My Washington Mutual debit/credit card just expired at the end of August, so today I found myself using a different bank’s card. Why didn’t I just activate the new one they sent me? Without asking me, they had sent me one with RFID, which allows you to pay without even touching the sensor. Maybe it’s secure, but why risk it? There’s enough out there to lead me to believe it isn’t secure, and why should I believe the credit card companies? Of course they’d love to make our spending easier, with RFID we won’t even have to look at the total, and American debt can continue to increase at an even more ridiculous and undisciplined rate.
But spending concerns aside, there’s still security. Apparently, it must be pretty darn hackable, because Adam Savage of Mythbusters wanted to test it and the Discovery Channel quickly got bullied by a bunch of credit card company lawyers to basically stay the heck away from the topic completely “or else”.
Now, this irritates me even more. Security by obscurity is not a valid method in the information age. Notice that everyone and their mother has heard of lock bumping now? The best way to fix a security hole isn’t to hide it. BoingBoing already has showed you can make a RFID reader (and cheaply).
Tomorrow I’m going to my bank and telling them where they can put their RFID tags, and it isn’t on my credit cards. Someday, I might just have to be the nutcase with tin foil around their wallet and passport, but as long as it’s an option I’ll take the ten extra seconds it takes to sign my receipts in exchange for knowing my data stays in my pocket with my cards.
Maybe I sound paranoid, but this is coming from someone who’s been a victim of identity theft twice. I was beginning to feel like Sandra Bullock in The Net. There’s no way I’m going to make things any easier on these guys.
UPDATE (9/3/08): Adam has retracted his statements… sort of.
“There’s been a lot of talk about this RFID thing, and I have to admit that I got some of my facts wrong, as I wasn’t on that story, and as I said on the video, I wasn’t actually in on the call,” Savage said in the statement. “Texas Instruments’ account of their call with Grant and our producer is factually correct. If I went into the detail of exactly why this story didn’t get filmed, it’s so bizarre and convoluted that no one would believe me, but suffice to say…the decision not to continue on with the RFID story was made by our production company, Beyond Productions, and had nothing to do with Discovery, or their ad sales department.”
Sounds like someone gets to keep his title as “dude with the best job in the world”.
