Tom Heydt-Benjamin tapped an envelope against a black plastic box connected to his computer. Within moments, the screen showed a garbled string of characters that included this: fu/kevine, along with some numbers.
Heydt-Benjamin then ripped open the envelope. Inside was a credit card, fresh from the issuing bank. The card bore the name of Kevin E. Fu, a computer science professor at the University of Massachusetts, Amherst, who was standing nearby. The card number and expiration date matched those numbers on the screen.
The demonstration revealed potential security and privacy holes in a new generation of credit cards -- cards whose data is relayed by radio waves without need of a signature or physical swiping through a machine. Tens of millions of the cards have been issued, and equipment for their use is showing up at a growing number of locations, including pharmacies, McDonald's restaurants and many movie theaters.
PHOTO: NY TIMES
The card companies have implied through their marketing that the data is encrypted to make sure that a digital eavesdropper cannot get any intelligible information. American Express has said its cards incorporate "128-bit encryption," and J.P. Morgan Chase has said that its cards, which it calls Blink, use "the highest level of encryption allowed by the US government."
But in tests on 20 cards from Visa, MasterCard and American Express, the researchers here found that the cardholder's name and other data was being transmitted without encryption and in plain text. They could skim and store the information from a card with a device the size of a couple of paperback books, which they cobbled together from readily available computer and radio components for US$150. They say they could probably make another one even smaller and cheaper: about the size of a pack of gum for less than US$50.
And because the cards can be read even through a wallet or an item of clothing, the security of the information, the researchers say, is startlingly weak.
Companies that make and issue the cards said that what looks shocking in the laboratory could not lead to widespread abuse in the real world, and that additional data protection and anti-fraud measures in the payment system protect consumers from end to end.
"This is an interesting technical exercise," said Brian Triplett, senior vice president for emerging-product development for Visa, "but as a real threat to a consumer -- that threat really doesn't exist."
The experiment was conducted by researchers here working with RSA, the security division of EMC, an information management and storage company.
The companies contend that testing just 20 cards does not provide an accurate picture of the card market, which generally uses higher security standards than the cards that were tested.
"It's a small sample," said Art Kranzley, an executive with MasterCard. "This is almost akin to somebody standing up in the theater and yelling, `Fire!' because somebody lit a cigarette."
Taiwanese Olympic badminton men’s doubles gold medalist Wang Chi-lin (王齊麟) and his new partner, Chiu Hsiang-chieh (邱相榤), clinched the men’s doubles title at the Yonex Taipei Open yesterday, becoming the second Taiwanese team to win a title in the tournament. Ranked 19th in the world, the Taiwanese duo defeated Kang Min-hyuk and Ki Dong-ju of South Korea 21-18, 21-15 in a pulsating 43-minute final to clinch their first doubles title after teaming up last year. Wang, the men’s doubles gold medalist at the 2020 and 2024 Olympics, partnered with Chiu in August last year after the retirement of his teammate Lee Yang
FALSE DOCUMENTS? Actor William Liao said he was ‘voluntarily cooperating’ with police after a suspect was accused of helping to produce false medical certificates Police yesterday questioned at least six entertainers amid allegations of evasion of compulsory military service, with Lee Chuan (李銓), a member of boy band Choc7 (超克7), and actor Daniel Chen (陳大天) among those summoned. The New Taipei City District Prosecutors’ Office in January launched an investigation into a group that was allegedly helping men dodge compulsory military service using falsified medical documents. Actor Darren Wang (王大陸) has been accused of being one of the group’s clients. As the investigation expanded, investigators at New Taipei City’s Yonghe Precinct said that other entertainers commissioned the group to obtain false documents. The main suspect, a man surnamed
US Secretary of the Treasury Scott Bessent and US Trade Representative Jamieson Greer began talks with high-ranking Chinese officials in Switzerland yesterday aiming to de-escalate a dispute that threatens to cut off trade between the world’s two biggest economies and damage the global economy. The US delegation has begun meetings in Geneva with a Chinese delegation led by Chinese Vice Premier He Lifeng (何立峰), Xinhua News Agency said. Diplomats from both sides also confirmed that the talks have begun, but spoke anonymously and the exact location of the talks was not made public. Prospects for a major breakthrough appear dim, but there is
The number of births in Taiwan fell to an all-time monthly low last month, while the population declined for the 16th consecutive month, Ministry of the Interior data released on Friday showed. The number of newborns totaled 8,684, which is 704 births fewer than in March and the lowest monthly figure on record, the ministry said. That is equivalent to roughly one baby born every five minutes and an annual crude birthrate of 4.52 per 1,000 people, the ministry added. Meanwhile, 17,205 deaths were recorded, resulting in a natural population decrease of 8,521, the data showed. More people are also leaving Taiwan, with net
RSS