Version: 2008

Comments on: The hands-free way to steal a credit card

Researcher both reads and decodes an audience member's smart-chip-enabled American Express card without removing it from the wallet.

Add a Comment (Log in or register) (10 Comments)
  • prev
  • 1
  • next
Tags
by schmidty1985 February 21, 2008 8:37 AM PST
Another for the MAN to track you and get into your personal life.
Just think if everyone had this inserted into them. HEY close that
window, we don't want any more of our rights to fly out it
please!!!!!!
Reply to this comment
rf-enabled credit cards are secure
by vanderhr February 21, 2008 11:11 AM PST
I am sure Mr. Laurie is a knowledgable RFID expert, but he is not a credit card expert or a passport expert, so he should be cautious in jumping to conclusions about what a thief can do with the data skimmed from an RFID chip in those two examples, as there are other security controls beyond the RFID chip that prevent bad things from happening in this type of attack. The AMEX credit card data can only be used to commit online fraud if the merchant account does not to ask for the 3 or 4 digit security code which is not stored inside the chip, only on the card itself. If that unlikely event happens, the customer is not liable, the merchant is. Second thing, regarding passports, these are protected with an additional feature called basic access control, so no personal data stored inside a passport can be skimmed in the manner demonstrated.
Reply to this comment
intelligence data is intelligence data
by teh_chrizzle February 21, 2008 1:47 PM PST
any data that is broadcast is not secure. any data that is broadcast is intelligence data and intelligence data in the wrong hands is always a bad idea.

with passports and credit cards you don't need to be able to use the data in the manner card or passport issuer intended for the data to be dangerous. data of any kind can be used to identify or target an individual.

just because i can't easily use a credit card number to buy stuff doesn't mean having a person's credit card information is a good thing. you can still cause all manner of havoc with the information, using the card name or type in a scam, or just figuring out who has an american express card in their possession.

the trouble with RFID passports is that broadcasting your identity and nation of origin is not a good idea in any country, including the united states. being able to scan a crowd for american passports (or brits, or israelis) makes targeted kidnapping and bombing much more effective.

anyone with an ounce of security training will tell you that you should do your best to blend in when you are in a foreign country so you will not become a target for terrorism, crime, or espionage. having your credit card and passport broadcasting personally identifiable information via RFID is the opposite of blending in.
Amex should provide a shielded card sleeve.
by WaltAugustinowicz February 26, 2008 12:28 PM PST
as should all the credit card companies and the transportation card companies. They are very inexpensive in bulk. Identity Stronghold sells them on their website. www.idstronghold.com

In the UK you can buy them at www.smartcardfocus.com/skimstopper

This seems a simple solution to a big problem.
Reply to this comment
Oh come on!
by tienkou February 27, 2008 4:53 AM PST
It sounds to me like Laurie is contributing to the problem not the solution. Everyone wants to find the flaw and become "infamous". No one takes the time to think "What's the cost of cyber-fame?" Ooh If I come up with this really complex algorythm to prove my point and tell everyone they will have to fix it. How about you find the flaw tell only the company that needs to know and keep you trap shut. No the entire public can buy you stuff and steal from each other.

I know they work hard and think they are doing the right thing by exposing potential dangers, but guess what most people don't know how to make a bomb until someone tells them step by step.

Expose the threat not the do it yourself!
Reply to this comment
by dansodouglas July 11, 2008 10:23 AM PDT
how do i really get my credit card with safe
Reply to this comment
by Goldking78 August 27, 2008 6:56 AM PDT
you have to keep your credit card password safe for others not to see because if they see they may go in to your credit account so you have to get password protection so that people can not use you credit card for any business
Reply to this comment
by julietroland90 August 30, 2009 10:50 AM PDT
i want to have marster card number free with his code an card number
Reply to this comment
by julietroland90 August 30, 2009 10:53 AM PDT
and i want u to mail me the number of the card
Reply to this comment
by julietroland90 August 30, 2009 10:53 AM PDT
and i want u to mail me the number of the card
Reply to this comment
(10 Comments)
  • prev
  • 1
  • next
advertisement

15 sites that went kaput in 2009

Web sites launch all the time, but they also shut their doors. We highlight 15 that bit the dust this year.

Top 10 news stories of the decade

Let the debate begin: Was the iPhone more important than iTunes? Was anything bigger than Google finding a great business model? CNET offers its list of the 10 most important stories of the '00s.

About Defense in Depth

Covering computer viruses and computer crime, Robert Vamosi goes beyond the hype to provide you with expert interviews of the top security researchers, as well as offering the hands-on, nontechnical advice you'll need to stay safe online.

Add this feed to your online news reader

Defense in Depth topics

advertisement
advertisement
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET