According to "When paying with plastic, why swipe? Just wave," the credit card companies are looking at switching from magnetic strips to RFID tags. I imagine these will be similar to those that the State Department wants placed in passports now, which has significant privacy and security implications. In "Schneier on Security" security expert Bruce Schneier addresses some of the concerns with the RFID tags in passports. Apparently, despite government assertions to the contrary, with the right equipment, these tags will be readable from some some distance away. Schneier's report is somewhat misleading from what I have gathered, he talks about the chips broadcasting continuously, where I have heard from Andrius that they only do so when they are powered by a certain radio frequency. The difference is slight, but significant to keep in mind when reading the more official reports on these tags. Even assuming they need to be powered by a radio frequency, a directional transmitter/receiver would be able to read an unshielded passport from sufficient distance that you would not necessarily know it had been read. The implications for credit cards are clear. In an age where credit cards increasingly do not need a signature (think amazon.com or other online vendors), someone having your credit card number is equivalent to that person being able to buy things in your name. "Potential ID Theft Victims Eye Information" is simply the most recent article I have seen about identity theft, there have been many many others in the past year. This also goes right back to the concerns I discussed on Wednesday, 16th of February 2005.
