Category Archives: Security & Paranoia

Got RFID?

Upsiders complain. And they have been complaining about what new conveniences they didn’t get on the latest iPhone. One of them is a technology called NFC. I complained about the Rams in the NFC West, because of those damned Cowboys, but that’s a different story. This NFC is near field communications, a brand new technology that can best be described as secure bluetooth with a shorter range. But how secure is secure. Downsiders want to know.

How about this for a rule of thumb for downsiders? If it can be done automatically, know how to do it manually. Hmm. I like it.  I think this obviously makes sense for paying for stuff at a cash register, but the idea for NFC is that you don’t have to open up your wallet – that the cash register goes into your wallet for you and takes your money automatically. You know, just like a pickpocket. Nice and convenient.

Well what if I told you that there’s an older Upside technology that already does that? Yes, you may remember that it’s called RFID, for radio frequency ID. It broadcasts a little bit of information (and a credit card number is only a little bit) to a receiver. And what if I told you that there’s a 30% chance that you already have that on your credit card. Hey now! Thing is, any hacker can buy a receiver and swipe you. They’d have to be as close as a pickpocket, but it’s possible. Check out the following alarming 6 OClock News style video, if you have a couple minutes to spare.

Now American Express and Visa and those other guys aren’t stupid. They know that fraud limits the upside uptake of their products. That’s why they have mainframes chugging 24/7 to check all of your prior spending patterns against all new purchases. If you’ve never shopped at Nordstrom and bought $1000 worth of shoes, chances are such a transaction is going to raise hackles back at Visa’s cloud. And of course you are reasonably insured on authorizations post-hoc. You’d be surprised at how much computing goes on while you’re waiting at the register. (Enough so that ‘Free’ creditscore.com is profitable if you only pay 4 bucks a year, but that’s another story). So while it’s absolutely true that you can be pickpocketed, it is less true that crime can be profitably followed up as they showed in the video. What’s more likely is that your credit card information will go into a pile to be sold in bulk on the black market.

Nevertheless, you ought to check your wallet to see if you are vulnerable in the first place. Out of the 40 or so cards I have, only my Chase debit card (on the account that is overdrawn $20 bucks) is vulnerable. Plus, that card stays home, not in the wallet.

I promise that we’ll be getting the wiki up shortly so that you’ll have access to these Downsider facts.. Happy shopping!