A new study has uncovered flaws in privacy & security features of several Radio Frequency Identification contact-less payment cards.
A recent study by a group of researchers called "RFID Consortium for Security and Privacy" that showed loopholes in RFID (Radio Frequency Identification) contact-less payment cards was dismissed by SCA (Smart Card Alliance). The study uncovered flaws in privacy & security features of several RFID contact-less payment cards.
Researchers tested some 20 RFID credit cards and successfully exploited the flaws by reading the data being transmitted in the air like name of cardholder, card number & expiration date.
Secondly, RFID cards were claimed to be susceptible to skimming. The study claimed that someone having RFID reader could gather data from the card & could make an inexpensive duplicate device. A fraudster can also make online transactions using stolen information.
SCA, however, has rendered these claims as invalid. It said nothing in report could support the argument that a fraud could successfully conduct an illegitimate transaction in real world. The tests were conducted in labs & the researchers didn't interact with the payment networks, therefore, no valid conclusions can be reached if one doesn't interfere with the payment network.
SCA also says that a contact-less payment smart card chip computes a unique number or code that acts as an authentication proof for every transaction, which prevents any probable replay of transaction data for making a fraud transaction. Any attempt made to reutilize the encrypted code will result in failed transaction.
"Researchers may be right, but one thing is clear; As the RFID technology matures, more & more criminals would start to figure out ways for abusing it", according to a senior research analyst at RNCOS.
Related Market Research Reports:
Global RFID Market Analysis till 2010
European RFID Industry Outlook (2007-2010)
RFID Outlook China
