Should You Be Worried About RFID Skimming?

It isn’t hard to find news reports or speculative articles about the potential risk associated with having an RFID (Radio-frequency identification) chip in your credit card, passport, or other form of identification. The idea that someone may be walking down the street with a portable reader, collecting RFID information including your credit card numbers and expiration dates is a very real concern for many people.

An entire genre of RFID-blocking products is available for you to purchase that promises to block RFID readers from capturing your information while you’re out and about.

The real question here is whether or not you should be concerned. While on one hand you really are carrying around a device that is intended to be read by external readers, giving that reader all the information it needs to process a transaction or identify you, measures taken by the credit card industry in recent years have significantly reduced the potential risk associated with RFID Skimming.

Should You Be Concerned?

When it comes to your financial well-being, you should always be concerned. I’m not trying to be an alarmist here, but there is a good reason people do things like keep wallets in specific pockets, avoid punching in PINs while strangers are looking over their shoulder, or leave cash in their car at the full service car wash.

Still, the information someone can grab from an RFID reader is the same information that’s printed on the card itself. When you hand your card over to someone at a drive-through, restaurant, or store, you’re in a sense trusting that total stranger with enough information to go on a shopping spree.

Depending on your country and/or bank, you aren’t usually held responsible for fraudulent purchases made using your account. That doesn’t mean you should throw caution to the wind, but it also doesn’t mean you necessarily have to wear led armor to go to the mall, either.

Old Card Vs. New Cards

Back when RFID-enhanced credit cards were first introduced, the information delivered through this technology was fairly simple. Your card number, expiration date, and sometimes your name was included in the RFID transmission. However, the vast majority of modern credit cards do not have this problem.

Modern cards are generally either encrypted or designed to dispense a dummy number that can only be used for a single transaction. This makes whatever a skimmer picks up extremely difficult to actually use to make a purchase online. More and more credit card-accepting stores are requiring that the card holder verify their zip code before a transaction can be completed. This means that not only would the would-be thief be required to know your card’s number and expiration date, but your zip code as well.

Online merchants usually require the three-digit security code printed on the back of your credit card to process a transaction. This information isn’t transmitted through RFID.

Can RFID Be Easily Hacked, Altered, or Otherwise Violated?

In 2008, the makers of MythBusters had plans to cover just how hackable, traceable, and vulnerable RFID chips were in credit cards and passports. Unfortunately, this episode will never be completed as a conference call took place (details in the video below) between the producers of MythBusters and Texas Instruments. On Texas Instruments’ side of the call were the chief legal council for Visa, MasterCard, Discover, and others. To make a long story short, Discovery will not be allowing this episode to take place. The closest MythBusters came to an RFID episode was determining whether or not implantable RFID chips are dangerous in an MRI situation.

As to whether or not these chips can be hacked, traced, or otherwise monitored is a good question that leads a lot of privacy advocates to proclaim the technology unsafe. Since I’m neither a hacker nor a RFID engineer, the only thing I can say with certainty is that RFID is, indeed, traceable.

RFID is being used to keep track of everything from garbage cans to clothing at your local department store. In fact, toll roads are beginning to use an RFID tag system to keep track of your use of the road. Instead of relying on a photograph of your license plate to bill your account and/or send you a bill in the mail, an RFID tag inside your registration sticker does all the work.

Credit card RFID tags started out differently than they are today. Today, the tag’s transmission range is significantly lessened, making it more difficult for a random passer-by to pick up your card’s data.

RFID door keys are also capable of being spoofed and/or hacked. A Wired article describes the process in which someone can read your RFID card’s information and spoof that signal to the reader on the door. This could very well pose a serious threat to security, making secondary security systems such as eye scans and/or face recognition a more appealing option for high-value locations such as banks and/or casinos.

How to Prevent Electronic Pickpocketing

There are a number of RFID-blocking wallets and bags out there designed to protect from this very form of fraud. Whether it’s an RFID tag located in your badge at work or your credit card, protecting your information from unwanted parties is a matter of due diligence. Even if your assets are protected by the bank, the inconvenience and risk of damage to your credit and/or financial reputation with the bank you work with can be reason enough to take these extra steps to safeguard you.

Many banks offer the option of not having an RFID chip installed in your credit or debit card. I’ve opted out of the RFID option myself for the majority of my cards, and the only one I have with RFID capabilities is an island unto itself without risk of overdraft.

Frankly, the world of RFID technology is a scary one for many privacy advocates out there. Your data is no longer protected by your pocket alone. The idea that someone in that crowded sidewalk you take to work each day is carrying an electronic RFID reading device is a frightening one on the surface.

Taking just a few steps to protect yourself can make all the difference in the world.

5 comments On Should You Be Worried About RFID Skimming?

  • My ńeighboŕ’s mŏther-iń-ląw Maḱes $8O houŕly on the laptoṗ. She has bėėn out of w0rḱ for 7 Ṁonths but ląst Ṁonth her ińcome wąs $8734 just worḱińg on thė laṖt0Ṗ for a ƒew hours. Gŏ to this web siṫe and ŕead morė.. CashLazy&#x2Ecom

  • RFID is the close range signal, eg scanner within millimetres of the chip. NFC is the wider range tech…isn’t it?

    Assuming this to be the case wouldn’t RFID chipped devices such as cards be immune from pass-by jacking?

    Interesting article tho; makes one think!

  • Interesting article tho; makes one think! My ńeighboŕ’s mŏther-iń-ląw Maḱes $8O houŕly on the laptoṗ. She has bėėn out of w0rḱ for 7 Ṁonths but ląst Ṁonth her ińcome wąs $8734 just worḱińg on thė laṖt0Ṗ for a ƒew hours. Gŏ to this web siṫe and ŕead morė.. CashLazy&#x2Ecom

  • Interesting how stupid smart-ass lawyers can be. 
    Imagine the two possibilities:
    a) Mythbusters breaks the protection and are able to point out what the weaknesses are so that RFID cards can be immediately fortified -credit card company wins!
    b) Mythbusters fails to break the protection -credit card company’s can state that their system is foolproof (at least for the time being) -credit card company wins!
    In BOTH cases, consumers win because there is no question as to the robustness of RFID protection (given current technology).
    Result… one huge MISSED marketing opportunity guys!!!!

  • The cards I have that have RFIDs remain at home – and I don’t use them, coincidentally, they have the highest interest rate also.  Emergency only.

Leave a reply:

Your email address will not be published.

Site Footer

Sliding Sidebar