"Tap Here" on credit machines at McDonalds

On one of my infrequent trips to McDonalds recently, I noticed at the top of the ATM/Credit Card swiper pin-pad thingy is a red…extension with the words “Tap Here” and a graphic of a credit card tapping the machine. So I tapped it.

Alarm siren’s went off and the manager vaulted over the counter and tackled me, pinning down my arms and legs until the breakfast menu switched over to lunch.

Actually, nothing happened. What’s this thing for?

Just a WAG but maybe it’s an RFID reader for some sort of RFID enabled payment method? It wouldn’t require you to tap, but to wave in front just close enough, however “tap here” is a lot easier than explaining what “close enough” means on a label.

Its a new sort of card scanner that doesn’t require “swiping”.

And this is supposed to work with standard, run of the mill credit cards?

No. You need a credit card with an RFID tag.

It’s a new type of card coming out called the “Blink” card. They are being test marketed in some areas.

ObCites…

http://msnbc.msn.com/id/7976809/

CS guy checking in:

I got one of these RFID credit cards a couple weeks ago. Unasked for.

I immediately called and asked for a regular card. It really confused the woman at the helpdesk. “But you can use it just like a regular card too.” and “It’s perfectly secure.”

I didn’t bother to tell her that 1 week after the invention of the RSA encryption scheme I was in the back seat of a car with R and A. I know a lot more about this stuff than she does. Secure my foot.

You do not want to carry this card around. The issue isn’t so much payment (which might be insecure) but what can be done with it while you’re just walking around.

I got “normal” credit cards last week. I then took apart the RFID cards and tried to find the tag (so I could tell if my new ones might secretly have them). No luck.

The use of RFID tags everywhere is going to be A Very Bad Thing.

Aaaah … like security badge at some large office buildings that open magnetic doors. Not a bad idea at all. The magnetic strips on the back of most debit/credit cards seem to degrade over time.

Go on. The dangers are not obvious to me (well, I think I know what you’re getting at, but it seems like a one-in-a-kajagoogoojillion kind of thing).

Is that what it takes to get them to give up their secrets?

Is this the same technology they use for the Speedpass? They are metal cylinders that go on your keychain that can be used at some gas stations. It is set up so I just wave my pass at the pump and my debit card is charged. Why is it bad, and should I not carry it around?

I thought I had read somewhere that in stores that use them on their products, people could read them from outside the building. He’s saying there not safe becuase someone with an RFID reader could walk down the block and pick up ALOT of info. I’ll see if I can find the article.

The article I linked to above indicated that someone could build a reader, place it in a busy area and read everyone’s credit cards as they walk by.

There were also concerns about someone walking past a checkout and paying for someone else’s purchases, or of the card being picked up by several readers and a payment being registered from all of them.

Yes

Cite

Indeed. Let’s hear some more about RFID, ftg, since starting in Oct. 2006, all US Passports will have RFID.

I’m disinclined to believe this without amazingly solid evidence. Those chips don’t have much of a range, do they? I certainly can’t open the magnetic doors of my office with my badge from any kind of distance.

And as for the hypothetical thief with the RFID reader – how’s he getting PIN numbers? And how does he know that the info on the chips are straight-up CC numbers, expiration dates, and personal data? Can said thief safely assume that none of this data is encrypted?

Just how easy is it for a thief to actually get a RFID reader, pus some apparatus that can collect the data? Then how feasible is it for this guy to spend the day bumping into people in public? These chips certainly aren’t being read from further away than maybe a few inches, right?

I dunno … I can’t wrap my head around the easy fraud opportunities just yet. Criminals don’t usually work that hard for their loot.

Since no one seems to be following the links…

Well … just how easy is this? I thought these readers had a finite limit?

Good grief, now I’m gonna have to keep my wallet in an Altoids tin. A tinfoil hat for my credit cards!

I’ve had a credit card stolen, as has a friend of mine, and neither of us was ever charged a dime towards the unauthorized charges. In the absolute worst-case scenario (with a credit card, debit cards are another story), you can be liable for up to $50 of the unauthorized charges. Not worth it to me to spend any extra time on the phone with my credit card company trying to get RFID-free cards.

-Tofer