Credit-card companies killed Mythbusters segment on RFID vulnerabilities

@15:

Discovery deciding not to air an episode of MB as it may harm their advertising revenues is a moronic idea of suppression of free speech.

This is not a free speech issue. The Mythbusters are free to make the episode if they wish. However, they are not guaranteed access to a nationwide, for-profit video distribution network.

You are free to say pretty much whatever you want standing on the street, that doesn’t mean you get to make people listen, or make people copy and transmit your speech for you.

I guess Mello Clello is talking about debit cards in New Zealand, and the situation is the same here in the U.K. Sure, almost everyone had a credit card, but everyone also has a debit card which can be used in basically every shop and on the Internet (since most are Visa) and anywhere around the world too. These are all also chip and pin now.

I guess the American system is one that is favouring the banks and credit companies.

. Suppose they all agreed to pick a credit card company that month and all withhold their payments. Can you imagine the cash flow problem that would create for that credit card company if a large percentage of victims all paid slow that month? I guess they’d count on the extra interest charges, but do you think all the rest of the money-changing community wouldn’t exploit that blood in the water?

You want the CC firms to feel some pain?

Pick a month (say November 2008), and nobody uses any revolving line of credit at all.

Not for lunch, not to fill the gas tank, not even pre-scheduled payments to your cell phone carrier. Zero Dollars.

If you absolutely must pay with plastic in November, use a debit card in “debit” mode (PIN transaction), so VISA doesn’t get their 3% cut.

Me either. I’m 37 and no credit card, yet.
LOTS of student loan debt over the years, though.
And congrats about the family.

@ Eric D:

Anyone who banks with Chase gets doubly dished with RFID cards. Their debit and credit cards both use the “Blink” RFID system.

Fortunately there is a way to minimize being pwned if you must bank with them: invest in a DIFRware wallet which actually masks your RFID-tagged cards with a Faraday cage until such time as you need to use them.

Chicken wire would. Chicken wire wallets.com

ya figure? With those wavelengths? I ALWAYS have a roll of chickenwire in my trunk. Along with tarps, hatchet, duct tape, rope, weights….

Some episodes they should just keep under wraps until the day it’s aired.

“Ow daMMIT!” < >

That’s why I have one of these Faraday cage wallets:

http://www.thinkgeek.com/gadgets/security/8cdd/

the one kind of RFID I do not want is contactless payment. I don’t mind ones that can only be used in one place or one time (door access, product tags)… Picking my pocket from 20 feet away? No thanks.

Although plain credit cards aren’t any better. Myself and just about eveyone I know has had their number stolen somehow.
rfid might be hackable, but there no security at all on a printed number and mag stripe.

One important note — having a credit card, even if you only rarely use it and pay it off immediately each time, is a strong contributor to having a good credit score.

I don’t use credit cards either. Hopefully I’ll never be in a position where I feel like I need one.

So you never make a purchase online? travel further than a day’s drive? stay in a hotel? Travel to another country?

Why would I want to get mixed-up with those credit card shysters?

Working to pay off credit card debt amounts to indentured servitude. Cut the chains. Live free. Stop trying to keep up with the Joneses, because they’re neck-deep in debt, too.

Having a credit card or two doesn’t have to be synonymous with having no self control.

I use credit cards, but never carry a balance, have no “credit card debt” to worry about.

Budgeted spending money sits safely in a high-interest bank account, I not only earn interest on $$$ I would otherwise carry around in cash, but also get between 1% and 3% cash back on purchases; by paying off the balance each month, I actually come out on credit card use.

With cash, any problems with a purchase, I am SOL, if I lose cash, it is gone. Credit cards offer free warranty extension, buyer protection, zero liability for fraudulent purchases, and automatic SMS alerts for any transaction over a dollar amount of my choosing.

Cut up all your credit cards. Pay cash. Buy only what you can afford, or save up for larger items. Live within your means. Show people how your life is brilliant and happy and worry-free. Encourage everyone you know to undergo the same transformation.

I’ve never had a credit card, have been debt-free for three years and have a loving wife, a 4-year old stepson and a son on the way. No car, either.

Good for you.

I have three credit cards, three cars, and no kids and no debt. So what?

Again, being empowered to get stuff now and pay for it later doesn’t force you to live beyond your means. That is your decision, not the bank’s.

Aw, I wanted to hear more about the pizza oven.

I admit to having some debt, but I haven’t used a credit card in some years. In trying to get my finances together I have learned (slowly and painfully) to live within my means. I had considered getting a credit card to use for small purchases to rebuild my credit, and paying off the balance each month but then I found out that some companies actually charge customers for paying their balance off each month. It’s kind of scary when a business will penalize their customers for being responsible. I’ll stick with debit.

As far as the rfid thing, I can’t believe they stopped the segment. It seems ridiculous that a show which is educational could have its content blocked not for being wrong or gratuitously offensive but for telling the truth about a very real safety concern to credit card customers. Kind of makes me wonder if those credit card companies are banking on poor schmucks having to pay off ridiculous balances they didn’t actually run up, or perhaps a wave of rfid-related thefts as the technology grows more popular will make credit card companies commit slow suicide.

Jack has it right, except it’s not just credit cards. The entire banking system is funded largely by “penalties” such as bounced check fees, and there is nothing in the law to keep banks from imposing as many of them and making them as large as they want.

The banking industry has become just like its illegal competitors, the “loan sharks”. Once in a while you have no alternative but to go to one, but if you do it voluntarily, you’ve asked for the fleecing you’re going to get.

Don’t expect government to solve this problem, they rely on the same methods to pay their own bills. If government ever regulates banking, it will be to protect the crooks who run it, not to protect us from them.

Thanks, JDG. But here’s a thing people need to realize: All banks have always had fees for everything. From asking a question, to making change, to getting a balance. But prior to online banking being the rage, most banks didn’t strictly enforce any of these fees in any way. If anything these fees were there to use only in the most extreme circumstances when dealing with an irate customer.

Now, it’s all online and/or via ATM. So they can tack on as many fees as possible. Heck, ATM fees are truly insane and robbery.

In my case I opened a bank account in person and the representative was very high on getting me to use online bill paying. I’m old enough to mainly be into checks, so I never used it. But the one month I did, I got slammed with some BS “excessive online transaction” fee of $10 or so that is supposedly government imposed.

So let me get this straight: If I pay online I save on postage and mailing costs, but I will be penalized by the bank because of a government regulation regarding excessive fees?

Nice scam. Instead of me supporting a store that sells the envelopes, the post office and others in the effort to mail a check, now I simply do it electronically and then I get slammed for making THEIR life easier?

That’s what I’d like to call horse feathers.

I’m going to be writing checks until some robot I can’t stop or destroy forces me to stop using them.

So can we look forward to a Mythbusters episode on whether and how credit cards are more convenient and safer than cash, vulnerabilities included? How about one on the corporate effect on their show?

Sad that the CC companies were able to kill the public release of information vital to their customers – to bad there doesn’t seem to be anyone, even at the government level, who is willing to take them on… :o(

Update as of Sept. 3rd. from Adam Savage, via CNET:

“There’s been a lot of talk about this RFID thing, and I have to admit that I got some of my facts wrong, as I wasn’t on that story, and as I said on the video, I wasn’t actually in on the call,” Savage said in the statement.

http://news.cnet.com/8301-13772_3-10031601-52.html

However, someone DID look into them here:
Vulnerabilities in First-Generation RFID-enabled
Credit Cards
http://prisms.cs.umass.edu/~kevinfu/papers/RFID-CC-manuscript.pdf

From the abstract:
“Using samples from a variety of RFID-enabled credit cards, our study observes that (1) the cardholder’s name and often credit card number and expiration are leaked in plaintext to unauthenticated readers, (2) our homemade device costing around $150 effectively clones one type of skimmed cards — providing a proof-of-concept of the RF replay attack for cards, (3) information revealed by the RFID transmission cross contaminates the security of non-RFID payment media, and (4) RFID-enabled credit cards are susceptible in various degrees to a range of other traditional RFID attacks such as skimming and relaying.”

heh
http://www.guardian.co.uk/business/feedarticle/7769091

@34 The nice thing about debit cards in the US (at least the ones from regional banks I’ve used) is that you can use them inside the credit card system, so the payment is immediate and you don’t rack up a debt, but it’s still accepted anywhere and you’re protected through the CC company’s anti-fraud programs.

Also, off topic, but Teresa, if you happen to read this: Have you guys ever considered the possibility of implementing a threaded comment system? More and more I see really interesting discussions like this pop up at BB that diverge a bit from the original post but can get mixed up a bit with a number of discussions taking place all in a linear space.

huh, how about that. I wondered why the TV listing mentioned RFID the other day, but the episode was actually something different. Now I know!

This is not a free speech issue. The Mythbusters are free to make the episode if they wish. However, they are not guaranteed access to a nationwide, for-profit video distribution network.

Yeah, but I assume Discovery would have run the episode if they hadn’t been heavied, so it might be an issue for them. It’s not a state restriction on free speech (except in that the law allows unjustified legal threats and I don’t see how you’d stop it) but to my mind the cap still fits.

It’s also a media freedom issue. You don’t want to be living in a country where factual media face ruin for trying to tell the truth.

There have been a number of comments here on local ID vs. payment with RFID tags. However, its soon to get even worse.

The TSA is about to require everyone who enters certain secure areas near “ports” (the legal definition of port is much broader than one would think) to carry RFID based ID tags that will contain more than enough personal info to enable ID theft. That one is really scary.