If you’re a regular visitor to this blog then you’ll no doubt be familiar with RFID technology – and now it appears that our cousins in Australia are waking up to some of its potential vulnerabilities. Linking automatically to a retailers ‘point-of-sale’ terminal (but without the need for a verification PIN or signature) makes Radio Frequency ID (RFID) payments quite different to normal transactions using a swipe card, cash or personal cheque.
The ability to process transactions rapidly means that RFID e-payment solutions are very attractive to retailers too, although it has been reported in the media that a growing number of consumers in Australia are not entirely convinced by industry claims that these ‘contactless’ systems are 100% foolproof!
ABC News 24 recently reported that, “…There’s been some very famous attacks where people have been reading passport numbers and other serial numbers from RFID-enabled cards. Proximity cards, such as the one that you use to get into your secured building, those have been cloneable for quite some time.”
Whilst Australia has been relatively slow to adopt ‘contactless’ systems – we’ve learned that as of March 2012 it’s going to be a case of ‘full steam ahead’ with major stores keen to deploy ‘tap-and-pay’ payment options. More likely to ‘crack a mental’ than crack open the Champagne – some quarters are arguing that the roll-out of contactless e-commerce is fast becoming a headache for those involved.
A spokesperson at ABC News 24 urged caution reporting that, “…one of the first attacks that we’re most likely to see being used by criminals are probably relay attacks. When you have your phone in your pocket or your card in your wallet and attackers work out a mechanism to activate the card in your pocket, relay the transaction somewhere else, maybe not even in the country and perform a transaction at a terminal by another party, stealing money from that particular account. That’s probably the most likely attack that we’ll see occurring in the future.”