There are also proprietary systems, but they typically haven't been fully audited, he said. They might be very secure, but it's hard for customers to know for certain.
Companies that have the vulnerable readers in place can take steps to make them more secure until they're updated, he added.
For example, the card readers have a built-in tamper switch that should set off an alarm when an attacker takes off the cover to hack into the device.
"Typically, not enough physical wiring is installed so that the tamper switch is on," he said. "A business needs to ensure that a tamper switch is on."
Some kind of monitoring system would also help, he said, whether a human guard or a video camera, with records kept about who walks through the door and when.
For particularly sensitive areas, the cards should be kept in RFID sleeves, so that they can't be read right from people's pockets, he added.
Sign up for CIO Asia eNewsletters.