Mr. Walker Took a Hammer To His New MasterCard -- To Stop the Radio Waves
When Brenden Walker got his new MasterCard PayPass ATM card in the mail last month, he headed to the gas station to try it out.
To test the card's "Tap N Go" convenience, he passed it in front of the scanner, which activated with a beep and displayed the word "authorizing..." on its LCD screen.
That was quite enough for Mr. Walker. Without completing the transaction, he put the card down on the pavement and took a hammer to it.
"I gave it a couple of good whacks," he says.
The PayPass card, which contains an embedded radio chip, had worked perfectly. Other companies have their own versions: Exxon (SpeedPass), American Express (ExpressPay) and Visa (Contactless and Blink). In each case, the cards use an embedded electronic chip with miniature antenna. When activated by a scanner, the chip transmits the user's account information via radio signals. In just the wave of a hand, the purchase amount is automatically drawn from an account.
But Mr. Walker, a 37-year-old software engineer in Canton, Ohio, is one of a growing number of computer and technology experts who are becoming anxious about possible abuses of the technology. Mr. Walker fears that thieves will be able to eavesdrop on the radio transmission and buy gas at his expense. He also figures that he himself could walk past the pump and accidentally pay for somebody else's gas, though the card companies say he would have to get within two inches of the scanner to accomplish that feat.
In any event, he wants no part of it. Hammering the card destroyed the chip. "I tried it again and...nothing," he says. "I might as well have been holding up a salami sandwich."
As the chips become more widespread, other militants are seeking them out and destroying them. And a little industry is springing up on the Internet to pitch an array of devices meant to protect consumers from abuses of the technology, called radio frequency identification, or RFID. One example: wallets with metal shields built in that block radio signals.
Radio chips have been around for decades performing other tasks, mostly related to security access. They are the invisible passports that allow motorists to breeze through highway tollbooths and let employees open their office doors.
Pets and people are getting chip implants under their skin that carry identification or medical information. Governments are beginning to use radio chips in driver's licenses and passports. Retailers use them to track inventory. The banks that are now using chips in their credit and cash cards say they make transactions more efficient -- and more convenient for customers.
Critics such as Mr. Walker worry that sensitive information will be intercepted. Some privacy advocates envision businesses and government furtively gathering personal data on unsuspecting consumers, and criminals taking identify theft to a whole new level.
A German group called FoeBud, which describes itself as a civil-rights group for the digital age, is featuring an array of RFID-busting products in the organization's online store. Items include "deactivator nippers," which look remarkably like a common hole-punch, priced at about $7. The most popular item in the store has been a copper bracelet with a red light that blinks when it is near an RFID scanner, says Rena Tangens, FoeBud's founder. The store claims to have sold about a thousand bracelets so far at about $18. "People think this is a cool gadget," Ms. Tangens says.
Others are using do-it-yourself methods for disabling radio chips, including microwaving them. The electromagnetic energy emitted by a microwave oven fries the chip and renders it useless. The downside: Tagged items might burst into flames in the process, warns Caspian, a consumer group campaigning against the widening use of radio tags. The group suggests cutting out the chip with a pair of scissors, puncturing it with a straight pin, crushing it or pulverizing it.
Several Web sites boast about -- but don't yet sell -- devices with names like TagZapper and RFIDWasher, which are supposed to make disabling the tags easier. Technology experts say some of these "zappers" work by emitting a burst of electromagnetic energy that permanently destroys the tag. Unfortunately, they say, it might also fry other nearby electronics, including iPods and cellphones.
Some techies in Germany figured out how to make a Zapper by modifying a disposable camera. When you hit the switch, instead of taking a picture, it emits a burst of electromagnetic energy that fries any nearby electronics. They have posted an extensive description of their project on the Internet. Several technology experts contacted say it should work, but the developers did not respond to emails requesting comment.
A Web site describing the gadget listed several potential hazards, including electric shocks and Federal Communications Commission law violations. It also warned, "Don't try it near your grandpa's pacemaker."
Makers of products using RFID say privacy and security safeguards are being built into the chips to prevent abuses. MasterCard International says multiple layers of security are available to prevent MasterCard data from being stolen by electronic eavesdropping. It is up to the companies that issue the card to decide which security measures to adopt, says Art Kranzley, MasterCard's executive vice president in charge of new payment technologies.
Customers who don't want RFID in their PayPass payment cards can ask to be issued an old-fashioned chipless card, says Mr. Kranzley.
Kelly Lum, 23 years old, a computer-network engineer in Eatontown, N.J., recently bought a wallet online from a site called DIFRWear (RFID backwards). The wallet has a metal insert designed to shield her radio-chip bank card from being read without her knowledge.
The card Ms. Lum carries came without any information about security safeguards, she says, so she decided to take no chances. "It's maybe a little bit of a paranoia thing, but hey, it's my credit rating," she says.
Eric Caraszi, a 26-year-old computer programmer in Albany, N.Y., recently bought an RFID-proof wallet after having a conversation with a co-worker about different ways criminals might be able to exploit RFID-chip cards -- from sneaky scans on crowded elevators to high-powered scanners on the roadside that could mine passing traffic.
"For every smart person trying to make a lock, there is going to be an equally smart person trying to unlock that lock," he notes.