Previous Politech message: http://www.politechbot.com/2005/05/20/rfid-wiggles-its/ -------- Original Message -------- Subject: RE: [Politech] RFID wiggles its way into credit cards? [priv] Date: Fri, 20 May 2005 08:35:07 -0400 From: Richard M. Smith <rms@private> To: 'Declan McCullagh' <declan@private> Hi Declan, Yes, this new Chase credit card system uses RFID. The credit card industry (ie., Visa, MasterCard, and American Express) selected the ISO 14443B standard for the next generation of credit cards. Here's a bit more about this standard: http://tinyurl.com/9zrwz The 14443 standard has been around for about ten years and was original developed by Philips for use in subway and bus toll collection systems. Their product line is called Mifare. Philips prefers to call this technology "contactless smartcard" instead of RFID. Other vendors like TI use the term RFID. I like TI's terminology better. Something like 200 million 14443 RFID smartcards have been sold in the last ten years. DC's Metro system for example uses 14443 RFID smartcards. Security measures used in these smartcards are quite good. I am unaware of any reports of 14443 cards being cloned or hacked, but to be honest, I haven't done much checking. The next generation of U.S. passports will also use this same technology. New U.S. drivers licenses may also. Developer kits for working with 14443 RFID smartcards are available for many manufacturers for under $500. Here's one example: http://www.gemplus.com/products/gemprox_devkit/ Richard M. Smith http://www.computerbytesman.com -------- Original Message -------- Subject: Re: [Politech] RFID wiggles its way into credit cards? [priv] Date: Fri, 20 May 2005 07:35:33 -0400 From: John Henry <johnhenry@private> To: Declan McCullagh <declan@private> References: <428D54FD.4070203@private> At 11:09 PM 5/19/2005, you wrote: >[Obviously credit card companies have the right to RFID-outfit their >cards, and obviously we have the right to take our business elsewhere if >we object. Still, is this RFID? It's not clear from the article, and the >Slashdot discussion doesn't help much The standard credit card with mag strip does not require physical contact with the reader. All it requires is very close proximity. It's already "contactless". It's not RFID since it is reading magnetic rather than radio pulses. Best, John R Henry CPP -------- Original Message -------- Subject: Re: [Politech] RFID wiggles its way into credit cards? [priv] Date: Thu, 19 May 2005 20:55:19 -0700 From: Ross Stapleton-Gray <ross@stapleton-gray.com> To: Declan McCullagh <declan@private>, politech@private References: <428D54FD.4070203@private> At 08:09 PM 5/19/2005, Declan McCullagh wrote: >Still, is this RFID? It's not clear from the article Sure: if it handshakes with some reader to exchange some data via RF, and does so without physical contact, it's RFID. It's not the same flavor of RFID that will be found in EPC tags on goods in commerce, where the need is to interrogate cases, pallets and items at a range of several meters, or the active tags in such applications as FasTrak where cars need to be scanned at freeway speeds from tens of meters, but it's RFID all the same. But I suspect your question is more, "should we be as concerned about this application as with others where 3rd-party surveillance will be possible, e.g., scanning passersby for the contents of their shopping bags, or the ID of the library books in their backpacks?" Maybe, maybe not. If the cards happily disgorge information that ought to be kept more private, e.g., a credit card number (although too many people, from your waiter, to the miscreant who paws through your postal mail, have ready access to that), then I'd worry some... it won't be hard to con card holders to expose their cards to readers, and I could imagine embedding a reader in a bench at the mall, to scan people's butts for those short-range RFID tags... Ross ----- Ross Stapleton-Gray, Ph.D. Stapleton-Gray & Associates, Inc. http://www.stapleton-gray.com -------- Original Message -------- Subject: Re: [Politech] RFID wiggles its way into credit cards? [priv] Date: 19 May 2005 23:49:20 -0400 From: John R Levine <johnl@private> To: Declan McCullagh <declan@private> References: <428D54FD.4070203@private> > [Obviously credit card companies have the right to RFID-outfit their > cards, and obviously we have the right to take our business elsewhere if > we object. Still, is this RFID? Yes, it's RFID. Look at page B1 of today's (Thursday) WSJ where there's a considerably better article. If they don't get you a WSJ subscrption, I think I can tell it to e-mail you the article. It says that MC, V, and AMEX have agreed on a common format so that the same reader will work for all of them. Amex will start chipping their Blue cards, too. > the Slashdot discussion doesn't help much Um, this is news? R's, John -------- Original Message -------- Subject: Re: [Politech] RFID wiggles its way into credit cards? [priv] Date: Fri, 20 May 2005 15:49:36 +1000 From: Jeff Schultz To: Declan McCullagh <declan@private> Please remove email address if posting. Seems to me that they'll still be perfectly usable for all conventional CC purposes after the chip is treated with a hammer. Unless it's on top of the magnetic strip. Jeff _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2.1.3 : Fri May 20 2005 - 08:22:31 PDT