It's called the dynamic CVC (card verification value), and it assigns every transaction a unique code that is based on data about that card and data referencing that particular purchase. Gauthier would not say if it also references the time and/or date of the purchase.

He said that the newer cards can use more sophisticated algorithms and crunch more data on their own. "When you have a chip [on the card], you can perform a computation for every single transaction," he said.

The security concept is similar to the popular one-time password-issuing devices, where the identification code changes every few seconds, making a stolen code useless unless—in theory—it's used instantly.

A thief that scanned the card would not be able to use it to make payments, but they would be able to capture the credit card number, Gauthier said. "What does that buy you? The card number is a little bit like your street address. It's not the key to get into your house," he said, adding that the key would be similar to the cryptographic values attached to the transaction.

The RF fears and logistical challenges are similar to the RFID hurdles that retailers are trying to overcome in the warehouse and on the store shelf. To read how companies are trying to figure out RFID workarounds, click here.

Even a Web purchase will require other information about the cardholder as well as the card itself, such as the non-imprinted verification number on the card. That's why Visa and others are trying to be so strict about retailers not retaining those verification numbers in their databases.

As for the Shell position that, when properly tested, the RF low-frequency cards used by Visa can be read from as far away as 10 meters, Gauthier said such statements need to be evaluated with caution.

"Be careful to not thrust all RF technologies into the same bucket," he said. "Certain types of chips and tags you can read from a greater distance."

Visa's testing included high-powered antennae and much more, Gauthier said. "We have used specialized security labs in Europe to ascertain the vulnerabilities. This was not [tested] with a little thingy that you can hide in your pocket."

Ritz Camera is also unleashing contactless payment. To hear Ritz Camera CIO's explain his rationale, please click here.

"As far as the physics are concerned, the theoretical limit [for a read] is about 1 meter. But that's a little bit like saying that the theoretical maximum speed for a vehicle is the speed of light. It doesn't mean that anyone has figured out how to do it."

But Shell's research wasn't theoretical. Shell said this was what they discovered during lab testing. Visa's Elvira Swanson commented that there is not enough known about what Shell's testing intercepted. She asked whether it was just communication noise between the card and the reader that was intercepted or was it something more useful? Did it grab credit card data? she asked.

Visa is also deploying other security techniques, many of which are not new, such as neural networks that look for fraudulent purchase patterns.

Contactless cards have also been touted as offering better security in the sense that they are much more difficult to clone than a traditional magstripe card.

But initially all contactless credit cards will still also be magstripe, which means they can still be cloned just as easily, albeit with inoperable contactless capabilities.

Retail Center Editor Evan Schuman can be reached at Evan_Schuman@ziffdavis.com.

Check out eWEEK.com's for the latest news, views and analysis on technology's impact on retail.