The increased functionality of EPC Class1 Gen2 (EPCGen2) is making this standard the de facto specification for inexpensive tags in the RFID industry. EPCGen2 supports only very basic security tools such as a 16-bit Pseudo-Random Number Generator and a 16-bit Cyclic Redundancy Code. Recently two EPCGen2 compliant protocols that address security issues were proposed in the literature. In this paper we analyze these protocols and show that they are not secure and subject to replay/impersonation and synchronization attacks. We then consider the general issue of supporting security in EPCGen2 compliant protocols and propose two RFID protocols that are secure within the restricted constraints of this standard, and an anonymous RFID mutual authentication protocol with forward secrecy that is compliant with the EPC Class2 Gen2 standard.