According to RFID Journal, The New York Times is reporting that a team of scientists in the RFID Consortium for Security and Privacy (RFID-CUSP) were able to read the names, account numbers and expiration dates of recently issued credit cards that use RFID transponders to enable "no-swipe" transactions.

Ouch.

"American Express has said its cards incorporate '128-bit encryption,' and J. P. Morgan Chase has said that its cards, which it calls Blink, use 'the highest level of encryption allowed by the U.S. government,'" John Schwartz writes in the NYT article. "But in tests on 20 cards from Visa, MasterCard and American Express, the researchers here found that the cardholder's name and other data was being transmitted without encryption and in plain text."

"They could skim and store the information from a card with a device the size of a couple of paperback books, which they cobbled together from readily available computer and radio components for $150," Schwartz writes. "They say they could probably make another one even smaller and cheaper: about the size of a pack of gum for less than $50."

One Slashdot commenter calls it pickpocketing at a new level, noting that "In the old days, you used to actually have to stick your hand into someone's pocket or purse. In the new days, you apparently only have to sit next to them on the bus."