TAMPA, Fla., Dec. 4 (UPI) -- Credit and debit cards validated by radio-frequency identification are not as secure as generally thought and consumers are at risk of electronic pickpocketing, a report warned.
"Major credit card companies continue to downplay the threat of electronic pickpocketing," Identity Stronghold security firm said in response to technology company HID Global's report on the problem.
The risk posed by RFID-enabled cards extends well past the potential for monetary theft, Identity Stronghold said.
Current findings show that transit cards and facilities using contactless card readers are also highly vulnerable to serious security breaches, as it happened in Chicago, it warned.
Related
HID Global Corp. in a white paper, "Best Practices in Access Control," outlined an emerging need to protect cards that are used to grant access to doors armed with RFID readers in corporate and government buildings.
In the same way high-tech thieves can pass commercially obtained card readers near victims' wallets to electronically pickpocket credit card information, they can also surreptitiously swipe an access card's sensitive information.
Once stolen using what HID calls the "bump and clone technique," this information can be duplicated to create a generic, or "phantom" key allowing the thief access to normally secure locations.
Identity Stronghold President Walt Augustinowicz recently appeared on television to demonstrate he could clone a California state assemblyman's RFID-enabled access badge and gain entry through doors in the Capitol.
Augustinowicz also opened a police evidence locker during a training session.
He said many federal state and local agencies, as well as private corporate buildings and complexes including airports are "completely vulnerable to the threat of phantom keys."
The Ventra card used on Chicago transit system was criticized for numerous RFID-related glitches, including erroneous charges to other RFID-enabled credit cards in cardholders' wallets and making users more susceptible to identity theft and electronic pickpocketing.
Augustinowicz is promoting blocking devices to address security issues raised in recent incidents.
"As technology evolves, so should your wallet," he said.
HID's white paper highlighted the need to use RFID-shielding sleeves that make RFID-cards impervious to cloning.
Without this simple, inexpensive and low-tech solution, even the most high-tech, multimillion-dollar security system -- and many RFID-systems -- can be thwarted in seconds and plagued with problems, experts warn.
Although HID warned of electronic pickpocketing and phantom keys, "the credit card industry as a whole still de-emphasizes the fact that its plan to issue one billion RFID-enabled contactless credit cards over the next few years will put cardholders' credit card information at the same risk of surreptitious theft that the security industry has been actively taking steps to safeguard against," Augustinowicz said.
There was no immediate comment from any of the credit card companies.
HID Global, owned by Swedish lockmaker Assa Abloy, is a supplier of access control gadgetry and secure identity solutions, including smart cards, readers, printers, RFID tags and software. The company has U.S. headquarters in Irvine, Calif., and reported earnings of more than 6.1 billion in 2011.
