Related Stories

Top 5 Stories


RFID credit cards are more secure than magnetic strip cards, says ITRC

04 March 2011

Credit cards with RFID chips provide more data security than cards with magnetic strips, according to a study by the Identity Theft Resource Center (ITRC).

The credit card companies are taking the “necessary steps” so consumers can use the cards in a secure way, said ITRC executive director Jay Foley. “There is no real pickpocketing capability there. You might be able to walk up behind someone with a scanner, but the volume of information you will capture is going to be incomplete and unusable”, he told Infosecurity.

There are two primary security measures that credit companies use to secure information on RFID credit cards: generating a unique transaction number each time the card is read by a scanner and restricting the distance that the card can be read to between one and four inches.

“There are only three pieces of information that are captured by the RFID terminal: card number, expiration date, and a control number that is generated per transaction by the chip based on the information that the RFID terminals sends to the card. It’s a unique number and it changes every time. If you were to capture the control number and try to use that information two minutes from now, it wouldn’t be viable”, Foley explained.

The RFID reader does not capture the name, address, or other personal information that is included on a credit card with a magnetic strip, he related.

The RFID technology also protects the merchants. “If a retailer has a breach of security and they have to notify customers, they are going to have to notify everybody involved, except for the RFID customers because the retailer hasn’t captured enough information to trigger the [notification] law”, Foley explained.

The ITRC head said that all of the credit card companies surveyed had in place adequate security for their RFID credit cards (details of the companies’ responses are provided in the ITRC news release). He added that all of the companies limit the distance that cards can be read to four inches.

Foley said that consumers can place their credit card in sleeves that block RFID readers from reading the card. “I just don’t think it’s necessary”, he added.

This article is featured in:
Data Loss  •  Identity and Access Management  •  Wireless and Mobile Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×