IoT Security Blog

Articles and Posts on IoT Security, Embedded Systems, and the Internet of Things

RFID Pickpockets Capture Credit Card Data

Contributed by Joanne C. Kelleher

I have been meaning to write about data skimming off of RFID enabled credit cards. This topic has been covered on local TV stations across the country over the last several months. Almost all of the stories include a demo by the founder and CEO of a firm that makes card sleeves that shield contactless cards from unintended access. In the demo he displays data on his laptop which was captured from a passerby’s contactless credit card by moving his reader antennae near their wallets.

Purchasing this CEO’s product will protect you from data skimming (so will aluminum foil or declining to use contactless credit cards). Because the date stored on the payment cards does not use cryptographic security functions such as encryption, no hacking methods were needed to access the victim’s name and credit card number, just the appropriate reader.

This week, there is not one, but two good articles that discuss this issue.

RFID: Online Insecurity
Wednesday, June 1, 2011 – RFID Connections, the AIM Global newsletter
Bert Moore, Editor
With recent reports of data skimming from RFID-enabled financial transaction cards, two things are clear: first, aluminum foil sales are going to skyrocket and second, some online vendors have a lot of work to do.

Truth or fiction: Contactless pickpocketing
Thursday, May 31, 2011 – Contactless News
It is possible to sniff data but what can thieves do with it?