[Politech] More on RFID wiggling its way into next generation credit cards [priv]

From: Declan McCullagh (declan@private)
Date: Fri May 20 2005 - 07:44:54 PDT


Previous Politech message:
http://www.politechbot.com/2005/05/20/rfid-wiggles-its/

-------- Original Message --------
Subject: RE: [Politech] RFID wiggles its way into credit cards? [priv]
Date: Fri, 20 May 2005 08:35:07 -0400
From: Richard M. Smith <rms@private>
To: 'Declan McCullagh' <declan@private>

Hi Declan,

Yes, this new Chase credit card system uses RFID.   The credit card industry
(ie., Visa, MasterCard, and American Express) selected the ISO 14443B
standard for the next generation of credit cards.  Here's a bit more about
this standard:

http://tinyurl.com/9zrwz

The 14443 standard has been around for about ten years and was original
developed by Philips for use in subway and bus toll collection systems.
Their product line is called Mifare.  Philips prefers to call this
technology "contactless smartcard" instead of RFID.  Other vendors like TI
use the term RFID.  I like TI's terminology better.

Something like 200 million 14443 RFID smartcards have been sold in the last
ten years.  DC's Metro system for example uses 14443 RFID smartcards.

Security measures used in these smartcards are quite good.  I am unaware of
any reports of 14443 cards being cloned or hacked, but to be honest, I
haven't done much checking.

The next generation of U.S. passports will also use this same technology.
New U.S. drivers licenses may also.

Developer kits for working with 14443 RFID smartcards are available for many
manufacturers for under $500.  Here's one example:

http://www.gemplus.com/products/gemprox_devkit/

Richard M. Smith
http://www.computerbytesman.com


-------- Original Message --------
Subject: Re: [Politech] RFID wiggles its way into credit cards? [priv]
Date: Fri, 20 May 2005 07:35:33 -0400
From: John Henry <johnhenry@private>
To: Declan McCullagh <declan@private>
References: <428D54FD.4070203@private>

At 11:09 PM 5/19/2005, you wrote:
 >[Obviously credit card companies have the right to RFID-outfit their
 >cards, and obviously we have the right to take our business elsewhere if
 >we object. Still, is this RFID? It's not clear from the article, and the
 >Slashdot discussion doesn't help much

The standard credit card with mag strip does not require physical contact
with the reader. All it requires is very close proximity. It's already
"contactless". It's not RFID since it is reading magnetic rather than radio
pulses.


Best,

John R Henry CPP



-------- Original Message --------
Subject: Re: [Politech] RFID wiggles its way into credit cards? [priv]
Date: Thu, 19 May 2005 20:55:19 -0700
From: Ross Stapleton-Gray <ross@stapleton-gray.com>
To: Declan McCullagh <declan@private>, politech@private
References: <428D54FD.4070203@private>

At 08:09 PM 5/19/2005, Declan McCullagh wrote:
 >Still, is this RFID? It's not clear from the article

Sure: if it handshakes with some reader to exchange some data via RF, and
does so without physical contact, it's RFID.  It's not the same flavor of
RFID that will be found in EPC tags on goods in commerce, where the need is
to interrogate cases, pallets and items at a range of several meters, or
the active tags in such applications as FasTrak where cars need to be
scanned at freeway speeds from tens of meters, but it's RFID all the same.

But I suspect your question is more, "should we be as concerned about this
application as with others where 3rd-party surveillance will be possible,
e.g., scanning passersby for the contents of their shopping bags, or the ID
of the library books in their backpacks?"  Maybe, maybe not.  If the cards
happily disgorge information that ought to be kept more private, e.g., a
credit card number (although too many people, from your waiter, to the
miscreant who paws through your postal mail, have ready access to that),
then I'd worry some... it won't be hard to con card holders to expose their
cards to readers, and I could imagine embedding a reader in a bench at the
mall, to scan people's butts for those short-range RFID tags...

Ross



-----

Ross Stapleton-Gray, Ph.D.
Stapleton-Gray & Associates, Inc.
http://www.stapleton-gray.com





-------- Original Message --------
Subject: Re: [Politech] RFID wiggles its way into credit cards? [priv]
Date: 19 May 2005 23:49:20 -0400
From: John R Levine <johnl@private>
To: Declan McCullagh <declan@private>
References: <428D54FD.4070203@private>

 > [Obviously credit card companies have the right to RFID-outfit their
 > cards, and obviously we have the right to take our business elsewhere if
 > we object. Still, is this RFID?

Yes, it's RFID.  Look at page B1 of today's (Thursday) WSJ where there's a
considerably better article.  If they don't get you a WSJ subscrption, I
think I can tell it to e-mail you the article.  It says that MC, V, and
AMEX have agreed on a common format so that the same reader will work for
all of them.  Amex will start chipping their Blue cards, too.

 > the Slashdot discussion doesn't help much

Um, this is news?

R's,
John



-------- Original Message --------
Subject: Re: [Politech] RFID wiggles its way into credit cards? [priv]
Date: Fri, 20 May 2005 15:49:36 +1000
From: Jeff Schultz
To: Declan McCullagh <declan@private>

Please remove email address if posting.

Seems to me that they'll still be perfectly usable for all conventional
CC purposes after the chip is treated with a hammer.  Unless it's on
top of the magnetic strip.


Jeff

_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)



This archive was generated by hypermail 2.1.3 : Fri May 20 2005 - 08:22:31 PDT