You say RFID, I say contactless

[Dave Birch] The Wall Street Journal recently ran yet another contactless/privacy scare story, featuring some guy who was so paranoid about miscreants surreptitiously stealing money through his PayPass card that he smashed it up with a hammer.

The WSJ then went to MasterCard, who told them (accurately) that multiple layers of security are available to prevent MasterCard data from being stolen by electronic eavesdropping. They quote Art Kranzley, EVP of New Payment Technologies: “It is up to the companies that issue the card to decide which security measures to adopt… Customers who don’t want RFID in their PayPass payment cards can ask to be issued an old-fashioned chipless card”.

Despite the fact that this is a payment product with lots of security, that customers don’t have to have it and that Chase (with 7 million cards issued) say they haven’t seen any fraud, the WSJ — apparently oblivious to the fact that the ISO 14443 13.56MHz short-range PayPass interface is not the same as the EPC Class 1 915MHz long-range interface used to read retail tags, that retail tags are meant to be “open” so that anyone can read the electronic barcode, that retail tags don’t contain microprocessors and that there is no cryptography in retail tags — uncritically quotes a variety of anti-RFID sources, including the Campaign Against Supermarket Privacy Invasion and Numbering (CASPIAN),

Technorati Tags: ,


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.