No-Swipe Credit Card No Problem For Thieves

Radio-frequency enabled credit cards allow consumers to complete transactions with a flick of the wrist, but new research shows that it’s not just consumers and merchants who will find the new system easier.

Thieves, equipped with a device about the size of a pack of gum and costing less than $50 in readily available electronic parts, can intercept the credit cards.

Equipped with such a device, a fraudster could walk through a crowd of people, harvesting cards into a portable reader. An unauthorized reader could be placed behind a legitimate reader and transmit the numbers back to the thieves’ lair. Or a reader could be embedded in an innocuous-looking package and placed in mailboxes, culling and transmitting numbers on newly issued credit cards.

Until these security vulnerabilities are addressed, hold off on getting a credit card wand. Their most breath-taking magic may be how swiftly they’re used to rack up a mountain of jewels, embossed leather jackets, and spinning hubcaps, all in your good name.

Researchers See Privacy Pitfalls in No-Swipe Credit Cards” [NYT]
Vulnerabilities in First-Generation RFID-enabled Credit Cards (pdf)
RFID Payment Card Vulnerabilities Technical Report (pdf)

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.