Home Internet of Things Aerospace Apparel Energy Defense Health Care Logistics Manufacturing Retail

Ask The Experts Forum

BlogsAsk The Experts ForumCan Every RFID Card Be Copied or Cloned?

Can Every RFID Card Be Copied or Cloned?

Posted By RFID Journal, 02.18.2020

How difficult is the cloning process? Let's say there's a scenario in which an individual has an RFID bus card or pass. If it were cloned, would the cloned card work like the original—in other words, if it were scanned, would it be authorized?

—Jerfry

———

Jerfry,

The security of an RFID system, as with almost any payment or information technology system, depends on how it is set up. If a transit company is issuing transponders with unique serial numbers and allowing people to ride its busses as long as the ID in a transponder appears valid, then a criminal could buy an RFID card on the Internet, write the ID of a legitimate card to the transponder with an RFID reader-writer and then use it like the original. This would not require a lot of technical skill.

However, there are ways to prevent this kind of fraud. One would be in the physical design of the card. You could put the card-holder's picture on the card, for instance, and bus drivers could then ask to see each card after it was used to pay for a fare. This would not be an ideal solution, however, since it would slow the boarding process down, and one of the big selling points of RFID is that it speeds up boarding processes by eliminating the need to find change and deposit it in a collection box.

Another option would be to use the tag ID (TID) in the transponder along with the serial number. Each RFID chip has a unique serial number that cannot be changed, which identifies the chip as unique. A serial number is then written to the tag's memory. You could read the TID and serial number and make sure there was a correct match, in order to ensure the tag was not cloned. This, again, would not be the ideal scenario, since the read and lookup steps would take longer than just reading the serial number.

A third option—and, in my view, the best option—is to use a software layer for security. If a serial number were used twice a day to travel on bus number 1 on the east side of a city, for example, and suddenly a card with the same serial number started being used for random trips in the west part of the city, this would show up in the software. This could indicate that the original card had been cloned and was being used fraudulently. This is similar to how credit card companies detect credit card fraud (though magstripe credit cards are easier to clone than RFID transponders).

I hope this answers your question, and I hope to see you at RFID Journal LIVE! 2020 in April.

—Mark Roberti, Founder and Editor, RFID Journal

Login and post your comment!

Not a member?

Signup for an account now to access all of the features of RFIDJournal.com!

Next Post
Can RFID Monitor Birds in Flight?
Previous Post
What Type of RFID Tag Is the Most String...
PREMIUM CONTENT
Case Studies Features Best Practices How-Tos
RFID JOURNAL EVENTS
Live Events Virtual Events Webinars
ASK THE EXPERTS
Simply enter a question for our experts.
TAKE THE POLL
JOIN THE CONVERSATION ON TWITTER
Loading
RFID Journal LIVE! RFID in Health Care LIVE! LatAm LIVE! Brasil LIVE! Europe RFID Connect Virtual Events RFID Journal Awards Webinars Presentations