness News, the local ABC affiliate here in New York City. She wanted to interview me, and I said OK. Miles is a smart, likeable reporter. I told her, "I know exactly what you are going to do: You are going to do a piece that scares people into thinking they're in danger. 'You could be at risk from having your credit card number stolen by RFID—tune in at 11!'"
Sure enough, on May 26, as I was driving to Manhattan and listening to the news, a promo played on the radio: "You could be at risk of someone stealing your credit card without even touching you. Tune in at 11."
The piece, now posted on the ABC Eyewitness News Web site, is basically the same biased story produced by an L.A. station a few weeks ago (see L.A. Broadcaster Misinforms Public About RFID Credit Cards).
I'm quoted in the story as saying there are concerns, and my buddy Lance Ulanoff from PC Magazine is quoted as saying there are tradeoffs between benefits and risks with new technologies. Neither of us is even identified, whereas Walt Augustinowitz, identified as the owner of Identity Stronghold, is allowed to peddle his usual nonsense about how someone can steal credit cards with a $10 reader.
But there's an added twist: Augustinowitz takes the credit card number, goes to a Web site and downloads information about a person whose card he supposedly stole. I wonder if he or Miles would be willing to identify the site, clarify what data was downloaded and explain how this was even possible. To my knowledge, there is no site at which you can simply type in a credit card number and download information about cardholders—and if there were, why would you need to steal numbers with RFID to do it? Why not just type in random numbers and download information?
Here's what I told the reporter, that either she or her producer apparently felt was unimportant to relay to their audience:
1. There has never been any credible report that anyone has ever had their credit card number stolen and used fraudulently because it had RFID.
2. If your card number were stolen, that wouldn't mean the thief could use it. Despite what Augustinowitz incorrectly claims, every Web site at which I've ever purchased anything requires a credit card validation number, which you don't get when you skim credit card data.
3. Keeping credit card numbers and expiration data secret is not how credit card companies prevent fraud. They use sophisticated software to identify fraudulent transactions.
4. Even if something were to be purchased fraudulently with your card, in most cases you would not be held liable. The credit card company would take the hit.
I'm a journalist, so I know why these facts were not presented to ABC's audience—what seemed like a good story would have become a non-story. There's an old saying in journalism: "Never let the facts get in the way of a good story." ABC Eyewitness News sure didn't.
Sure enough, on May 26, as I was driving to Manhattan and listening to the news, a promo played on the radio: "You could be at risk of someone stealing your credit card without even touching you. Tune in at 11."
The piece, now posted on the ABC Eyewitness News Web site, is basically the same biased story produced by an L.A. station a few weeks ago (see L.A. Broadcaster Misinforms Public About RFID Credit Cards).
I'm quoted in the story as saying there are concerns, and my buddy Lance Ulanoff from PC Magazine is quoted as saying there are tradeoffs between benefits and risks with new technologies. Neither of us is even identified, whereas Walt Augustinowitz, identified as the owner of Identity Stronghold, is allowed to peddle his usual nonsense about how someone can steal credit cards with a $10 reader.
But there's an added twist: Augustinowitz takes the credit card number, goes to a Web site and downloads information about a person whose card he supposedly stole. I wonder if he or Miles would be willing to identify the site, clarify what data was downloaded and explain how this was even possible. To my knowledge, there is no site at which you can simply type in a credit card number and download information about cardholders—and if there were, why would you need to steal numbers with RFID to do it? Why not just type in random numbers and download information?
Here's what I told the reporter, that either she or her producer apparently felt was unimportant to relay to their audience:
1. There has never been any credible report that anyone has ever had their credit card number stolen and used fraudulently because it had RFID.
2. If your card number were stolen, that wouldn't mean the thief could use it. Despite what Augustinowitz incorrectly claims, every Web site at which I've ever purchased anything requires a credit card validation number, which you don't get when you skim credit card data.
3. Keeping credit card numbers and expiration data secret is not how credit card companies prevent fraud. They use sophisticated software to identify fraudulent transactions.
4. Even if something were to be purchased fraudulently with your card, in most cases you would not be held liable. The credit card company would take the hit.
READERS' COMMENTS
Identity Stronghold Interview
Mark, I can only hope you print this. First of all you have had no problem taking my advertising fees every month for years now. Every month I get my receipt for payment with your name on it. This is really no way to treat a customer. I have no idea what you are talking about when you say a website to download credit card info. We never showed anything like that. We showed the data scanned from the card. I would be happy to debate you live on this if that is what is needed. Pick up the phone and place an order with a large phone order outlet. I did and the did not ask for the CVV code. I know the PCI spec requires this but many do not do it. In fact most do not realize they are not allowed to even write this number down on a form but they ask all the time on forms. Many do not do AVS or you can at least talk your way around it. I also was upset that when the piece ran on TV it did not even tell people how they could easily fix the problem with a Secure Sleeve. I don't understand why the federal government realizes there is a privacy danger and provides Secure Sleeves or Secure Badgdholders to federal employees with similar cards but most in the credit card industry choose to look the other way. This is an issue but the fix is easy.
Posted By: Walt Augustinowicz 6/1/10 at 12:16 PM
What I'm Talking About
Walt, I'm not sure what taking your money has to do with anything, other than to show we are very objective in our reporting and our commentary. The part of the "news" report I'm talking about starts one minute into the segment. The reporter says: "Once skimmed, Augustinowicz shows how pickpockets can download your sensitive information." The image on screen shows a download in process with the words "Passport processing." I'm trying to understand what this is and how it works. If someone skims my credit card number and name, where do they go to download my "sensitive information." What information are they downloading? Who runs this site? This sounds really scary. All I am trying to do is get the facts that were left out of the ABC Eyewitness news piece. One other thing I didn't point out because I liked the reporter and didn't want to beat up on her, but she says in the piece that they were unable to skim any credit card numbers because people didn't have RFID-enabled cards. It's unlikely that she checked and more likely that she assumed they didn't have RFID-enabled cards. (I could be wrong but the sloppy reporting in the piece suggests otherswise.) Maybe they did have RFID-enabled cards and skimming is not as easy as some people--I won't mention any names--suggest.
Posted By: Mark Roberti 6/2/10 at 11:29 AM