New Identity Theft Threat?

by Jeff Sovern

An article in today's New York Times reports on a conflict between researchers and credit card issuers over potential security problems in credit cards which need not be "swiped" through credit card readers. Tens of millions of these credit cards--which can be read through radio waves--have been issued by American Express, J.P. Morgan Chase and others. Though the issuers claim that the data in the cards is encrypted, the researchers found that some of the cards bear unencrypted information that can be read by devices "the size of a couple of paperback books, which they cobbled together from readily available computer and radio components for $150." One researcher compared the situation to wearing your name and credit card information on a T-shirt. Because the cards need not be swiped, a reader can obtain the credit card data from envelopes in mailboxes or while standing near a person in a crowd. On the other hand, credit card issuers denied that the cards present a real threat to consumers. They argued that the researchers' sample was too small to be reliable and that the transmitted information was useless. I cannot help but wonder if the gain in convenience is worth it.