Radio Frequency Identification(RFID) systems is used in various fields such as supply chain management, inventory control, medical management, indoor access control, and so forth. Recently, it is expanding to become the mobile RFID systems for more convenience. Through RFID reader chip is installed to mobile terminal like PDA or cellular phone, which can provide purchasing, verifying and paying for the product directly. However, mobile reader and tag using RF signals to communicate with each other, and low-cost tag can’t provide enough security protection. The malicious attacker can pretend as mobile reader to cause security and privacy problems such as tag’s information leakage and owner traceability. In this paper, we propose a PIN-test Set based scheme suitable to mobile RFID systems and conforming to EPC Class-1 Generation-2 standards. Our scheme is forward-secure and prevent from threats such as reply attack, DOS attack, man-in-the-middle attack, and tag counterfeit.