Many of my earlier diaries were about the danger of RFID tags. Here’s proof of the danger of the RFID technology. I sure hope the Diebold voting machines don’t use these.
October 23, 2006
CONSUMER WATCHDOGS DEMAND RECALL OF SPYCHIPPED CREDIT CARDS
CASPIAN Advises Consumers to Immediately Remove Cards from Wallets
Consumer watchdog group CASPIAN is demanding a recall of millions of RFID-equipped contactless credit cards in light of serious security flaws reported today in the New York Times. The paper reports that a team of security researchers has found that virtually every one of these
cards tested is vulnerable to unauthorized charges and puts consumers at risk for identity theft.
“For these financial institutions to put RFID in credit cards, one of the most sensitive items we carry, is absolute lunacy,” said Dr. Katherine Albrecht, founder and director of CASPIAN, a consumer group with over 12,000 members in 30 countries worldwide.
Researchers are showing how a thief could skim information from the cards right through purses, backpacks and wallets. This information includes the cardholder’s name, credit card number, expiration date and other data that would be sufficient to make unauthorized purchases. They
say the information could even be used to identify and track people, a scenario Albrecht and co-author Liz McIntyre lay out in their book, “Spychips: How Major Corporations and Government Plan to Track Your
Every Purchase and Watch Your Every Move.”
Despite earlier assurances by the issuing companies that the data contained in the credit cards would be secure, researchers found that the majority of cards they tested did not use encryption or protect the data in any way. The information on them was readily available to
unauthorized parties using equipment that could be assembled for as little as $50, the researchers said.
“We cautioned companies against using item-level RFID, and they didn’t heed us. Now the credit card industry is facing an unprecedented PR and financial disaster,” says McIntyre, who is also a former bank examiner.
She points to the astronomical cost to replace the cards, not to mention the potential financial losses, litigation expenses, and erosion of consumer trust.
Albrecht and McIntyre are calling on the industry to issue a public alert detailing the dangers of the cards they’ve issued, institute an active recall, and make safe versions without RFID available to concerned consumers.
“This recall has to be very clear and very directed since consumers may not know their cards contain RFID tags,” says Albrecht. “The industry has repeatedly resisted calls to clearly label the cards. Rather, they’ve given the cards innocent-sounding names like ‘Blink.'”
CASPIAN is advising consumers to immediately remove the credit cards from their wallets and call the 800 number on the back to insist on an RFID-free replacement card. The group is cautioning consumers not to mail the cards back or simply throw them away due to the risk of their personal information being skimmed.
Today’s New York Times article by John Schwartz can be found here:
LINK
A research report detailing the findings can be found here:
Link
This RFID stuff has bothered me since I first read about it a few years ago. I know it has a practical side regarding inventory tracking, but I find it obscene when used to track us in any form.