Recently, Infineon announced the development of a new ID card that combines building access to MasterCard. What are these cards, how do they provide convenience, and are there any privacy concerned with such technology?
How ID Cards Work
ID cards have been around for a number of decades and provide users with a convenient form of access. Instead of physical keys or the need to remember numbers on an entry system, an ID card can be swiped next to a reader, and the system automatically knows who is entering and if they have permission to do so.
This brings us to the other advantage of ID car; they can be network integrated. Such a system allows remote administrators to easily add and remove users to permissions lists that can control who has the authorisation to enter an area.
ID cards can work in one of two ways; magnetic stripe and NFC. Very old ID cards would work in the same way as old credit cards would whereby a magnetic strip contains data about the user. When swiped into a reader, the changing magnetic field caused by the strip induces a current into the reader which is interpreted as data.
Newer systems now use a technology called Near-Field Communication, or NFC for short. This utilises an extremely small IC that is connected to an RF coil. When the card is placed near a reader, the reader powers the IC via magnetic induction, and the chip sends signals through the coil to interfere with the reader. This interference is interpreted as data. NFC technology is used to power many new technologies including shop security systems, contactless payments over cards, and information exchange between mobile phones.
Infineon Develops the Campeon Card
Recognising that both ID cards and contactless cards utilise the same technology, Infineon has developed the world’s first combined card that acts as both an ID card and a Debit card. While convenience is one factor that has driven the development, the COVID-19 pandemic has also demonstrated the need for contactless systems.
The tech, called Campeon Card, can combine ID information with MasterCard payments, but Infineon is also working with PayCenter, GmbH, and petaFuel GbmH. Since contactless cards have a wide range of potential applications, Infineon hopes to be able to combine multiple services to a single access card for added convenience. Examples of other services that use such cards include transportation, parking, libraries, and shops.
Furthermore, the use of such technology may help to bring connectivity to users who are hesitant to utilise other technologies such as implantable RFIDs. The ability to keep potentially sensitive data on a card instead of embedded in a body part not only makes it harder to read (as NFC works over shorter distances), but also safer with regards to other criminal activity that may see forced extraction of RFID devices.
Are there privacy concerns with such a system?
One concern that immediately comes to mind is the combination of employer-provided cards with payment methods. While the employee may not be able to make payments using details from the user, the card could save information regarding which locations payments have been made. Thus, an employee can no longer make private purchases, and every time the card is accessed via an NFC reader, data stored on the card is potentially exposed.
NFC devices contain security measures to prevent such unauthorised reads, but combining large amounts of access IDs onto a single device does raise security concerns. If the card is stolen, access to buildings, banks, and other places become easily attainable as these technologies are designed to be swiped once and access provided.
Furthermore, NFC readers may be able to provide a scanned device for information, which could allow a reader to create a user profiler. User profile example, a single scan could lead the reader to know which library the users visit, where they work, what their bank is, and their preferred method for transportation. Again, this depends on the implementation, but remember that NFCs are designed to be accessed easily.