I was buying some coffee at Tully’s this morning (sorry… ;-)) and happened to fumble my Amex Blue card as I was handing it to the cashier. He picked it up and to my horror, peered at the RFID chip embedded into it and thought out loud “I bet this will work”. The world went into slow motion, my heart skipped a beat and I’m pretty sure my face turned white as he waved my card in front of the fancy schmancy ViVOtech VIVOpay contactless payment device. (Insert Flickr picture here at later date)
Knowing what I do about RFID payment card vulnerabilities, I was completely disheartened to hear the svelte beep of the reading station as the RFID chip in my credit card was activated for the first time…or was it? It’s absolutely possible for a malicious person to build a reader that would snag my (likely unencrypted…see RFID link above) credit card information without so much as a beep to alert me. RFID is becoming more and more a reality of daily life, particularly with respect to identify and payment information, and these systems have not incorporated security into their design.
So…how many RFID chips do you have in your wallet?