No-Swipe Credit Card No Problem For Thieves

Radio-frequency enabled credit cards allow consumers to complete transactions with a flick of the wrist, but new research shows that it’s not just consumers and merchants who will find the new system easier.

Thieves, equipped with a device about the size of a pack of gum and costing less than $50 in readily available electronic parts, can intercept the credit cards.

Equipped with such a device, a fraudster could walk through a crowd of people, harvesting cards into a portable reader. An unauthorized reader could be placed behind a legitimate reader and transmit the numbers back to the thieves’ lair. Or a reader could be embedded in an innocuous-looking package and placed in mailboxes, culling and transmitting numbers on newly issued credit cards.

Until these security vulnerabilities are addressed, hold off on getting a credit card wand. Their most breath-taking magic may be how swiftly they’re used to rack up a mountain of jewels, embossed leather jackets, and spinning hubcaps, all in your good name.

Researchers See Privacy Pitfalls in No-Swipe Credit Cards” [NYT]
Vulnerabilities in First-Generation RFID-enabled Credit Cards (pdf)
RFID Payment Card Vulnerabilities Technical Report (pdf)