A Balanced Article About RFID Credit Cards

There has been a lot of misinformation about the potential risks of RFID-enabled credit cards, but a site called IndexCreditCards.com has published an article worth reading.
Published: March 13, 2012

By Mark Roberti

A lot of publications and television news stations have been running stories suggesting that anyone with a credit card containing a radio frequency identification transponder is at risk of having the card’s information—or their identity—stolen. I have long tried to clarify the facts, so it’s good to see other objective sources weighing in on the subject.

A Web site called IndexCreditCards.com recently published an article titled Chip Ahoy! Are RFID Credit Cards Secure?. Despite the terrible title, it’s a good story—and I was happy to see that it was picked up by the Fox Business Web site.

The article points out that an RFID-enabled card rarely needs to be handed over to a clerk or waiter, who can easily make an exact copy of a magstripe card.

In answering the question “Does RFID make it easier to steal?” the article states, “Jay Foley, executive director of the Identity Theft Resource Center in San Diego, is quick to admit that thieves could get your card info remotely through a scanner, but adds that they probably wouldn’t be able to use it. Unlike magnetic stripe cards, RFID credit cards encrypt a cardholder’s information. To access a consumer’s account, thieves not only have to scan the card, they also have to break the card issuer’s encryption.”

The article also notes that unlike a magstripe card, which has a static authentication code (that three-digit number on the back), RFID-enabled credit cards generate a new authentication code for every transaction. “If an identity thief nabs info by physically skimming a traditional credit card, he or she can use that information as many times as they like, racking up purchase after purchase until the card gets reported,” the article correctly states. “If all they have is the information from your RFID chip, they can only make one purchase with that authentication code.”

What’s more, the story reports, “But of course, the encryption and authentication code only helps you if your card information is swiped remotely from an unauthorized scanner. If a thief physically nabs your RFID card, they can still use the magnetic stripe all over town until you alert the authorities.”

This is an article that presents the facts, and doesn’t try to scare people. That’s nice to see.

Mark Roberti is the founder and editor of RFID Journal. If you would like to comment on this article, click on the link below. To read more of Mark’s opinions, visit the RFID Journal Blog, the Editor’s Note archive or RFID Connect.