One of the most crucial ways in which RFID could be criminally manipulated is by tracking them illegally. It is theoretically possible for anyone with a RFID reader to read RFID signals and track them. This makes both personal security as well as military information at risk. Embedding EPC codes (electronic product codes) in purchased items has also raised the heckles of consumer forums, who think, perhaps not without reason, that this invades consumer privacy.
EPC code tracking is also susceptible to denial of service hacks. It is possible to populate the root servers of EPC tracking systems with thousands of illicit requests for data, thereby effectively crippling the system. This is an ongoing concern for businesses planning to implement the EPC system; one can imagine the loss in revenues should a vigorous DoS attack befall something as important as product tracking.
One way to make this secure is to use high level encryption. This will prevent duplication of RFID tags by rogue elements, using readers similar in character to the original. Another method is to implement a challenge system to a data request, where only a secure passcode will enable release and viewing of epc data. The protocol implements closed signaling, where signals are never sent over open frequencies.
The cost for this sort of cryptographic RFID systems is usually much higher; they also require higher battery power to operate. This makes the low cost of RFIDs a matter of no importance; because security costs become too high.