Create an Account
username: password:
 
  MemeStreams Logo

Researchers See Privacy Pitfalls in No-Swipe Credit Cards - New York Times
search
Home Agent Weblogs Social Network Post Help About

Decius
Picture of Decius
Decius's Pics
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Decius's topics
Arts
  Literature
   Sci-Fi/Fantasy Literature
  Movies
   Sci-Fi/Fantasy Films
  Music
   Electronic Music
Business
  Finance & Accounting
  Tech Industry
  Telecom Industry
  Management
  Markets & Investing
Games
Health and Wellness
Home and Garden
  Parenting
Miscellaneous
  Humor
  MemeStreams
Current Events
  War on Terrorism
Recreation
  Cars and Trucks
  Travel
Local Information
  United States
   SF Bay Area
    SF Bay Area News
Science
  Biology
  History
  Math
  Nano Tech
  Physics
Society
  Economics
  Politics and Law
   Civil Liberties
    Internet Civil Liberties
    Surveillance
   Intellectual Property
  Media
   Blogging
Sports
Technology
  Computer Security
  Macintosh
  Spam
  High Tech Developments

support us

Get MemeStreams Stuff!


 
Researchers See Privacy Pitfalls in No-Swipe Credit Cards - New York Times
Topic: Computer Security 9:40 am EDT, Oct 23, 2006

The card companies have implied through their marketing that the data is encrypted to make sure that a digital eavesdropper cannot get any intelligible information. American Express has said its cards incorporate “128-bit encryption,” and J. P. Morgan Chase has said that its cards, which it calls Blink, use “the highest level of encryption allowed by the U.S. government.

”But in tests on 20 cards from Visa, MasterCard and American Express, the researchers here found that the cardholder’s name and [credit card number] was being transmitted without encryption and in plain text.

Sounds like RFID Credit Cards are as bad as they could possibly be. Response from the PR people at the credit card companies is also as bad as it could possibly be.

“This is an interesting technical exercise,” said Brian Triplett, senior vice president for emerging-product development for Visa, “but as a real threat to a consumer — that threat really doesn’t exist.”

Brian Triplett sounds like Marie Antoinette. If there is a single RFID credit card that has my name, just my name, unencrypted, that is a privacy threat to the consumer that is unacceptable. Period.

But it gets worse:

The companies, however, argue that testing just 20 cards does not provide an accurate picture of the card market, which generally uses higher security standards than the cards that were tested. “It’s a small sample,” said Art Kranzley, an executive with MasterCard. “This is almost akin to somebody standing up in the theater and yelling, ‘Fire!’ because somebody lit a cigarette.”

The choice of analogy here is obviously intended to imply that the researchers may not have the legal right to tell the public what they are telling them. Its an implicit threat. Glad I don't have a Mastercard.

Researchers See Privacy Pitfalls in No-Swipe Credit Cards - New York Times

Thread [1]


  
 
Powered By Industrial Memetics		RSS2.0