I received a call a couple of weeks ago from a reporter named Darla Miles, who works at ABC Eyewitness News, the local ABC affiliate here in New York City. She wanted to interview me, and I said OK. Miles is a smart, likeable reporter. I told her, “I know exactly what you are going to do: You are going to do a piece that scares people into thinking they’re in danger. ‘You could be at risk from having your credit card number stolen by RFID—tune in at 11!'”
Sure enough, on May 26, as I was driving to Manhattan and listening to the news, a promo played on the radio: “You could be at risk of someone stealing your credit card without even touching you. Tune in at 11.”
The piece, now posted on the ABC Eyewitness News Web site, is basically the same biased story produced by an L.A. station a few weeks ago (see L.A. Broadcaster Misinforms Public About RFID Credit Cards).
I’m quoted in the story as saying there are concerns, and my buddy Lance Ulanoff from PC Magazine is quoted as saying there are tradeoffs between benefits and risks with new technologies. Neither of us is even identified, whereas Walt Augustinowitz, identified as the owner of Identity Stronghold, is allowed to peddle his usual nonsense about how someone can steal credit cards with a $10 reader.
But there’s an added twist: Augustinowitz takes the credit card number, goes to a Web site and downloads information about a person whose card he supposedly stole. I wonder if he or Miles would be willing to identify the site, clarify what data was downloaded and explain how this was even possible. To my knowledge, there is no site at which you can simply type in a credit card number and download information about cardholders—and if there were, why would you need to steal numbers with RFID to do it? Why not just type in random numbers and download information?
Here’s what I told the reporter, that either she or her producer apparently felt was unimportant to relay to their audience:
1. There has never been any credible report that anyone has ever had their credit card number stolen and used fraudulently because it had RFID.
2. If your card number were stolen, that wouldn’t mean the thief could use it. Despite what Augustinowitz incorrectly claims, every Web site at which I’ve ever purchased anything requires a credit card validation number, which you don’t get when you skim credit card data.
3. Keeping credit card numbers and expiration data secret is not how credit card companies prevent fraud. They use sophisticated software to identify fraudulent transactions.
4. Even if something were to be purchased fraudulently with your card, in most cases you would not be held liable. The credit card company would take the hit.
I’m a journalist, so I know why these facts were not presented to ABC’s audience—what seemed like a good story would have become a non-story. There’s an old saying in journalism: “Never let the facts get in the way of a good story.” ABC Eyewitness News sure didn’t.