Friday, December 16, 2005
I just got my ATM card number exchanged for RFID card
Robin's Commentary
You know the story... give us your credit card and we will automatically withdraw your regular monthly payments and make it really convenient for you as a consumer... unless you get that letter in the mail from your credit card company stating "congratulations, you have a new card" and along with a new card number which means that you now have to contact all of those companies and notify them that you have a new card number within a 90 day period, otherwise, they will get notification of a closed account.
So, I called my bank and ask them if I really have to accept the new card number. Their reply was, "no, you have the right to cancel your account" did you feel the warmth? and she proceeded to remind me of the do whatever we want to consumer agreement that you signed to get the account in the first place.
Well in truth, on this particular card there isn't anybody that does an automatic withdrawal... it is just the idea of the impending work without even asking if I wanted it.
Anyway, the reason for the card change was because of the new RF ID technology otherwise known as "Paypass", which involves only "tapping" the scanner instead of scanning your card through a reader.
Coincidentally, because of our car being stolen, I have been researching transponders to add a lockout system on our cars to prevent future loss and although the technology is quite amazing, it is not infallible. For these brand new RF ID cards, there are already devices to capture and duplicate the signal. No surprise there, because that's how technology normally works.
However, what bothers me is the range that these cards have to be at in order to create a transaction.
Depending on the system or frequency, also determines the range.
Low-frequency 125-148 kHz normally used for pet and animal identification and car key locks have a normal range of 3 feet.
High frequency 13.56 MHz is the frequency used for the "smart cards" and they have a range of 3 feet as well. [source]
Key Bank in a news release claims that it the signal is only good for up to 4 inches and is only activated when the card comes in range of a high frequency radio waves admitted by the receiver. the signal can be read through a wallet -- so you could just tap the wallet without ever taking the card out -- but the consumer must be in front of the machine. of course they did not mention how the system knows which card you wish to use it you are tapping your wallet
[source]
So my question and concerned is, what is to prevent you from just laying your wallet or purse down near a scanner and then the next thing you know you just bought something?
There are also devices out there called RF ID sniffers in which the frequency can be captured and then encoded into another card.
Finally, I just do not want my wallet to be broadcasting.
My bank told me on the following that I should embrace new technology, my response was, I used to repair robots... that does not mean that I want one for my home.
In short, be prepared to start changing a lot of credit card numbers because this is technology that everybody is going to start adopting and if there are any entrepreneurs out there that wish to make a dollar for people like me who are concerned about signal theft, metal credit card holders that you could put your card in to isolate the signal might not be a bad idea.
The cashless system is on the horizon... whether we like it or not.
Subscribe to:
Post Comments (Atom)
2 comments:
That's just completely nuts. I have a bank card and a credit union card in my wallet, so I'm supposed to just get within a few inches of an atm and let the cards battle it out? Call me a Luddite, but I prefer to maintain control with my own decisions.
Now, I can disable RFID - that's really easy to do. So if the usual magstrip is left in place, it seems that the card could still be used after disabling RFID. Got any info on that scenario?
yes, check out my second commentary on this issue.
personally, I would not mind the tap and go scenario if it was also followed by a four digit pin number, otherwise, it would be no different than having a $20 bill stolen from your wallet.
the company claims that security is tighter than an ATM card, but without a second piece of validation e.g. pin number it is about as secure as money found on the ground.
Post a Comment