Why I am RFIDup

Very recently one of my banks decided to send me a new ATM card as my old one had been about to expire.  Within said card contained a newly minted RFID (Radio Frequency Identification) chip. My security hackles went off like wildfire.

Some of you may have already received a similar card or use a version at the gas station where you wave your magic card and the “Paid For” sign lights up.  Well I can’t argue with the convenience factor here but lets be honest with each other, this is scary, really, really scary.

How difficult will it be for the black hat hacker community to roam around with their own readers and swipe your data by simply walking by, perhaps cloning your card or at the least stealing your info?  Let’s just say you believe that the RFID security is so tight as to make this impossible (of which I might scoff at you but let’s stay hypothetical for a moment), what happens when you lose this card?  If all I have to do is swipe it to pay for something that accepts this as a form of payment then I have effectively bypassed all forms of protection inherit to the process.

This reminds me of a story that happened to me about 2 years back.  I was strolling with my family down good ol’ Main Street, USA when I walked up to the local ATM machine.  Much to my surprise, facing back at me, was a screen asking me if I would like another transaction or if I would like to get my card back.  I realized that the girl who had just jumped in her car with new cash in hand had not only left her card in the ATM but it was still active.  Had a less then moral person been standing in my place I could have taken her for the ATM transaction limit (usually between $500-600 a pop) plus apparently stamps and personal information about her accounts.  Lucky for her I logged her out, took the card and called her bank to cancel the card much to the surprise of the bank’s customer service representative who let me know (in case I hadn’t thought of it) that I could have hijacked her for a bunch of cash and tried my luck with it as a credit card (it had that little Visa logo at the bottom right corner).

If you are wondering what my point to that story is, well, let’s assume every time you miss your pocket and the RFID enabled card hits the ground that some good Samaritan will face the same moral quandary.

Needless to say I have cancelled that card and requested the non-RFID version from my bank.