New credit cards put data at risk
23rd October 2006 by Tim Kitchin
Researchers at John Hopkins University have shown the feasibility of stealing credit card information remotely, without even needing to use touch the cards.
The approach can only be applied to the very latest generation of RFID-enabled credit cards, but tens of millions of such cards are now in issue in the US and card readers for them are widely used in retail.
The findings are bound to fuel further anxiety among technology providers running remote authentication and credit management systems, notably transportation system operators and advocates of road pricing. The information value-chain is getting longer, and more and more risky for individual privacy.
It is a matter of debate, whether today’s information security stndards are ‘fit for purpose’ to govern the increasingly complex information value-chains. While organisations have traditionally focused on ring-fencing their responsibilities, it may be time to adopt a whole-chain, stakeholder-oriented approach.