|By Business Wire||
|December 3, 2013 10:20 AM EST||
Major credit card companies continue to downplay the threat of electronic pickpocketing, even as a leading entry control point system manufacturer acknowledges that the risk posed by RFID-enabled cards extends well past the potential for monetary theft, Identity Stronghold announced today. Current findings show that transit cards and facilities using contactless card readers are also highly vulnerable to serious security breaches.
In a recent white paper titled “Best Practices in Access Control,” industry-leading security technology company HID Global Corp. detailed the emerging need to “protect the cards” granting access to doors armed with RFID readers. In the same way high-tech thieves can pass commercially obtained card readers near victims’ wallets to electronically pickpocket credit card information, they can also surreptitiously swipe an access card’s sensitive information. Once stolen using what HID calls the “bump and clone technique,” this information can be duplicated to create a generic, or “phantom” key allowing the thief access to normally secure locations. In a recent TV news report, Identity Stronghold’s founder and president Walt Augustinowicz floored Fox reporters when he cloned a California state assemblyman’s RFID-enabled access badge and gained entry through doors in the Capitol with ease (click to view story). He most recently opened a police evidence locker during a training session with law enforcement officials.
“Top government agencies are using Secure Badgeholder® Classic™ and DuoLite™ shields for their proximity cards because of the security risk, but in visiting with many federal state and local agencies, as well as private corporate buildings and complexes—including airports—most are walking around completely vulnerable to the threat of phantom keys,” said Augustinowicz. “We’ve demonstrated how easy it is, and will continue to do so.”
This month the Chicago Tribute reported that the Ventra Card has been under fire by CTA riders for numerous RFID-related issues, including erroneous charges to other RFID-enabled credit cards in cardholders’ wallets and making users more susceptible to identity theft and electronic pickpocketing.
“We’ve presented a simple solution to a billion-dollar problem in the form of blocking [devices] called Secure Sleeves®, that if issued along with the CTA card would address a lot of issues inherent to the Ventra Card system,” said Augustinowicz. “As technology evolves, so should your wallet.”
HID’s white paper highlights the need to use RFID-shielding sleeves that make RFID-cards impervious to cloning. Without this simple, inexpensive and low-tech solution, even the most high-tech, multimillion-dollar security system—and many RFID-systems—can be thwarted in seconds and plagued with problems. That is why Identity Stronghold has picked up where previous badge holders on the market left off and is providing a solution for 125khz systems—the Secure Badgeholder® with BloxProx™.
Although HID is leading its industry by acknowledging the threat of electronic pickpocketing and phantom keys, the credit card industry as a whole still deemphasizes the fact that its plan to issue one billion RFID-enabled contactless credit cards over the next few years will put cardholders’ credit card information at the same risk of surreptitious theft that the security industry has been actively taking steps to safeguard against.
“I felt compelled to provide information on shielding RFID technology because the major credit card companies are not forthcoming with cardholders and not all the methods dubbed as ‘protection’ are effective in shielding,” said Augustinowicz, whose company Identity Stronghold provides federal agencies such as the U.S. Department of Defense, Energy and State, as well as the White House protective shields for RFID-enabled I.D. and access cards. “Dispelling Myths. Straight Talk on RFID Security” can be viewed here: http://youtu.be/06jKsbOiruc.