01-22-2011, 06:31 PM
So long as the user links only to a gift card, and if the app encrypts your account info both on your phone and while communicating with the server to updates balances, make debits, etc. that's not too bad.
I wouldn't link such an app to a credit card.
The guy who is doing that "trick" is usually only skimming names from RFID chipped credit cards, although he can often get card numbers as well. At present the whole rig is not very subtle and he has to get within an inch or two of his target's wallet. With the right equipment he could get more info and with amplification he could even do it from a few feet away, but that'd probably be noticeable.
It's kind of odd to me that the responses that I've read from security professionals usually admit that it's possible to do this stuff, but then say that it's unlikely that you'll be ripped off this way because it's easier to buy a list of valid card numbers than it is to skim them from a crowd. Yep. What a great way to reassure people!
I'm also a bit perturbed that skimming can be used for other nefarious deeds like long-distance probing for the RFID off of people's passports to target American citizens for theft, kidnapping, murder, terror-acts...
What's scary is that the way technology is advancing, next year he'll probably be able to do the same trick from 10 feet away with an iPhone and an antenna shaped like a walking stick. And if the iPhone isn't powerful enough to decrypt every bit of info that it snags from a credit card, it will be able to almost instantly uplink the info to a botnet for decryption.
I wouldn't link such an app to a credit card.
graylocks wrote:
within the last week i heard a discussion on the radio in which someone sat in a room and culled information from RFID chips walking by with a readily available or make-able device. i only listen to NPR or consumer advocate Clark Howard so that had to be the source.
The guy who is doing that "trick" is usually only skimming names from RFID chipped credit cards, although he can often get card numbers as well. At present the whole rig is not very subtle and he has to get within an inch or two of his target's wallet. With the right equipment he could get more info and with amplification he could even do it from a few feet away, but that'd probably be noticeable.
It's kind of odd to me that the responses that I've read from security professionals usually admit that it's possible to do this stuff, but then say that it's unlikely that you'll be ripped off this way because it's easier to buy a list of valid card numbers than it is to skim them from a crowd. Yep. What a great way to reassure people!
I'm also a bit perturbed that skimming can be used for other nefarious deeds like long-distance probing for the RFID off of people's passports to target American citizens for theft, kidnapping, murder, terror-acts...
What's scary is that the way technology is advancing, next year he'll probably be able to do the same trick from 10 feet away with an iPhone and an antenna shaped like a walking stick. And if the iPhone isn't powerful enough to decrypt every bit of info that it snags from a credit card, it will be able to almost instantly uplink the info to a botnet for decryption.