Comments on: Newer Credit Cards Are Less Secure

By: Tom

Tom — Thu, 01 Jan 2009 20:28:09 +0000

Regarding RFID:

Preventing accidental readings — if you put the device in a metal lined container (eg, put tinfoil in the back of your billfold if you don’t go to http://www.difrwear.com/ like itch above) then nothing, no matter how sensitive, will read the RFID

Screwing with those attempting readings — keep the card with other devices that have RFID (front door fob, work security pass, bus pass in my case)

Preventing any readings — the chip is actually quite fragile … take a pointed object (kitchen knife will do if you don’t have a centre punch) and a blunt object (hammer or shoe) and punch a hole in it. You can test success by attempting to pay with it.

Personally, I use it and like it. The device is convenient, I have no miss-reading/reswipe issues. And the bank guarantees against fraudulent use — I maintain the only decent defence against fraud remains following up on statements.

Cheer

By: David C

David C — Wed, 31 Dec 2008 17:07:12 +0000

You can always ask the credit card company to send a new card without an RFID tag (well, at least for now). My first Chase Freedom card has a tag in it, so I just emailed Chase for a tag free card that arrived in a week.

By: Itch

Itch — Tue, 30 Dec 2008 23:12:03 +0000

My biggest problem w/ RFID credit cards is its passive. You dont have to physically do anything for it to be activated. When it comes to money, I’d like at least one physical action as part of the transaction. Makes me sound technophobic I’m sure, but I’ve conceptualized how hard that would be before. Aren’t gangs in Japan doing something similar already?

But yeah, I got suckered w/ a “want Generation 2 of your card?” Generation 2 of Citi’s Cash back card showed up with RFID. I went back and looked over the information, and didn’t see RFID mentioned. So not thinking it was a big deal, I tried to get a card w/ the same plan but no RFID. Not a single person I talked to could grasp why Id want such a thing. Nor is there a way to turn it off on their side.

Worse yet was the fact I’d have to back to my old “plan” if I wanted a card w/o RFID. Jumping around like that would _great_ on my credit score I’m sure.

So I went shopping.

http://www.difrwear.com/

Forget where I heard of them, but it works well. It shields both my company badge and my credit card. The wallet is nice enough. Kinda hard to get your drivers license out of the sleeve, but otherwise does what it needs. And no noticeable weight.

By: Rob

Rob — Tue, 30 Dec 2008 18:40:00 +0000

I would refuse any replacement credit cards that use RFID, at least until / if some bulletproof security measures are put into place. If that means that my list of available banks / cards shrinks, so be it. If enough people follow suit, then banks will change their path, and start offering non-RFID containing cards as an option, at least.

By: Smithee

Smithee — Tue, 30 Dec 2008 15:30:51 +0000

@Writer’s Coin: I think I agree with the spirit of your comment, which is that the best advice continues to be “keep a close eye on your statements”, but it seems to me that someone who bumps into me and takes my account details with an $8 device is a larger risk than someone else hacking into a database. That takes some skill, and databases are protected by heavily-fortified networks (or they should be, anyway).

And someone looking over my shoulder is easily combated.

By: Writer's Coin

Writer's Coin — Tue, 30 Dec 2008 13:42:46 +0000

I read about the whole mythbusters fiasco but in the end, my conclusion was that RFID is just as easy to hack into than any other method. Someone can always look over your shoulder and memorize your card, hack into a database, etc. Either way, it’s how the provider handles it that matters.

I’ve had a couple of incidents and my bank has given me very little grief about it, which I’m happy about. knock on wood