[LINK] RFI: PayWave/PayPass Contactless Chip Cards
Scott Howard
scott at doc.net.au
Thu Apr 12 04:21:26 AEST 2012
On Tue, Apr 10, 2012 at 11:35 PM, Alex (Maxious) Sadleir
<maxious at gmail.com>wrote:
> Barclays (and just Barclays it should be emphasised - this is not best
> practice by any standard) didn't even invest in encryption or
> obfuscating the card holder's name
>
> http://www.channel4.com/news/millions-of-barclays-card-users-exposed-to-fraud
> (March 2012!)
>
I suspect that Visa will be having some fairly serious words with them over
this. It's against Visa's standards on RFID to include the cardholders
name or the credit card number available via RFID.
There's some details on what each of the card vendors include or don't
include in the RFID transaction at
http://ftpcontent.worldnow.com/wthr/PDF/statementscreditcardcompanies.pdf
Scott.
More information about the Link
mailing list