Radio frequency identification (RFID) is a wireless data transmission technology that allows a "tag" to send a small amount of identifying data to a "reader" when the two are in proximity. RFID has been used for a decade to tag household pets, allowing vets to identify lost dogs and cats using implanted microchips. Increasingly, RFID chips are being embedded in corporate ID badges and credit cards to enable contactless access, but these uses have important associated security concerns.
RFID technology uses radio waves to transmit the information that is stored in the tag. When the reader is brought close to the tag, it sends out a brief pulse of energy that tells the tag to transmit the data it contains. This data can be a dog's identification number, a credit card number or an employee's identification number, just to name some examples. Based on the data, the reader can find a dog's owner, initiate a transaction or unlock a building door.
Credit Card Applications
RFID tags have increasingly been embedded in credit cards, which allow the purchaser to simply bring the card near the terminal to transmit the card number and complete the transaction. Because any reader can get the information from the tag, a thief can easy collect credit card information from a card that is still in a wallet or purse. For this reason, MSN Money reports that some security experts suggest that consumers refuse to carry cards with RFID tags.
Employee Badge Applications
Employee badges are another frequent application for RFID chips. By embedding a unique tag in each card, corporate security can control access to certain rooms or buildings by installing RFID scanners connected to door locks. While this is generally more secure than access codes, it is far less expensive than biometric security. These badges can often be cloned, however, allowing unauthorized access using the duplicate card.
There are several strategies for minimizing the risk of unauthorized RFID data use. Credit cards usually encrypt card information and issue one-time-use authentication codes. This means that a thief who is able to read the RFID data will not be able to access your personal information and will be able to perform at most one fraudulent transaction. Similarly, companies can encrypt ID numbers and use secondary security systems like cameras or access codes to better protect their property.