RFID card would open new avenues for fraudsters in India

2265

ICICI Bank announced the launch of its contactless credit cards on 7th January’2015. This is a going to be a big game changer technology in the Indian payment industry according to the ICICI Bank officials.

It is true to some extent that this will change the way payments would be made with the cards. However, this technology comes with significant risk.

RFID Technology

The Paywave and Paypass products of Visa and Master are recent technologies in India. These technologies are built on the radio-frequency identification (RFID) technology. This technology stores information including the card number, the cardholder’s name and the expiry date. It does not include the three digit security number on the back of the card – usually used when a larger purchase is being made on the card. RFID technology serves the same purpose as the magnetic strip on a credit card, but works wirelessly, making it more susceptible to high-tech theft.

RFID technology is less secured than Chip and Pin technology. Chip and pins are using 2 factor authentication. You need the card, and you need the pin. They are two different, unrelated pieces of knowledge/possession that are required for your purchase to go through. RFID technology used in the cards is single factor.

RFID and NFC

Radio Frequency Identification (RFID) and Near Field Communication (NFC) are two sets of technologies that allow transfer of information over short ranges wirelessly. NFC allows two-way communication rather than simply “reading a tag” in the RFID case. In the case of credit cards its always RFID because credit cards never receive information, it simply allows itself to be read.

NFC and Mobile Phones

NFC is now built into some more powerful smartphones, which also means that the technology will eventually replace RFID credit cards with the cellphones in the future. The cashier’s terminals will then accept NFC communication as if it is a credit card

Vulnerabilities in RFID

  • Since the RFID technology is not secured, anyone with the physical possession of the card can use this card for shopping. Though the stealing would be in small amounts, cumulatively the impact can be bigger. Thiefs are likely to make killing with these type of debit cards.
  • There are mobile applications designed for reading the information on RFID credit cards. All information on these RFID cards can be easily read with the help of these RFID readers available on the Google Play. One such NFC Reader is easily available here. Using these devices, a person can stand in a crowded place and steal the credit card information from these RFID enabled credit cards.
  • Though significant damage is not anticipated by stealing this information, the identities can be easily stolen as the personal details and the contact addresses can be easily changed with the help of the information available on these cards.

How to protect ?

Any buyer of this card needs to protect his information from being stolen from the thieves by keeping the cards in the aluminium foil.