November 21, 2006
Jack in the Box Adopts RFID Payments Despite Warnings
Despite warnings about the insecurity of contactless RFID credit cards, Jack in the Box is pushing forward with an unprecedented plan to install RFID card readers in its fast food restaurants. By the end of December, all Jack locations should have the infrastructure in place, according to a report at RFID Product News.
The New York Times recently ran a story revealing that virtually every RFID credit card tested by security researchers, including Visa, Mastercard, and American Express, was vulnerable to unauthorized charges and put consumers at risk for identity theft. Information like the credit card number, card holder's name, and expiration date could be gleaned right through purses, backpacks or wallets without consumer knowledge or consent using a relatively inexpensive device made with over-the-counter hardware. CASPIAN demanded a recall of the spychipped credit cards, but credit card companies have not even notified consumers about the risks.
Of course, identity thieves aren't the only concern. Those who have read our book "Spychips" know that "authorized users" of RFID technology have been planning to siphon information from RFID-laced credit, debit, and "loyalty" cards to deliver up targeted advertising and perform in-depth marketing research. One day, Jack could hide RFID readers in its restaurant doorways, order counters, tables and other locations to grab information you would never offer up voluntarily.
Next time you want to eat fast food, consider passing by Jack in the Box for a more consumer-conscious restaurant--and be sure to tell Jack that you oppose the use of RFID reader devices in public places.
- Liz McIntyre
Posted by liz at November 21, 2006 2:55 PM
In California the Bay Area Rapid Transit is testing an EZ pass that allows you to load up a card with value and pay as you go just like the traffic passes. I n this case however they will know where you got on the system and where you got off. http://www.bart.gov/tickets/types/ezfaq.asp
It's easy to imagine how this info could be used and sold etc.
Posted by: s at November 25, 2006 10:45 AM