The WSJ then went to MasterCard, who told them (accurately) that multiple layers of security are available to prevent MasterCard data from being stolen by electronic eavesdropping. They quote Art Kranzley, EVP of New Payment Technologies: “It is up to the companies that issue the card to decide which security measures to adopt… Customers who don’t want RFID in their PayPass payment cards can ask to be issued an old-fashioned chipless card”.
Despite the fact that this is a payment product with lots of security, that customers don’t have to have it and that Chase (with 7 million cards issued) say they haven’t seen any fraud, the WSJ — apparently oblivious to the fact that the ISO 14443 13.56MHz short-range PayPass interface is not the same as the EPC Class 1 915MHz long-range interface used to read retail tags, that retail tags are meant to be “open” so that anyone can read the electronic barcode, that retail tags don’t contain microprocessors and that there is no cryptography in retail tags — uncritically quotes a variety of anti-RFID sources, including the Campaign Against Supermarket Privacy Invasion and Numbering (CASPIAN),
Technorati Tags: contactless, retail
