Welcome!

@CloudExpo Authors: Elizabeth White, Jyoti Bansal, Yeshim Deniz, Greg Schulz, ManageEngine IT Matters

Related Topics: @CloudExpo, Containers Expo Blog, Agile Computing, Cloud Security, @BigDataExpo, SDN Journal

@CloudExpo: Article

Some Clouds Are Safer Than Others

Credit Cards with RFIDs vs. Smartphones with NFC Chips

RFIDs are great capabilities in many industries, just understand their limitations and the technology that can compromise them.

More and more people are getting credit cards with a built-in RFID chip in them. That little RFID chip (Radio Frequency ID) can transmit your credit card info out several feet when it is scanned by any reader. Most people don't know this.

You can tell if your credit card has an RFID in it because most cards will be marked by one of several symbols: PayWave, PayPass, or BLINK or the symbol that looks something like this )))) There are some cards that have no indication that there's an RFID in them.

Chances are some of your major credit cards like Visa, American Express and others have the RFID chip already embedded in them.

A year or two ago, there were several reports on how the RFIDs in your credit cards could be compromised. Someone could read the information with a reader from a couple of feet away. Then there were articles that countered those claims saying there was never a reported incident of credit card information being stolen that way.

The truth is that it can happen and because it's done without any knowledge of the card owner, how can anyone be sure it hasn't been done? A scan is silent. There are no sounds or cash register bells going off when the information is scanned. You cannot say there isn't any card abuse or identity theft going on.

Identity theft is the fastest-growing crime according to the FBI. Stolen information off of credit cards is possible. Just because the FBI doesn't track it specifically, doesn't mean it's not happening. The same is true for crimes committed at an ATM. There's no specific FBI statistics gathered for that specific crime, yet that is a crime that happens. Banks don't want you to know that that is a possibility. The same denial seems to go with electronic credit card thievery.

Differences Between RFIDs and Smartphone NFCs
In my opinion, the NFC chip in a smartphone is more secure than a constantly "on" RFID in your credit card that provides information every time it's scanned. Both have their legitimate applications, but I think that if you are going to go with an easy "swipe system" for credit card purchases, smartphones equipped with NFC chips are a more secure technology to employ.

RFIDs come in three types of frequencies and the lowest can cover up to 100 meters. That's a pretty good distance. Other frequencies transmit a shorter distance. At only a couple of feet, someone can walk right past and do a scan to pick up your credit card info on all the credit cards in your wallet without you even knowing it's happening.

On the other hand, the NFC chip is a subset and refinement of RFID specifications. It has a much shorter range of transmission (about 4 inches) and is used in Android-based smartphones for "mobile wallet" applications as well as other applications that are being constantly created.

Below shows a table of comparisons and differences of RFID chips and the NFC chip:

 

RFID CHIP

NFC CHIP

Usage

In credit cards, asset tags, other inventory IDs for supply chain management, tool management, materials management, access control, attendee tracking (Conferences).

In some Smartphones. (mobile wallet) Also now out - NFC tags for new marketing apps.

Transmission

One-way only.

Can be two-way.

Signal

Always on (provides info any time it is scanned).

Must be activated.

Range

Several feet to 300 feet (100 meters)

Only 10 cm. (four inches)

Encrypted

No

Can be encrypted.

Scanning Capability

A scanner can read multiple chips at once.

Only one at a time.

Frequency

LOW - 125-134 KHz

HIGH - 13,56 MHz

Ultra HIGH - 856 - 960 MHz

13,56 MHz

Capability

Can only be used as a Tag.

Used as Tag or Reader.

Can communicate peer-to-peer

Source: James Carlini

Besides credit cards, RFIDs are used in building passes for limiting access to a building. Here is another area where stealing the RFID information with a home-built reader can create more uncertainty as to compromising building security and limited access areas.

If you are going to use RFID technology, understand its limitations and weaknesses. Also, check out Smartphone equivalents. A Smartphone may offer a more secure approach, especially when it comes to "waving over the reader" technology for purchases.

Copyright 2013 - James Carlini

More Stories By James Carlini

James Carlini, MBA, a certified Infrastructure Consultant, keynote speaker and former award-winning Adjunct Professor at Northwestern University, has advised on mission-critical networks. Clients include the Chicago Mercantile Exchange, GLOBEX, and City of Chicago’s 911 Center. An expert witness in civil and federal courts on network infrastructure, he has worked with AT&T, Sprint and others.

Follow daily Carlini-isms at www.twitter.com/JAMESCARLINI

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


@CloudExpo Stories
DevOps and microservices are permeating software engineering teams broadly, whether these teams are in pure software shops but happen to run a business, such Uber and Airbnb, or in companies that rely heavily on software to run more traditional business, such as financial firms or high-end manufacturers. Microservices and DevOps have created software development and therefore business speed and agility benefits, but they have also created problems; specifically, they have created software securi...
All clouds are not equal. To succeed in a DevOps context, organizations should plan to develop/deploy apps across a choice of on-premise and public clouds simultaneously depending on the business needs. This is where the concept of the Lean Cloud comes in - resting on the idea that you often need to relocate your app modules over their life cycles for both innovation and operational efficiency in the cloud. In his session at @DevOpsSummit at19th Cloud Expo, Valentin (Val) Bercovici, CTO of Soli...
Almost two-thirds of companies either have or soon will have IoT as the backbone of their business. Though, IoT is far more complex than most firms expected with a majority of IoT projects having failed. How can you not get trapped in the pitfalls? In his session at @ThingsExpo, Tony Shan, Chief IoTologist at Wipro, will introduce a holistic method of IoTification, which is the process of IoTifying the existing technology portfolios and business models to adopt and leverage IoT. He will delve in...
Cloud Expo, Inc. has announced today that Aruna Ravichandran, vice president of DevOps Product and Solutions Marketing at CA Technologies, has been named co-conference chair of DevOps at Cloud Expo 2017. The @DevOpsSummit at Cloud Expo New York will take place on June 6-8, 2017, at the Javits Center in New York City, New York, and @DevOpsSummit at Cloud Expo Silicon Valley will take place Oct. 31-Nov. 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Bert Loomis was a visionary. This general session will highlight how Bert Loomis and people like him inspire us to build great things with small inventions. In their general session at 19th Cloud Expo, Harold Hannon, Architect at IBM Bluemix, and Michael O'Neill, Strategic Business Development at Nvidia, discussed the accelerating pace of AI development and how IBM Cloud and NVIDIA are partnering to bring AI capabilities to "every day," on-demand. They also reviewed two "free infrastructure" pr...
In his session at @ThingsExpo, Steve Wilkes, CTO and founder of Striim, will delve into four enterprise-scale, business-critical case studies where streaming analytics serves as the key to enabling real-time data integration and right-time insights in hybrid cloud, IoT, and fog computing environments. As part of this discussion, he will also present a demo based on its partnership with Fujitsu, highlighting their technologies in a healthcare IoT use-case. The demo showcases the tracking of pati...
Tricky charts and visually deceptive graphs often make a case for the impact IT performance has on business. The debate isn't around the obvious; of course, IT performance metrics like website load time influence business metrics such as conversions and revenue. Rather, this presentation will explore various data analysis concepts to understand how, and how not to, assert such correlations. In his session at 20th Cloud Expo, Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Sys...
Stratoscale, the software company developing the next generation data center operating system, exhibited at SYS-CON's 18th International Cloud Expo®, which took place at the Javits Center in New York City, NY, in June 2016.Stratoscale is revolutionizing the data center with a zero-to-cloud-in-minutes solution. With Stratoscale’s hardware-agnostic, Software Defined Data Center (SDDC) solution to store everything, run anything and scale everywhere, IT is empowered to take control of their data ce...
The buzz continues for cloud, data analytics and the Internet of Things (IoT) and their collective impact across all industries. But a new conversation is emerging - how do companies use industry disruption and technology enablers to lead in markets undergoing change, uncertainty and ambiguity? Organizations of all sizes need to evolve and transform, often under massive pressure, as industry lines blur and merge and traditional business models are assaulted and turned upside down. In this new da...
It is one thing to build single industrial IoT applications, but what will it take to build the Smart Cities and truly society changing applications of the future? The technology won’t be the problem, it will be the number of parties that need to work together and be aligned in their motivation to succeed. In his Day 2 Keynote at @ThingsExpo, Henrik Kenani Dahlgren, Portfolio Marketing Manager at Ericsson, discussed how to plan to cooperate, partner, and form lasting all-star teams to change the...
For organizations that have amassed large sums of software complexity, taking a microservices approach is the first step toward DevOps and continuous improvement / development. Integrating system-level analysis with microservices makes it easier to change and add functionality to applications at any time without the increase of risk. Before you start big transformation projects or a cloud migration, make sure these changes won’t take down your entire organization.
What are the new priorities for the connected business? First: businesses need to think differently about the types of connections they will need to make – these span well beyond the traditional app to app into more modern forms of integration including SaaS integrations, mobile integrations, APIs, device integration and Big Data integration. It’s important these are unified together vs. doing them all piecemeal. Second, these types of connections need to be simple to design, adapt and configure...
To manage complex web services with lots of calls to the cloud, many businesses have invested in Application Performance Management (APM) and Network Performance Management (NPM) tools. Together APM and NPM tools are essential aids in improving a business's infrastructure required to support an effective web experience... but they are missing a critical component - Internet visibility.
Microservices are a very exciting architectural approach that many organizations are looking to as a way to accelerate innovation. Microservices promise to allow teams to move away from monolithic "ball of mud" systems, but the reality is that, in the vast majority of organizations, different projects and technologies will continue to be developed at different speeds. How to handle the dependencies between these disparate systems with different iteration cycles? Consider the "canoncial problem" ...
Both SaaS vendors and SaaS buyers are going “all-in” to hyperscale IaaS platforms such as AWS, which is disrupting the SaaS value proposition. Why should the enterprise SaaS consumer pay for the SaaS service if their data is resident in adjacent AWS S3 buckets? If both SaaS sellers and buyers are using the same cloud tools, automation and pay-per-transaction model offered by IaaS platforms, then why not host the “shrink-wrapped” software in the customers’ cloud? Further, serverless computing, cl...
“We're a global managed hosting provider. Our core customer set is a U.S.-based customer that is looking to go global,” explained Adam Rogers, Managing Director at ANEXIA, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
The speed of software changes in growing and large scale rapid-paced DevOps environments presents a challenge for continuous testing. Many organizations struggle to get this right. Practices that work for small scale continuous testing may not be sufficient as the requirements grow. In his session at DevOps Summit, Marc Hornbeek, Sr. Solutions Architect of DevOps continuous test solutions at Spirent Communications, explained the best practices of continuous testing at high scale, which is rele...
Hardware virtualization and cloud computing allowed us to increase resource utilization and increase our flexibility to respond to business demand. Docker Containers are the next quantum leap - Are they?! Databases always represented an additional set of challenges unique to running workloads requiring a maximum of I/O, network, CPU resources combined with data locality.
"Matrix is an ambitious open standard and implementation that's set up to break down the fragmentation problems that exist in IP messaging and VoIP communication," explained John Woolf, Technical Evangelist at Matrix, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
"A lot of times people will come to us and have a very diverse set of requirements or very customized need and we'll help them to implement it in a fashion that you can't just buy off of the shelf," explained Nick Rose, CTO of Enzu, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.