« iEcology, vacuum and steam cleaner by Osim | Main | Bubble Spa bath mat »

07. 01. 2006

Citibank's RFID PayPass credit card


Dan Costa over at Gearlog was recently sent a new type of credit card by his bank. The new MasterCard PayPass is an RFID token that uses radio frequency keys to authorize purchases. The basic principle is very similar to the speed passes currently in use at gas stations, toll booths, and subway stations all over the country.

Dr. Costa did a very nice write up on the potential pitfalls and inherent security features embedded into the payment medium, but he missed one bit of very important information. Hackers have already managed to solve the problem of trying to read a chip from within two inches, and rumor has it that there are breathtaking hacks regarding RFID capture and spoofing being released at this year's Defcon conference.

It's a very interesting read to see where the technology is now, but I do not trust that keyfob yet.

Posted by Johnny    Category: devices
Email this | Comments (3)
Add to: Yahoo Add to: Google Add to: Digg Add to: Del.icio.us Add to: Reddit Add to: StumbleUpon Add to: Technorati

Comments (3)

Wow, this is a pretty cool concept, but I am a bit nervous of the keyfob. Nonetheless, this is a step in the right direction. Great find! I love this site. Keep of the great work!

it looks quite interesting where can i apply for one?

RF Base:

Sure, the basic principle is the same as the "speed passes" for the gas station or toll booths, but making blanketed statements is usually not productiive, and often leads to false conclusions. Generalizing about the family of technologies known as "RFID" is common in the media today, especially as the US Gov. debates the use of various types of RFID for passports and frequent border crossing credentials (PASS). The DHS recently issued a report, "The Use of RFID for Human Identification" in which there was obvious confusion about what security features have been implemented at what frequencies. In this post specifically, the technology in use at gas stations is likened to the toll roads despite the fact that one uses active transponders at frequencies of 900MHz or greater, while the other uses passive transponders at 125/134kHz (so called "Prox" technology). The PayPass technology from MasterCard uses yet another frequency and a completely different set of cryptographic techniques. Finally, the citation of various "hackers" exploits in beating the technology are a bit out of date and contrived. The first, describes one persons ability to perform a replay attack on the "Prox" technology (mostly in use for access control) that has been slowly but surely in replacement for 10 yrs (Johns Hopkins and RSA Labs successfully hacked the DST in use for car immobilizers and gas station payments). The second, details the efforts of students in Amsterdam to perform spoofing and jamming attacks where it is claimed there is compatibiliity with ISO 15693 and 14443,despite the vast differences between these 2 air-interface protocols and the fact that these standards do not specify security features. ISO 14443-based transponders are being considered for use in passports, but the tag ICs in use are capable of 2048-bit keys using standardized Elliptical Curve Cryptography, while the DST technology uses 40-bit keys and a proprietary cipher. Security and privacy are valid concerns when confronting new technologies, but it is crucial to be informed about the specifics of a given technology before judgements are made. Otherwise, we are simply aiding the conspiracy theorists in another chorus of "the sky is falling."

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Back to Top



Best of Popgadget

We're back!! And where we've been...

Hello! It's been a while, and I'm so happy to say, we are going to be back and better than ever. We will be changing just a little bit- bringing you more frequently updated content, in a somewhat abbreviated...
Read More
Popgadget Recent Comments
Popgadget Steals & Deals
Mom Wants Gadgets for Mother's Day
Trade-in Your Old Electronics
Popgadget Giveaway from American Express! My Life on Points
6-Foot HDMI cable at $3.19 includes shipping
Sony offers some exciting deals for Mother's Day
Unlocked iPhone! Only $599. Or $699.
Got four friends? Take a Peek at this great offer
Green Tech: Eco-fashions priced to move
31 ways to save money on technology from PCWorld
Popgadget Random Images

Where is this image from?
See more random images
On This Day
Take a little stroll down memory lane. See what Popgadget was writing about on this day in 2012 2009 2008 2007 2006 2004