Welcome!

SDN Journal Authors: Liz McMillan, Yeshim Deniz, Elizabeth White, Pat Romanski, TJ Randall

Related Topics: @CloudExpo, Containers Expo Blog, Agile Computing, Cloud Security, @DXWorldExpo, SDN Journal

@CloudExpo: Article

Some Clouds Are Safer Than Others

Credit Cards with RFIDs vs. Smartphones with NFC Chips

RFIDs are great capabilities in many industries, just understand their limitations and the technology that can compromise them.

More and more people are getting credit cards with a built-in RFID chip in them. That little RFID chip (Radio Frequency ID) can transmit your credit card info out several feet when it is scanned by any reader. Most people don't know this.

You can tell if your credit card has an RFID in it because most cards will be marked by one of several symbols: PayWave, PayPass, or BLINK or the symbol that looks something like this )))) There are some cards that have no indication that there's an RFID in them.

Chances are some of your major credit cards like Visa, American Express and others have the RFID chip already embedded in them.

A year or two ago, there were several reports on how the RFIDs in your credit cards could be compromised. Someone could read the information with a reader from a couple of feet away. Then there were articles that countered those claims saying there was never a reported incident of credit card information being stolen that way.

The truth is that it can happen and because it's done without any knowledge of the card owner, how can anyone be sure it hasn't been done? A scan is silent. There are no sounds or cash register bells going off when the information is scanned. You cannot say there isn't any card abuse or identity theft going on.

Identity theft is the fastest-growing crime according to the FBI. Stolen information off of credit cards is possible. Just because the FBI doesn't track it specifically, doesn't mean it's not happening. The same is true for crimes committed at an ATM. There's no specific FBI statistics gathered for that specific crime, yet that is a crime that happens. Banks don't want you to know that that is a possibility. The same denial seems to go with electronic credit card thievery.

Differences Between RFIDs and Smartphone NFCs
In my opinion, the NFC chip in a smartphone is more secure than a constantly "on" RFID in your credit card that provides information every time it's scanned. Both have their legitimate applications, but I think that if you are going to go with an easy "swipe system" for credit card purchases, smartphones equipped with NFC chips are a more secure technology to employ.

RFIDs come in three types of frequencies and the lowest can cover up to 100 meters. That's a pretty good distance. Other frequencies transmit a shorter distance. At only a couple of feet, someone can walk right past and do a scan to pick up your credit card info on all the credit cards in your wallet without you even knowing it's happening.

On the other hand, the NFC chip is a subset and refinement of RFID specifications. It has a much shorter range of transmission (about 4 inches) and is used in Android-based smartphones for "mobile wallet" applications as well as other applications that are being constantly created.

Below shows a table of comparisons and differences of RFID chips and the NFC chip:

 

RFID CHIP

NFC CHIP

Usage

In credit cards, asset tags, other inventory IDs for supply chain management, tool management, materials management, access control, attendee tracking (Conferences).

In some Smartphones. (mobile wallet) Also now out - NFC tags for new marketing apps.

Transmission

One-way only.

Can be two-way.

Signal

Always on (provides info any time it is scanned).

Must be activated.

Range

Several feet to 300 feet (100 meters)

Only 10 cm. (four inches)

Encrypted

No

Can be encrypted.

Scanning Capability

A scanner can read multiple chips at once.

Only one at a time.

Frequency

LOW - 125-134 KHz

HIGH - 13,56 MHz

Ultra HIGH - 856 - 960 MHz

13,56 MHz

Capability

Can only be used as a Tag.

Used as Tag or Reader.

Can communicate peer-to-peer

Source: James Carlini

Besides credit cards, RFIDs are used in building passes for limiting access to a building. Here is another area where stealing the RFID information with a home-built reader can create more uncertainty as to compromising building security and limited access areas.

If you are going to use RFID technology, understand its limitations and weaknesses. Also, check out Smartphone equivalents. A Smartphone may offer a more secure approach, especially when it comes to "waving over the reader" technology for purchases.

Copyright 2013 - James Carlini

More Stories By James Carlini

James Carlini, MBA, a certified Infrastructure Consultant, keynote speaker and former award-winning Adjunct Professor at Northwestern University, has advised on mission-critical networks. Clients include the Chicago Mercantile Exchange, GLOBEX, and City of Chicago’s 911 Center. An expert witness in civil and federal courts on network infrastructure, he has worked with AT&T, Sprint and others.

Follow daily Carlini-isms at www.twitter.com/JAMESCARLINI

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


CloudEXPO Stories
Despite being the market leader, we recognized the need to transform and reinvent our business at Dynatrace, before someone else disrupted the market. Over the course of three years, we changed everything - our technology, our culture and our brand image. In this session we'll discuss how we navigated through our own innovator's dilemma, and share takeaways from our experience that you can apply to your own organization.
Nutanix has been named "Platinum Sponsor" of CloudEXPO | DevOpsSUMMIT | DXWorldEXPO New York, which will take place November 12-13, 2018 in New York City. Nutanix makes infrastructure invisible, elevating IT to focus on the applications and services that power their business. The Nutanix Enterprise Cloud Platform blends web-scale engineering and consumer-grade design to natively converge server, storage, virtualization and networking into a resilient, software-defined solution with rich machine intelligence.
Intel is an American multinational corporation and technology company headquartered in Santa Clara, California, in the Silicon Valley. It is the world's second largest and second highest valued semiconductor chip maker based on revenue after being overtaken by Samsung, and is the inventor of the x86 series of microprocessors, the processors found in most personal computers (PCs). Intel supplies processors for computer system manufacturers such as Apple, Lenovo, HP, and Dell. Intel also manufactures motherboard chipsets, network interface controllers and integrated circuits, flash memory, graphics chips, embedded processors and other devices related to communications and computing.
Digital transformation is about embracing digital technologies into a company's culture to better connect with its customers, automate processes, create better tools, enter new markets, etc. Such a transformation requires continuous orchestration across teams and an environment based on open collaboration and daily experiments. In his session at 21st Cloud Expo, Alex Casalboni, Technical (Cloud) Evangelist at Cloud Academy, explored and discussed the most urgent unsolved challenges to achieve full cloud literacy in the enterprise world.
Wasabi is the hot cloud storage company delivering low-cost, fast, and reliable cloud storage. Wasabi is 80% cheaper and 6x faster than Amazon S3, with 100% data immutability protection and no data egress fees. Created by Carbonite co-founders and cloud storage pioneers David Friend and Jeff Flowers, Wasabi is on a mission to commoditize the storage industry. Wasabi is a privately held company based in Boston, MA. Follow and connect with Wasabi on Twitter, Facebook, Instagram and the Wasabi blog.