So on Friday I got a little something in the mail: a brand new "blink" Visa card from Chase Bank. We first heard about the blink card six months ago, these are new credit cards with built-in RFID chips that let you pay for stuff by waving your card at a point-of-sale terminal instead of swiping it through a card reader, supposedly/possibly saving you precious seconds of time during checkout. They're currently rolling out the blink card in different parts of the US, and even though my old Visa card isn't set to expire for another couple years, the good people at Chase decided to send me one.
There's only thing: Should I actually use the card?
Hate to be one of those tin-foil hat types, but the stuff I?ve been reading about blink and other RFID payment systems (at least the stuff that isn?t corporate PR propaganda) isn?t exactly reassuring. Here?s what HowStuffWorks has to say about blink:
There have been reports of problems in the testing of contactless RFID credit cards, however, that lead to additional security concerns. In some cases, if two or more terminals were close together, not only did both terminals read the card, but the read range of each terminal increased to as much as 30 feet (9 m). Even if the terminal is operating within the proper range of 4 inches, some people are worried that they could accidentally walk too close to a terminal and end up paying for someone else?s purchase. The simplest safeguard against this is probably merchants positioning the terminals in such a way as to make this unlikely.
The worst case scenario involves someone getting their hands on a blink terminal and modifying it to increase the range. Potentially, someone could set up the terminal at a crowded location and collect the credit-card data of anyone who came within the terminal?s read range. This probably won?t be a concern at first, since few terminals will be available, but if the technology matures, blink terminals could fall into the hands of criminals.
So far the security risk seems mostly theoretical, but I?ve already had my identity stolen once and am not very eager to go through all that again (plus I?d prefer not to have to carry my credit card in a special RFID-blocking metal sleeve). Should I cut up the card or am I being overly paranoid?