Tools to Power Your Online Retail Business

eCommerce Journal

Subscribe to eCommerce Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get eCommerce Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


eCommerce Journal Authors: Nate Vickery, SmartBear Blog, William Schmarzo, AppDynamics Blog, PagerDuty Blog

Related Topics: Cloud Computing, eCommerce Journal, SOA & WOA Magazine, Cloud Security Journal , Secure Cloud Computing

Article

Some Clouds Are Safer Than Others

Credit Cards with RFIDs vs. Smartphones with NFC Chips

RFIDs are great capabilities in many industries, just understand their limitations and the technology that can compromise them.

More and more people are getting credit cards with a built-in RFID chip in them. That little RFID chip (Radio Frequency ID) can transmit your credit card info out several feet when it is scanned by any reader. Most people don't know this.

You can tell if your credit card has an RFID in it because most cards will be marked by one of several symbols: PayWave, PayPass, or BLINK or the symbol that looks something like this )))) There are some cards that have no indication that there's an RFID in them.

Chances are some of your major credit cards like Visa, American Express and others have the RFID chip already embedded in them.

A year or two ago, there were several reports on how the RFIDs in your credit cards could be compromised. Someone could read the information with a reader from a couple of feet away. Then there were articles that countered those claims saying there was never a reported incident of credit card information being stolen that way.

The truth is that it can happen and because it's done without any knowledge of the card owner, how can anyone be sure it hasn't been done? A scan is silent. There are no sounds or cash register bells going off when the information is scanned. You cannot say there isn't any card abuse or identity theft going on.

Identity theft is the fastest-growing crime according to the FBI. Stolen information off of credit cards is possible. Just because the FBI doesn't track it specifically, doesn't mean it's not happening. The same is true for crimes committed at an ATM. There's no specific FBI statistics gathered for that specific crime, yet that is a crime that happens. Banks don't want you to know that that is a possibility. The same denial seems to go with electronic credit card thievery.

Differences Between RFIDs and Smartphone NFCs
In my opinion, the NFC chip in a smartphone is more secure than a constantly "on" RFID in your credit card that provides information every time it's scanned. Both have their legitimate applications, but I think that if you are going to go with an easy "swipe system" for credit card purchases, smartphones equipped with NFC chips are a more secure technology to employ.

RFIDs come in three types of frequencies and the lowest can cover up to 100 meters. That's a pretty good distance. Other frequencies transmit a shorter distance. At only a couple of feet, someone can walk right past and do a scan to pick up your credit card info on all the credit cards in your wallet without you even knowing it's happening.

On the other hand, the NFC chip is a subset and refinement of RFID specifications. It has a much shorter range of transmission (about 4 inches) and is used in Android-based smartphones for "mobile wallet" applications as well as other applications that are being constantly created.

Below shows a table of comparisons and differences of RFID chips and the NFC chip:

 

RFID CHIP

NFC CHIP

Usage

In credit cards, asset tags, other inventory IDs for supply chain management, tool management, materials management, access control, attendee tracking (Conferences).

In some Smartphones. (mobile wallet) Also now out - NFC tags for new marketing apps.

Transmission

One-way only.

Can be two-way.

Signal

Always on (provides info any time it is scanned).

Must be activated.

Range

Several feet to 300 feet (100 meters)

Only 10 cm. (four inches)

Encrypted

No

Can be encrypted.

Scanning Capability

A scanner can read multiple chips at once.

Only one at a time.

Frequency

LOW - 125-134 KHz

HIGH - 13,56 MHz

Ultra HIGH - 856 - 960 MHz

13,56 MHz

Capability

Can only be used as a Tag.

Used as Tag or Reader.

Can communicate peer-to-peer

Source: James Carlini

Besides credit cards, RFIDs are used in building passes for limiting access to a building. Here is another area where stealing the RFID information with a home-built reader can create more uncertainty as to compromising building security and limited access areas.

If you are going to use RFID technology, understand its limitations and weaknesses. Also, check out Smartphone equivalents. A Smartphone may offer a more secure approach, especially when it comes to "waving over the reader" technology for purchases.

Copyright 2013 - James Carlini

More Stories By James Carlini

James Carlini, MBA, a certified Infrastructure Consultant, keynote speaker and former award-winning Adjunct Professor at Northwestern University, has advised on mission-critical networks. Clients include the Chicago Mercantile Exchange, GLOBEX, and City of Chicago’s 911 Center. An expert witness in civil and federal courts on network infrastructure, he has worked with AT&T, Sprint and others.

Follow daily Carlini-isms at www.twitter.com/JAMESCARLINI

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.