Are “Contactless” (RFID) Credit Cards Safe?
I recently ran across an article talking about the advantages of “contactless” credit cards that transmit your account information via Radio-Frequency IDentication (RFID). While a lot of people are concerned about their account information being stolen from cards with embedded RFID chips, it seems that there are a number of security measures in place.
Here’s what they had to say about card security:
The contactless cards use secure data transmission. All information that is transmitted is subjected to 128-bit encryption.
The contactless card never transmits your credit card number. Rather, your card transmits a unique number for each transaction. If someone intercepts that number, it would be useless even if they could decrypt it.
Another thing to keep in mind is that card issuers typically extend the same sort of fraud protection whether or not you swipe your card.
The article also argued that contactless cards are faster to use. Cash transactions take and average of 34 seconds. Transactions in which you swipe your card take an average of 25 seconds. But contactless credit card transactions take an average of just 15 seconds.
Beyond all of this, contactless cards remove one major headache associated with “old school” credit cards — the magnetic strip never goes bad. In fact, I’m currently carrying around an Amex Blue Cash Rewards card with a sketchy magnetic strip. I need to call and get it replaced, but just haven’t found the time.
I’m still not sure how I feel about all of this — and I’ve never actually used the RFID feature. In fact, I just discovered that my Chase Freedom card has this ability.
Articles via RSS
Small corrections:
>The contactless cards use secure data transmission. All information that >is transmitted is subjected to 128-bit encryption
This is not true for Mastercard, Visa, Amex and JCB. The over the air transmission is not encrypted and will never be!
> The contactless card never transmits your credit card number. >Rather, your card transmits a unique number for each transaction.
This is partially true and only for Amex ! Neither Visa nor Mastercard contactless cards have capability to generate unique card numbers.
Comment by chipcards — May 3rd 2008 @ 4:40 amIf you believe everything that the credit card companies tell you then you’re probably one of those that believes everything the government tells you too.
Visa and MC are not encrypted – I don’t know about Amex and JCB. But suppose that they were. The fact remains that once whatever is transmitted by the chip is captured, it can be transmitted by the bad guy using cheap equipment found on eBay or built in the basement.
If you follow all the press out of the UK, you know that RFID credit cards have not done a thing to stop fraud. They have just moved it over to the Card Not Present world of on-line transactions where the merchant, not the bank, is responsible for the losses.
Tom Mahoney, Director
Comment by Tom Mahoney — May 12th 2008 @ 8:03 amMerchant911.org
COMING SOON: cardholder911.info