Improved RFID Credit /Debit Cards

About 10 years ago, the proposed use of RFID was to tag everything with very low cost RFID devices that would contain a lot of information. That information could be product information, for example clothes, manufacturer, lot date code, color, style, size etc. There was a lot of legitimate privacy concerns expressed over this type of tagging. In theory people armed with "scanners" could determine everything about the clothes you are wearing with a simple scan of your body.

Instead, most manufacturers simply changed to an RFID tag that consists of the equivalent of a bar code plus a serial number. If a legitimate user of the RFID number wanted to "use" the number, they could simply log on to the manufacturer's web site and search for the information related to the number they collected from the RFID tag. The user would have to register with the manufacturer or retailer, and would be using an SSL-encrypted connection to the manufacturer. This transaction could happen in milliseconds, so as far as the user would be concerned he would be obtaining all of the necessary information with no delay.

Now, it turns out, credit and debit cards seem to be making the same mistake and are including all sorts of information on the RFID tag imbedded in the cards. It isn't clear to me why that information needs to be in the card. One long, complicated serial number that a registered merchant could electronically transmit to the bank would certainly be adequate. Because of the approach they took, now users of the card are at risk of "electronic pickpockets."