Nov 24, 2008 8:14 am US/Eastern
Card Tap And Go Feature Poses Security Risk
BOSTON (WBZ) ―
It's the latest way to pay and go – the credit cards that you tap instead of swipe are becoming more popular, but that convenience could come at a cost.
With just a wave or a tap, you can pay for your gas, get into your office, ride the "T," or buy a Big Mac.
How does the card work? These cards contain a radio frequency identification device (RFID). It's a computer chip that uses radio waves to send out your card's number. A wireless device reads that number when you pay.
While it is fast and simple, there is a risk.
"You can copy someone else's credit card much easier than you could before," said Karsten Kohl, a security consultant who has studied this technology.
The card's security riskHe says he can get someone's card number using an RFID reader.
"So someone walks into CVS and stands a couple feet from the checkout counter, using a device like this… you can get enough information to later use that credit card to pay somewhere else."
Protect yourself from identity theft.It's even possible to get your number when the card is in your wallet, as long as the reader is less than 10 inches away.
Companies that offer contactless cards, Master Card, Visa and American Express tell WBZ their cards have several levels of security, and deny that hackers could make illegal purchases.
Kohl admits the risk of this fraud may be low now, but that may change as these cards grow in popularity.
"Eventually there will be hundreds of millions of these cards… and then the incentive will be high enough."
How can people protect themselves?
"They can ask the credit card company to send them a card without this technology," said Kohl.
And remember, card companies often mail you RFIC-enabled cards without telling you, which raises the question: What's in your wallet?
It's important to remember that in most cases, a hacker would only get your number, not your name, and most credit card companies have a zero liability policy so you won't be responsible for fraudulent charges.
(© MMIX, CBS Broadcasting Inc. All Rights Reserved.)
Click to enlarge
Stumble It!
Reporting
