The Smart Card Alliance is disputing a news report tying the successful hacking of a radio frequency-enabled chip used primarily in transit cards to any security risks to the contactless smart card technology used in financial payment cards.
The Smart Card Alliance detailed the error in a March 12 press release. According to the press release, research conducted by a University of Virginia graduate student on hacking into RF-enabled chips used in transit cards was presented at a recent hacker’s conference in Germany.
“Contactless smart cards use different microtechnology than what was cited in the [Associated Press] article,” said Randy Vanderhoof, executive director of the Smart Card Alliance. “The potential vulnerability exposed in low-end transit cards is not the same vulnerability that exists in contactless credit and debit cards.”
A spokesman for the AP said the news organization is looking into the matter.
Vanderhoof said manufacturers of chips and contactless smart card technology used for financial transactions build in additional levels of security.
“There is extra security in the chip, in the operating system that controls access to the chip and in the length of the encryption key,” he said. “Then there is additional security at the terminals and in the payment processing systems. All the pieces work together. Breaking one piece doesn’t necessarily yield results.”
Because of the extra security layers involved in contactless smart cards, Vanderhoof said it would be much more difficult to use the same hacking techniques that were demonstrated at the hacker’s conference.
“The security is tighter than in a transit card,” he said. “It would be much more serious if credit card data were exposed.”
According to a study conducted by analyst firm Javelin Strategy & Research in 2006, the biggest challenge to widespread consumer acceptance of contactless payment devices is concerns over security. The study indicated that 51 percent of current and potential users of contactless payment devices rated security as their main concern, and that 61 percent of respondents said they did not feel smart cards were a safe form of payment.
However, the study also revealed that experience and education can help address consumer security concerns about contactless payment. Only 34 percent of respondents who were unfamiliar with contactless payment felt comfortable using it, as opposed to 59 percent of respondents who were familiar with contactless payment.
Dan Berthiaume covers the retail space for eWEEK. For more industry news, go to eWEEK.com’s Retail Site.