Transaction cards, such as credit cards, debit cards, ATM cards, bank cards, loyalty cards, gift cards, stored valued cards, etc. are increasingly replacing other types of tender in consumer transactions. Additionally, various transaction cards may also be used for gaining access to buildings, systems, or to provide other authentication schemes. Recently there has been a movement toward contactless transaction cards containing an RFID device or similar technology that initiate and complete a transaction with a quick wave of a card before a radio frequency enabled or other wireless enabled terminal reader. For instance, RFID developers and manufacturers may provide products incorporating RFID-enabled chips that may be externally attached to, or incorporated into, any personal item of a user, for example, a key chain, a personal music player, a pass card, a personal digital assistant (PDA), or a mobile phone. Moreover, many loyalty card, gift card, and stored value card issuers, and many major credit card companies now offer contactless transaction devices, and many merchants have installed radio frequency enabled readers to facilitate such contactless electronic transactions.
Because some contactless transaction devices such as prepaid or stored value contactless cards serve as bearer instruments without requiring additional authentication of the user, it becomes easier to use another's card without their permission to exploit the stored or accessible information or to conduct unauthorized transactions. The incidents of fraud, information theft, identity theft, online fraud, etc. are increasing as consumers more commonly rely on these contactless transaction devices.
Indeed, fraud and abuse may occur even before the contactless transaction devices, such as contactless transaction cards, have been placed into service. Many identity thieves, hackers, and others seeking to commit fraud often use devices that employ analog electronic circuits that can detect the presence of an RFID device operating at a particular frequency. These detection devices, commonly referred to as “sniffers”, may be able to interrogate and record the identification information stored in RFID devices for use in fraudulent transaction. For instance, an RFID device may be “sniffed” prior to activation by a customer or prior to the sale of an RFID device by a merchant without the customer or merchant knowing that the identification information has been compromised. Once the RFID device is activated, the sniffed identification information can be used to make fraudulent transactions with the identification information of the RFID device without the knowledge of the customer until after the fraudulent transaction has occurred. What is needed is a way to secure the RFID devices at least up to the point of sale of the RFID device and/or activation of the RFID device by the merchant or customer.