|Received:||5/12/2008 4:43:05 PM|
|Agency:||Federal Trade Commission|
|Rule:||Pay on the Go: Consumers and Contactless Payment (Town Hall Meeting)|
Comments:RFID payment methodology is deeply flawed at best. The code transmitted by an RFID "payment card" is static, and is transmitted without modification every time it is utilized. Further, an RFID "payment card" is susceptible to being read by an individual with the proper equipment within range of the card, even if the card is not currently "in use" but is stored in a purse or wallet. This makes the card vulnerable as the user walks down the street, not just at the point of use. Now, a pickpocket need not actually make physical contact with their victim. Unless some sort of challenge and response or 2-factor authentication solution is put in place in conjunction with the RFID "payment card" this solution will remain extremely insecure. Even if the merchant or card issuer is held responsible for any fraudulent charges I know that this will lead to higher prices at merchants and higher interest rates and penalties from the card issuer that will be passed on to me in the long run. I strongly urge the FTC to proceed very carefully with regard to RFID (or other wireless solutions) as a mainstream means of payment.