What is Digg?18 Comments
- BoneyB, on 10/12/2007, -1/+10"The information contained on your contactless credit card may contain the same information that can be found within the magstripe in your traditional credit card. This information varies from issuer to issuer, but in essence your contactless card's chip will include your name, address, card number, and card security code. It may also include or be tapped into information about your birth date, social security number, and any other bits and bytes that you would deem highly sensitive and personal."
It's infuriating that they have our social security numbers in the first place. - nicnac, on 10/12/2007, -0/+8My faraday wallet will take care of it.
- KenOh, on 10/12/2007, -0/+5Polar bears don't ***** in the woods.
- richardiscool, on 10/12/2007, -1/+3Is the ad for Matercard Paypass intentional irony?
edit: Also, do you not use chip and PIN in the US? - Micrll, on 10/12/2007, -0/+2I saw it too...
Actually here in the U.S. it depends. On "small" items a RFID credit card does not even need a signature in some cases. - Micrll, on 10/12/2007, -1/+3Think thats bad, Sprint Uses by default the last 4 digits of you Social security number as the account password.
"If you are the account owner, you'll have an account password to sign on to www.carrier.com and to use when calling Sprint Customer Service. Your default account password is the last four digits of your Social Security number. If you are not the account owner (if someone else pays for your Sprint PCS service), you can get a sub-account password at www.sprint.com."
from the support site of the palm treo
http://www.palm.com/us/support/treo/treo700wxsprint/guide/Sec01b_Setup%20Servicel.html - syncomm, on 10/12/2007, -0/+2Is there a way to disable the RFID?
- ChzPlz, on 10/12/2007, -0/+2yes - use a hammer.
- imolloy, on 10/12/2007, -0/+1Several people at UMass (Thomas S. Heydt-Benjamin, Kevin Fu, et al.) have been looking into the security of RFID credit cards and have published a paper at this year's Financial Cryptography and Data Security conference. It's a good read and far more technical than this article for those interested once it gets placed online.
http://fc07.ifca.ai/accepted.html
I'm curious where the misconception that your date of birth, Social Security number and other far more personal information than just your name are placed on the magstrip. There was another article on Digg a few days ago that made the same claim.
@ richardiscool No, we don't use Chip and Pin in the US. Chip and Pin isn't a perfect solution though, and Ross Anderson and his students have been able to break the systems and discover many ways to commit fraud. http://www.cl.cam.ac.uk/~rja14/ - sedo1800, on 10/12/2007, -1/+2I just made little tinfoil hats for my credit cards.
- imolloy, on 10/12/2007, -0/+1I don't think the American and Canadian credit card systems are any different. Most of the US cards don't have a smart chip, and the PIN is only used when making the cash advance, and not a normal transaction.
And yes, no one checks the signatures. The card issuer only gets the signature if you claim fraud and they decide to investigate (instead of sweeping it under the carpet). Not to mention, any mark you make (like the infamous "X") is a legal signature. For one man's fun with signatures, check out http://www.zug.com/pranks/credit_card/ - teaBagger, on 10/12/2007, -2/+3NEWSFLASH: Can Contactless Credit Cards Be Hacked????
In other News: Is the Pope a Catholic? and Do Bears really ***** in the woods?
... Now back to your regular programming ... - goinhome, on 10/12/2007, -0/+1If I read the article right (and I did, because I'm quoting), it said, "It may also include or be tapped into information about..." The only thing that the article confirmed was that the card would hold a name, credit card no., a security code and an address. I dont' think a card includes an address...but I do know that most cards include a name, a number, and the security code. You can complete a transaction in some cases with as little information as a name and a cc#, but many retailers are now asking for the security code as well.
What got me is that banks are issuing the cards without cardholder notice. - sjbdallas, on 10/12/2007, -0/+1I seem to remember another article that said the tinfoil hats actually enhance rather than block signals. Just a thought.
- waltaugust, on 10/12/2007, -0/+0Identity Stronghold has repeatedly talked to the credit card companies about including their shielded card sleeves with the contactless cards as they are shipped. To date none have decided to give the customer this convenience. Our credit card sleeve is much like the Tyvek sleeves the banks used to give out, but this special sleeve has a shielding material built in. Using a shielded sleeve would be the best tip for people concerned with having the card read while still in their pocket. This works for the new contactless subway cards as well. Our company also makes a sleeve for ePassports and a badge holder for companies that issue contactless employee id cards. You can find our products at idstronghold.com
- rmetz1, on 10/12/2007, -1/+1Your SS number and address are definitely NOT stored on any credit card - Magstrip, Contactless or otherwise. It's ironic the article mentions mis-information being the cause of unnecessary fear, and that author has come to the rescue, and then proceeds to misinform.
- inactive, on 10/12/2007, -2/+1I wish credit and debit cards here in Canada were this secure.
In Canada, we don't have the "smart-chip" thing Americans have which allows lots of theives to use your credit card or steal your money from your debit card. Even though many got caught and went to jail, they made so much money that they don't mind doing it again even if they go to jail.
I also heard that some USA credit cards use PIN numbers. In Canada, there's no PIN numbers. On the back of my credit card, i wrote "Check ID" so that the merchant checks for proper ID before he/she uses the credit card. However, only about 1/3 of them actually check for ID. Eventually, I erased that "Check ID" thing because it simply didn't work.
One time I tried signing the wrong signature and it still worked. The merchant didn't care. - shermanh4, on 10/12/2007, -2/+0Remember the one about the hotel lock cards having personal information? The paranoia about what is / isn't contained on the mag stripe is amazing. Anything printed on the face is fair game for encoding on the mag stripe / tag. I've never heard of a crook being clever enough to scan the RFID tags of people walking by. We may get there, but we're not there yet.
Sure, there are plenty of things you can do to protect your personal information. But, if you take extreme measures, you will have many inconveniences. The credit card companies take the hit when you are defrauded. They have incentive to implement secure features on their cards. Further, my guess is that their privacy policy would preclude them from placing the SSN on the RFID / mag stripe.
This article has some correct information. The rest of it is lame.
The Digg Toolbar for Firefox lets you Digg, submit content, and keep track of Digg even when you're not on the Digg site. Download the official 
© Digg Inc. 2009
— Content created and posted by Digg users is