Is Identity Theft Possible Through NFC?
The news segment above addresses electronic pickpocketing. AskIdentive received this link seeking clarification - Is this level of identity theft possible through NFC?
The short answer is “NO.”
Contactless credit cards come with the benefit of less time spent per transaction at the POS terminal. This ease of use has had the side effect of raising some valid security concerns. An understanding of how NFC works and how the contactless cards work will help alleviate these concerns.
The video attempts to demonstrate the drawbacks of RFID through credit cards that have an RF chip embedded in them. RFID has many long-range applications whereas the NFC specification restricts itself to a theoretical limit of 20 cm. In practice the operating distance is much less which means that the two NFC ends will have to physically touch each other for a transaction to take place. NFC can be seen as a subset of RFID with a security envelope which when combined with the short-range (near field) application prevents data tampering.
Going back to the video, this should be seen more as a set piece that while identifying the security concerns, exaggerates the drawbacks of contactless credit cards to the point of misleading the consumer. It could also be propaganda for companies that manufacture protective sleeves for RFID cards and badges.
In addition, the contactless credit cards are primarily smart cards that have limited amount of data and don¹t include personal details. It is indeed possible to read data from these cards but the limitation on the data makes the eavesdropper incapable of using the stolen data for a valid transaction. Same thing goes for the reader used in the transaction. The data sniffed by the reader cannot be recreated and is not necessarily sufficient to clone the credit card information.
The credit card providers implement different steps to prevent identity theft through data skimming. These include:
1. different security code for each transaction;
2. a unique code different from the credit card number is used in transaction;
3. minimal data transmitted;
4. minimal range for transmission.
When combined with these features, NFC brings added protection. Identive’s solutions are specification compliant making them ready for the demands of the transaction market. From a security and ease of use point of view, it just works™.Both comments and trackbacks are closed.