Welcome!

@CloudExpo Authors: Mark Hauser, Yeshim Deniz, Carmen Gonzalez, Bob Gourley, Pat Romanski

Related Topics: @CloudExpo, Containers Expo Blog, Agile Computing, Cloud Security, @BigDataExpo, SDN Journal

@CloudExpo: Article

Some Clouds Are Safer Than Others

Credit Cards with RFIDs vs. Smartphones with NFC Chips

RFIDs are great capabilities in many industries, just understand their limitations and the technology that can compromise them.

More and more people are getting credit cards with a built-in RFID chip in them. That little RFID chip (Radio Frequency ID) can transmit your credit card info out several feet when it is scanned by any reader. Most people don't know this.

You can tell if your credit card has an RFID in it because most cards will be marked by one of several symbols: PayWave, PayPass, or BLINK or the symbol that looks something like this )))) There are some cards that have no indication that there's an RFID in them.

Chances are some of your major credit cards like Visa, American Express and others have the RFID chip already embedded in them.

A year or two ago, there were several reports on how the RFIDs in your credit cards could be compromised. Someone could read the information with a reader from a couple of feet away. Then there were articles that countered those claims saying there was never a reported incident of credit card information being stolen that way.

The truth is that it can happen and because it's done without any knowledge of the card owner, how can anyone be sure it hasn't been done? A scan is silent. There are no sounds or cash register bells going off when the information is scanned. You cannot say there isn't any card abuse or identity theft going on.

Identity theft is the fastest-growing crime according to the FBI. Stolen information off of credit cards is possible. Just because the FBI doesn't track it specifically, doesn't mean it's not happening. The same is true for crimes committed at an ATM. There's no specific FBI statistics gathered for that specific crime, yet that is a crime that happens. Banks don't want you to know that that is a possibility. The same denial seems to go with electronic credit card thievery.

Differences Between RFIDs and Smartphone NFCs
In my opinion, the NFC chip in a smartphone is more secure than a constantly "on" RFID in your credit card that provides information every time it's scanned. Both have their legitimate applications, but I think that if you are going to go with an easy "swipe system" for credit card purchases, smartphones equipped with NFC chips are a more secure technology to employ.

RFIDs come in three types of frequencies and the lowest can cover up to 100 meters. That's a pretty good distance. Other frequencies transmit a shorter distance. At only a couple of feet, someone can walk right past and do a scan to pick up your credit card info on all the credit cards in your wallet without you even knowing it's happening.

On the other hand, the NFC chip is a subset and refinement of RFID specifications. It has a much shorter range of transmission (about 4 inches) and is used in Android-based smartphones for "mobile wallet" applications as well as other applications that are being constantly created.

Below shows a table of comparisons and differences of RFID chips and the NFC chip:

 

RFID CHIP

NFC CHIP

Usage

In credit cards, asset tags, other inventory IDs for supply chain management, tool management, materials management, access control, attendee tracking (Conferences).

In some Smartphones. (mobile wallet) Also now out - NFC tags for new marketing apps.

Transmission

One-way only.

Can be two-way.

Signal

Always on (provides info any time it is scanned).

Must be activated.

Range

Several feet to 300 feet (100 meters)

Only 10 cm. (four inches)

Encrypted

No

Can be encrypted.

Scanning Capability

A scanner can read multiple chips at once.

Only one at a time.

Frequency

LOW - 125-134 KHz

HIGH - 13,56 MHz

Ultra HIGH - 856 - 960 MHz

13,56 MHz

Capability

Can only be used as a Tag.

Used as Tag or Reader.

Can communicate peer-to-peer

Source: James Carlini

Besides credit cards, RFIDs are used in building passes for limiting access to a building. Here is another area where stealing the RFID information with a home-built reader can create more uncertainty as to compromising building security and limited access areas.

If you are going to use RFID technology, understand its limitations and weaknesses. Also, check out Smartphone equivalents. A Smartphone may offer a more secure approach, especially when it comes to "waving over the reader" technology for purchases.

Copyright 2013 - James Carlini

More Stories By James Carlini

James Carlini, MBA, a certified Infrastructure Consultant, keynote speaker and former award-winning Adjunct Professor at Northwestern University, has advised on mission-critical networks. Clients include the Chicago Mercantile Exchange, GLOBEX, and City of Chicago’s 911 Center. An expert witness in civil and federal courts on network infrastructure, he has worked with AT&T, Sprint and others.

Follow daily Carlini-isms at www.twitter.com/JAMESCARLINI

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
With billions of sensors deployed worldwide, the amount of machine-generated data will soon exceed what our networks can handle. But consumers and businesses will expect seamless experiences and real-time responsiveness. What does this mean for IoT devices and the infrastructure that supports them? More of the data will need to be handled at - or closer to - the devices themselves.
SYS-CON Events announced today that DatacenterDynamics has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY. DatacenterDynamics is a brand of DCD Group, a global B2B media and publishing company that develops products to help senior professionals in the world's most ICT dependent organizations make risk-based infrastructure and capacity decisions.
SYS-CON Events announced today that Hitachi, the leading provider the Internet of Things and Digital Transformation, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Hitachi Data Systems, a wholly owned subsidiary of Hitachi, Ltd., offers an integrated portfolio of services and solutions that enable digital transformation through enhanced data management, governance, mobility and analytics. We help globa...
Keeping pace with advancements in software delivery processes and tooling is taxing even for the most proficient organizations. Point tools, platforms, open source and the increasing adoption of private and public cloud services requires strong engineering rigor – all in the face of developer demands to use the tools of choice. As Agile has settled in as a mainstream practice, now DevOps has emerged as the next wave to improve software delivery speed and output. To make DevOps work, organization...
NHK, Japan Broadcasting, will feature the upcoming @ThingsExpo Silicon Valley in a special 'Internet of Things' and smart technology documentary that will be filmed on the expo floor between November 3 to 5, 2015, in Santa Clara. NHK is the sole public TV network in Japan equivalent to the BBC in the UK and the largest in Asia with many award-winning science and technology programs. Japanese TV is producing a documentary about IoT and Smart technology and will be covering @ThingsExpo Silicon Val...
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
Building a cross-cloud operational model can be a daunting task. Per-cloud silos are not the answer, but neither is a fully generic abstraction plane that strips out capabilities unique to a particular provider. In his session at 20th Cloud Expo, Chris Wolf, VP & Chief Technology Officer, Global Field & Industry at VMware, will discuss how successful organizations approach cloud operations and management, with insights into where operations should be centralized and when it’s best to decentraliz...
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
“DevOps is really about the business. The business is under pressure today, competitively in the marketplace to respond to the expectations of the customer. The business is driving IT and the problem is that IT isn't responding fast enough," explained Mark Levy, Senior Product Marketing Manager at Serena Software, in this SYS-CON.tv interview at DevOps Summit, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
@DevOpsSummit at Cloud taking place June 6-8, 2017, at Javits Center, New York City, is co-located with the 20th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long developm...
Grape Up is a software company, specialized in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market across the USA and Europe, we work with a variety of customers from emerging startups to Fortune 1000 companies.
Financial Technology has become a topic of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 20th Cloud Expo at the Javits Center in New York, June 6-8, 2017, will find fresh new content in a new track called FinTech.
@GonzalezCarmen has been ranked the Number One Influencer and @ThingsExpo has been named the Number One Brand in the “M2M 2016: Top 100 Influencers and Brands” by Analytic. Onalytica analyzed tweets over the last 6 months mentioning the keywords M2M OR “Machine to Machine.” They then identified the top 100 most influential brands and individuals leading the discussion on Twitter.
Cloud Expo, Inc. has announced today that Aruna Ravichandran, vice president of DevOps Product and Solutions Marketing at CA Technologies, has been named co-conference chair of DevOps at Cloud Expo 2017. The @DevOpsSummit at Cloud Expo New York will take place on June 6-8, 2017, at the Javits Center in New York City, New York, and @DevOpsSummit at Cloud Expo Silicon Valley will take place Oct. 31-Nov. 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Cognitive Computing is becoming the foundation for a new generation of solutions that have the potential to transform business. Unlike traditional approaches to building solutions, a cognitive computing approach allows the data to help determine the way applications are designed. This contrasts with conventional software development that begins with defining logic based on the current way a business operates. In her session at 18th Cloud Expo, Judith S. Hurwitz, President and CEO of Hurwitz & ...
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 20th Cloud Expo, which will take place on June 6-8, 2017 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 add...
Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like “How is my application doing” but no id...
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
Multiple data types are pouring into IoT deployments. Data is coming in small packages as well as enormous files and data streams of many sizes. Widespread use of mobile devices adds to the total. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will look at the tools and environments that are being put to use in IoT deployments, as well as the team skills a modern enterprise IT shop needs to keep things running, get a handle on all this data, and deli...
SYS-CON Events announced today that CollabNet, a global leader in enterprise software development, release automation and DevOps solutions, will be a Bronze Sponsor of SYS-CON's 20th International Cloud Expo®, taking place from June 6-8, 2017, at the Javits Center in New York City, NY. CollabNet offers a broad range of solutions with the mission of helping modern organizations deliver quality software at speed. The company’s latest innovation, the DevOps Lifecycle Manager (DLM), supports Value S...