Misuse of Contactless Payment Cards with Radio-Frequency Identification

Counterfeiting of means of payment is one of European crimes. The Treaty on the Functioning of the European Union lists counterfeiting of means of payment as one of the areas of particularly serious crime with a cross-border dimension. At the European Union level a brand-new legislative instrument harmonising counterfeiting of means of payment has been adopted – the Directive (EU) 2019/713 on combating fraud and counterfeiting of non-cash means of payment. This Directive establishes minimum rules concerning the definition of criminal offences and sanctions in the areas of fraud and counterfeiting of non-cash means of payment. Moreover, it facilitates the prevention of such offences, and the provision of assistance to and support for victims. The Directive is addressed to the Member States of the European Union. They shall bring into force the laws, regulations and administrative provisions necessary to comply with this Directive by 31st May 2021.The contribution deals with criminalisation of the misuse of contactless payment cards with Radio-Frequency Identification (RFID) technology. It is divided into three sections. The first section focuses on definition of Radio-Frequency Identification and payment cards with Radio-Frequency Identification. The second section focuses in detail on a new European Union approach to combat counterfeiting of means of payment addressed to its Member States – i.e. the Directive (EU) 2019/713 on combating fraud and counterfeiting of non-cash means of payment. The last third section is focused on non-legislative prevention possibilities

Personal Privacy Protection within Pervasive RFID Environments

Recent advancements in location tracking technologies have increased the threat to an individual\u27s personal privacy. Radio frequency identification (RFID) technology allows for the identification and potentially continuous tracking of an object or individual, without obtaining the individual\u27s consent or even awareness that the tracking is taking place. Although many positive applications for RFID technology exist, for example in the commercial sector and law enforcement, the potential for abuse in the collection and use of personal information through this technology also exists. Location data linked to other types of personal information allows not only the detection of past spatial travel and activity patterns, but also inferences regarding past and future behavior and preferences. Legislative and technological solutions to deal with the increased privacy threat raised by this and similar tracking technologies have been proposed. Such approaches in isolation have significant limitations. This thesis hypothesizes that an approach may be developed with high potential for sufficiently protecting individual privacy in the use of RFID technologies while also strongly supporting marketplace uses of such tags. The research develops and investigates the limits of approaches that might be us,ed to protect privacy in pervasive RFID surveillance environments. The conclusion is ultimately reached that an approach facilitating individual control over the linking of unique RFID tag ID numbers to personal identity implemented though a combination of legal controls and technological capabilities would be a highly desirable option in balancing the interests of both the commercial sector and the information privacy interests of individuals. The specific model developed is responsive to the core ethical principle of autonomy of the individual and as such is also intended to be more responsive to the needs of individual consumers. The technological approach proposed integrated with enabling privacy legislation and private contract law to enable interactive alteration of privacy preferences should result in marketplace solutions acceptable to both potential commercial users and those being tracked

Personal Privacy Protection within Pervasive RFID Environments

Recent advancements in location tracking technologies have increased the threat to an individual\u27s personal privacy. Radio frequency identification (RFID) technology allows for the identification and potentially continuous tracking of an object or individual, without obtaining the individual\u27s consent or even awareness that the tracking is taking place. Although many positive applications for RFID technology exist, for example in the commercial sector and law enforcement, the potential for abuse in the collection and use of personal information through this technology also exists. Location data linked to other types of personal information allows not only the detection of past spatial travel and activity patterns, but also inferences regarding past and future behavior and preferences. Legislative and technological solutions to deal with the increased privacy threat raised by this and similar tracking technologies have been proposed. Such approaches in isolation have significant limitations. This thesis hypothesizes that an approach may be developed with high potential for sufficiently protecting individual privacy in the use of RFID technologies while also strongly supporting marketplace uses of such tags. The research develops and investigates the limits of approaches that might be us,ed to protect privacy in pervasive RFID surveillance environments. The conclusion is ultimately reached that an approach facilitating individual control over the linking of unique RFID tag ID numbers to personal identity implemented though a combination of legal controls and technological capabilities would be a highly desirable option in balancing the interests of both the commercial sector and the information privacy interests of individuals. The specific model developed is responsive to the core ethical principle of autonomy of the individual and as such is also intended to be more responsive to the needs of individual consumers. The technological approach proposed integrated with enabling privacy legislation and private contract law to enable interactive alteration of privacy preferences should result in marketplace solutions acceptable to both potential commercial users and those being tracked

A Multi-source Data Based Analysis Framework for Urban Greenway Safety

As a green lining open space, greenways are closely related to the life of urban residents. At present, reports of crimes occurring in greenways are emerging in an endless stream. In order to explore the factors affecting greenway safety, this study, under the guidance of CPTED theory, conducts research by means of big geodata. Three representative greenways in Beijing urban area—the Northwest Tucheng greenway, Second Ring Road greenway and the Three Mountains and Five Gardens greenway—are taken as the research objects. Through the utilization of big geodata information from each platform, including street view analysis, POI analysis, and sports activity data analysis, four factors including space boundary, maintenance, public surveillance and activity support are considered comprehensively, and important influencing factors are selected to construct the analysis framework for urban greenway safety. The results showed that the greenway with high safety has the characteristics of low density of arbor shrubs, low enclosure degree of walls, low distribution density of various buildings, high traffic flow and high frequency of use. The feasibility of the analysis framework is verified by the current situation of greenway safety, so as to provide scientific and reasonable technical support for the construction of safe urban greenways

Implementation of Middleware for Internet of Things in Asset Tracking Applications: In-lining Approach

ThesisInternet of Things (IoT) is a concept that involves giving objects a digital identity and limited artificial intelligence, which helps the objects to be interactive, process data, make decisions, communicate and react to events virtually with minimum human intervention. IoT is intensified by advancements in hardware and software engineering and promises to close the gap that exists between the physical and digital worlds. IoT is paving ways to address complex phenomena, through designing and implementation of intelligent systems that can monitor phenomena, perform real-time data interpretation, react to events, and swiftly communicate observations. The primary goal of IoT is ubiquitous computing using wireless sensors and communication protocols such as Bluetooth, Wireless Fidelity (Wi-Fi), ZigBee and General Packet Radio Service (GPRS). Insecurity, of assets and lives, is a problem around the world. One application area of IoT is tracking and monitoring; it could therefore be used to solve asset insecurity. A preliminary investigation revealed that security systems in place at Central University of Technology, Free State (CUT) are disjointed; they do not instantaneously and intelligently conscientize security personnel about security breaches using real time messages. As a result, many assets have been stolen, particularly laptops. The main objective of this research was to prove that a real-life application built over a generic IoT architecture that innovatively and intelligently integrates: (1) wireless sensors; (2) radio frequency identification (RFID) tags and readers; (3) fingerprint readers; and (4) mobile phones, can be used to dispel laptop theft. To achieve this, the researcher developed a system, using the heterogeneous devices mentioned above and a middleware that harnessed their unique capabilities to bring out the full potential of IoT in intelligently curbing laptop theft. The resulting system has the ability to: (1) monitor the presence of a laptop using RFID reader that pro-actively interrogates a passive tag attached to the laptop; (2) detect unauthorized removal of a laptop under monitoring; (3) instantly communicate security violations via cell phones; and (4) use Windows location sensors to track the position of a laptop using Googlemaps. The system also manages administrative tasks such as laptop registration, assignment and withdrawal which used to be handled manually. Experiments conducted using the resulting system prototype proved the hypothesis outlined for this research

Fighting Cybercrime After \u3cem\u3eUnited States v. Jones\u3c/em\u3e

In a landmark non-decision last term, five Justices of the United States Supreme Court would have held that citizens possess a Fourth Amendment right to expect that certain quantities of information about them will remain private, even if they have no such expectations with respect to any of the information or data constituting that whole. This quantitative approach to evaluating and protecting Fourth Amendment rights is certainly novel and raises serious conceptual, doctrinal, and practical challenges. In other works, we have met these challenges by engaging in a careful analysis of this “mosaic theory” and by proposing that courts focus on the technologies that make collecting and aggregating large quantities of information possible. In those efforts, we focused on reasonable expectations held by “the people” that they will not be subjected to broad and indiscriminate surveillance. These expectations are anchored in Founding-era concerns about the capacity for unfettered search powers to promote an authoritarian surveillance state. Although we also readily acknowledged that there are legitimate and competing governmental and law enforcement interests at stake in the deployment and use of surveillance technologies that implicate reasonable interests in quantitative privacy, we did little more. In this Article, we begin to address that omission by focusing on the legitimate governmental and law enforcement interests at stake in preventing, detecting, and prosecuting cyber-harassment and healthcare fraud

An Insider Misuse Threat Detection and Prediction Language

Numerous studies indicate that amongst the various types of security threats, the problem of insider misuse of IT systems can have serious consequences for the health of computing infrastructures. Although incidents of external origin are also dangerous, the insider IT misuse problem is difficult to address for a number of reasons. A fundamental reason that makes the problem mitigation difficult relates to the level of trust legitimate users possess inside the organization. The trust factor makes it difficult to detect threats originating from the actions and credentials of individual users. An equally important difficulty in the process of mitigating insider IT threats is based on the variability of the problem. The nature of Insider IT misuse varies amongst organizations. Hence, the problem of expressing what constitutes a threat, as well as the process of detecting and predicting it are non trivial tasks that add up to the multi- factorial nature of insider IT misuse. This thesis is concerned with the process of systematizing the specification of insider threats, focusing on their system-level detection and prediction. The design of suitable user audit mechanisms and semantics form a Domain Specific Language to detect and predict insider misuse incidents. As a result, the thesis proposes in detail ways to construct standardized descriptions (signatures) of insider threat incidents, as means of aiding researchers and IT system experts mitigate the problem of insider IT misuse. The produced audit engine (LUARM – Logging User Actions in Relational Mode) and the Insider Threat Prediction and Specification Language (ITPSL) are two utilities that can be added to the IT insider misuse mitigation arsenal. LUARM is a novel audit engine designed specifically to address the needs of monitoring insider actions. These needs cannot be met by traditional open source audit utilities. ITPSL is an XML based markup that can standardize the description of incidents and threats and thus make use of the LUARM audit data. Its novelty lies on the fact that it can be used to detect as well as predict instances of threats, a task that has not been achieved to this date by a domain specific language to address threats. The research project evaluated the produced language using a cyber-misuse experiment approach derived from real world misuse incident data. The results of the experiment showed that the ITPSL and its associated audit engine LUARM provide a good foundation for insider threat specification and prediction. Some language deficiencies relate to the fact that the insider threat specification process requires a good knowledge of the software applications used in a computer system. As the language is easily expandable, future developments to improve the language towards this direction are suggested

Applications of Automated Identification Technology in EHR/EMR

Although both the electronic health record (EHR) and the electronic medical record (EMR) store an individuals computerized health information and the terminologies are often used interchangeably, there are some differences between them. Three primary approaches in Automated Identification Technology (AIT) are barcoding, radio frequency identification (RFID), and biometrics. In this paper, technology intelligence, progress, limitations, and challenges of EHR/EMR are introduced. The applications and challenges of barcoding, RFID, and biometrics in EHR/EMR are presented respectively

Tracking RFID

RFID-Radio Frequency Identification-is a powerful enabling technology with a wide range of potential applications. Its proponents initially overhyped its capabilities and business case: RFID deployment is proceeding along a much slower and less predictable trajectory than was initially thought. Nonetheless, in the end it is plausible that we will find ourselves moving in the direction of a world with pervasive RFID: a world in which objects\u27 wireless self-identification will become much more nearly routine, and networked devices will routinely collect and process the resulting information. RFID-equipped goods and documents present privacy threats: they may reveal information about themselves, and hence about the people carrying them, wirelessly to people whom the subjects might not have chosen to inform. That information leakage follows individuals, and reveals how they move through space. Not only does the profile that RFID technology helps construct contain information about where the subject is and has been, but RFID signifiers travel with the subject in the physical world, conveying information to devices that otherwise would not recognize it and that can take actions based on that information. RFID implementations, thus, can present three related privacy threats, which this article categorizes as surveillance, profiling, and action. RFID privacy consequences will differ in different implementations. It would be a mistake to conclude that an RFID implementation will pose no meaningful privacy threat because a tag does not directly store personally identifiable information, instead containing only a pointer to information contained in a separate database. Aside from any privacy threats presented by the database proprietor, privacy threats from third parties will depend on the extent to which those third parties can buy, barter, or otherwise gain database access. Where a tag neither points to nor carries personal identifying information, the extent of the privacy threat will depend in part on the degree to which data collectors will be able to link tag numbers with personally identifying information. Yet as profiling accelerates in the modem world, aided by the automatic, networked collection of information, information compiled by one data collector will increasingly be available to others as well; linking persistent identifiers to personally identifying information may turn out to be easy. Nor are sophisticated access controls and other cryptographic protections a complete answer to RFID privacy threats. The cost of those protections will make them impractical for many applications, though, and even with more sophisticated technology, security problems will remain. This article suggests appropriate government and regulatory responses to two important categories of RFID implementation. It concludes with a way of looking at, and an agenda for further research on, wireless identification technology more generally

Vandalism as a Symbolic Act in Free Zones

The concept of vandalism is analyzed as a symbolic act. An analysis of vandalism from a situational-positivistic, or a motivational-psychological, approach hardly gives an understanding of vandalism as a meaningful individual and social act. A humanistic and cultural perspective can supply ways to understand a nonprescribed behavior such as vandalism. The original meaning of vandalism is plundering and laying waste of a civilization's symbols and environment. This appropriation of physical environment also occurs in the industrialized societies' urban environment and then often is perceived as motiveless. "Free zones" develop in societies where norms and obligations are neutralized. Vandalism is nonprescribed in that it appears in these free zones where norms, obligations, utility, and common sense are switched off. The environment is "marked" by damaging or destroying objects to change the message of the physical milieu. Vandalism is a gesture of "negative honor," which reflects a complex of feelings. Vandalism comprises two sides of an autonomy problem: to be isolated from an unwanted membership (juvenile vandalism) and to be free of an unwanted outside position (adult vandalism). An essential question is which methodological and theoretical concepts a researcher in the social sciences should use to discover the rationality of vandalism and to make it comprehensible