Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

The Consequences of Convenience

RFID payment devices might mean we'll spend less time in lines, but will they strengthen or weaken our privacy protections? That remains to be seen.
By Mary Catherine O'Connor
Jan 02, 2006The holiday season is about reuniting with family. It's about the joy of giving. And it's about the drudgery of waiting in line—at the airport, the post office, the mall and everywhere else you go.

Right now, companies are inserting RFID inlays into credit cards, key fobs and cell phones to speed transactions. Meanwhile, merchants are adding RFID interrogators to their point-of-sale systems and accepting RFID payments, hoping to trim those lines by getting more consumers in and out of their stores more quickly. Many privacy advocates and technologists worry that convenience could come at the cost of our privacy if—or, as some say, when—a nefarious party were to find a way to use an RFID interrogator (reader) to snatch others' names and payment information, such as credit card or bank account numbers.

In mid-December, about 45 California state legislative staffers gathered at an event held in Sacramento to learn about emerging technologies—mainly RFID and biometrics—and their potential effect on privacy and identity theft (as well as laws to protect that privacy). Roxanne Gould, senior vice president of California public and legislative affairs for the American Electronics Association (AeA), spoke in favor of the use of RFID and biometric technologies in credit cards. She said companies are deploying these technologies to make consumers safer, because they can authenticate the consumer or have safeguards that prevent payment devices from being counterfeited.

These authentication and anticounterfeiting features exist, and will be effective until someone finds ways around them. However, I don't completely agree that they make consumers' privacy more secure, or that safety is the reason RFID and biometric technologies are being deployed. The bigger motivation, from the point of view of the credit card associations, banks and merchants, is increasing throughput—more transactions, completed more quickly. Or, to use a term that looks better in marketing materials, increased "consumer convenience."

The organizations that have developed RFID payment devices are using long-standing and robust cryptography to protect the account information on the RFID tags. And the ISO air-interface protocol the devices follow require that a tag be within about 10 centimeters (4 inches) from the reader. These protections make RFID payments a very tough nut to crack—for counterfeiters, and also for those seeking to steal RF data from the devices. Nothing, however, is impossible.

The traditional magnetic stripe credit card can be counterfeited, and someday RFID credit cards will likely face the same problem. Ditto for RFID-enabled passports. Of course, what sets old-school credit cards and passports apart from their RFID-enabled analogs is the very thing that has so many people creeped out: RF communication. And the discovery of a weakness in the encryption of data in Texas Instruments tags used for Mobil's Speedpass payment device proves that data is secure only until someone figures out how to hack into it.

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Case Studies Features Best Practices How-Tos
Live Events Virtual Events Webinars
Simply enter a question for our experts.
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations