Cleaves NEWSWIRE [Cleaves Newswire has been decommissioned but will remain online as a resource and to preserve backlinks; new site here.] Independent Open Publishing
 
"I never learned from a man who agreed with me" -- Robert A Heinlein
» Gallery

Search

search comments
advanced search
printable version
PDF version

Going Cashless with RFID Despite Huge Risks
by Eleanor Bell via stele - ABC (Oz) Monday, Jan 30 2012, 8:23am
international / miscellaneous / other press

Consumers warned over tap-and-pay technology

Banks, financial institutions and now internet service providers are tapping into the market for contact-free payment systems

Exploitable RFID wireless transaction
Exploitable RFID wireless transaction

It is a time-saving temptation for busy people, but tech experts say consumers must be aware of the risks when opting for the technology.

Contactless credit cards and mobile phone chips connect to payment terminals via a short range radio frequency identification (RFID).

Unlike traditional payment methods, they do not require a signature or PIN to verify the card holder's identity.

Professor Rob Livingston from the University of Technology says it is a win-win for banks and retailers because cash is expensive.

"There's a number of benefits, some of which relate to increased customer service, a lower per-transaction cost and more importantly the potential elimination of cash," he said.

"For many organisations that are dealing with the public, the cost of maintaining cash is quite expensive.

"Moving to the cashless environment has got distinct advantages in that context."

Professor Livingstone says perhaps the biggest benefit to companies is the creation of a digital signature - a complete record of spending habits, no matter how small.

And that data is worth money.

"For each transaction that you put through the financial system you essentially have got a trail. That is worth something in terms of your spending pattern," he said.

'Relay attacks'

But internet vulnerability experts warn that data can be vulnerable to third parties.

"Cloning is a big problem with RFID solution, being able to read the data remotely with various tools and software so you can track people, you can collect information," Hacklab.com's Chris Gatford said.

"There's been some very famous attacks where people have been reading passport numbers and other serial numbers from RFID-enabled cards.

"Proximity cards, such as the one that you use to get into your secured building, those have been cloneable for quite some time.

"There's all sorts of attack methods available to wireless communication."

While he says it is unlikely tap-and-pay credit cards will be cloned, there are other ways criminals can maliciously access both your money and your details.

"Probably one of the first attacks that we're most likely to see being used by criminals are probably relay attacks," he said.

"When you have your phone in your pocket or your card in your wallet and attackers work out a mechanism to activate the card in your pocket, relay the transaction somewhere else, maybe not even in the country and perform a transaction at a terminal by another party, stealing money from that particular account.

"That's probably the most likely attack that we'll see occurring in the future."

Due in part to the lack of terminals, Australians have been slow to adopt the tap technology.

But that is about to change with Australia's two largest supermarket chains beginning nationwide roll-outs of the technology next month.

© 2012 ABC


 
<< back to stories
 

© 2005-2024 Cleaves Alternative News.
Unless otherwise stated by the author, all content is free for non-commercial re-use, reprint, and rebroadcast, on the net and elsewhere.
Opinions are those of the contributors and are not necessarily endorsed by Cleaves Alternative News.
Disclaimer | Privacy [ text size >> ]