The New York Times has a good article on how easy it is to hack some of the new “touchless” RFID-based credit cards. My favorite quote from the article:
And because the cards can be read even through a wallet or an item of clothing, the security of the information, the researchers say, is startlingly weak. “Would you be comfortable wearing your name, your credit card number and your card expiration date on your T-shirt?” Mr. Heydt-Benjamin, a graduate student, asked.
The credit card companies dispute the results due to the relatively small sample size of cards used in the experiments. However, in my opinion, if even one card can be found to be transmitting important information, like the owner’s name in the clear, it is a serious security issue.
Previously, there have been problems reported with the new RFID-equipped passports that the Bush regime has made mandatory. Again, this seems to be a case of the technology being implemented before there is any real understanding of the risks and problems involved in doing so.