Ze Older Stuff

Spychipped Credit Cards Easily "Hacked"

October 23, 2006

CASPIAN Advises Consumers to Immediately Remove Cards from Wallets

Consumer watchdog group CASPIAN is demanding a recall of millions of
RFID-equipped contactless credit cards in light of serious security
flaws reported today in the New York Times. The paper reports that a
team of security researchers has found that virtually every one of these
cards tested is vulnerable to unauthorized charges and puts consumers at
risk for identity theft.

Radio Frequency Identification (RFID) is a controversial technology that
uses tiny microchips to transmit information at a distance. These RFID
microchips have earned the nickname “spychips” because the data they
contain can be read silently and invisibly by radio waves without an
individual’s knowledge or consent. The technology has long been the
target of criticism by privacy and civil liberties groups.

“For these financial institutions to put RFID in credit cards, one of
the most sensitive items we carry, is absolute lunacy,” said Dr.
Katherine Albrecht, founder and director of CASPIAN, a consumer group
with over 12,000 members in 30 countries worldwide.

Researchers are showing how a thief could skim information from the
cards right through purses, backpacks and wallets. This information
includes the cardholder’s name, credit card number, expiration date and
other data that would be sufficient to make unauthorized purchases. They
say the information could even be used to identify and track people, a
scenario Albrecht and co-author Liz McIntyre lay out in their book,
“Spychips: How Major Corporations and Government Plan to Track Your
Every Purchase and Watch Your Every Move.”

Despite earlier assurances by the issuing companies that the data
contained in the credit cards would be secure, researchers found that
the majority of cards they tested did not use encryption or protect the
data in any way. The information on them was readily available to
unauthorized parties using equipment that could be assembled for as
little as $50, the researchers said.

“We cautioned companies against using item-level RFID, and they didn’t
heed us. Now the credit card industry is facing an unprecedented PR and
financial disaster,” says McIntyre, who is also a former bank examiner.
She points to the astronomical cost to replace the cards, not to mention
the potential financial losses, litigation expenses, and erosion of
consumer trust.

Albrecht and McIntyre are calling on the industry to issue a public
alert detailing the dangers of the cards they’ve issued, institute an
active recall, and make safe versions without RFID available to
concerned consumers.

“This recall has to be very clear and very directed since consumers may
not know their cards contain RFID tags,” says Albrecht. “The industry
has repeatedly resisted calls to clearly label the cards. Rather,
they’ve given the cards innocent-sounding names like ‘Blink.'”

CASPIAN is advising consumers to immediately remove the credit cards
from their wallets and call the 800 number on the back to insist on an
RFID-free replacement card. The group is cautioning consumers not to
mail the cards back or simply throw them away due to the risk of their
personal information being skimmed.

Today’s New York Times article by John Schwartz can be found here:

A research report detailing the findings can be found here:


CASPIAN (Consumers Against Supermarket Privacy Invasion and Numbering)
is a grass-roots consumer group fighting retail surveillance schemes
since 1999. With thousands of members in all 50 U.S. states and over 30
countries worldwide, CASPIAN seeks to educate consumers about marketing
strategies that invade their privacy and encourage privacy-conscious
shopping habits across the retail spectrum.

For more information, visit CASPIAN’s RFID privacy website at:



“Spychips” is the winner of the 2006 Lysander Spooner Award for
Advancing the Literature of Liberty and has received wide critical
acclaim. Authored by recent Harvard graduate Dr. Katherine Albrecht and
former bank examiner Liz McIntyre, the book is meticulously researched.
“Spychips” draws on patent documents, corporate source materials,
conference proceedings, and firsthand interviews to paint a convincing
— and frightening — picture of the threat posed by RFID.

Despite its hundreds of footnotes and academic-level accuracy, the book
remains lively and readable according to critics, who have called it a
“techno-thriller” and “a masterpiece of technocriticism.”

“Spychips” is now available in a newly-released paperback version from
Penguin/Plume (October 2006).

Got comments? Email me, dammit!
Permanent link for this article which can be used on any website: