It isn’t hard to find news reports or speculative articles about the potential risk associated with having an RFID (Radio-frequency identification) chip in your credit card, passport, or other form of identification. The idea that someone may be walking down the street with a portable reader, collecting RFID information including your credit card numbers and expiration dates is a very real concern for many people.
An entire genre of RFID-blocking products is available for you to purchase that promises to block RFID readers from capturing your information while you’re out and about.
The real question here is whether or not you should be concerned. While on one hand you really are carrying around a device that is intended to be read by external readers, giving that reader all the information it needs to process a transaction or identify you, measures taken by the credit card industry in recent years have significantly reduced the potential risk associated with RFID Skimming.
Should You Be Concerned?
When it comes to your financial well-being, you should always be concerned. I’m not trying to be an alarmist here, but there is a good reason people do things like keep wallets in specific pockets, avoid punching in PINs while strangers are looking over their shoulder, or leave cash in their car at the full service car wash.
Still, the information someone can grab from an RFID reader is the same information that’s printed on the card itself. When you hand your card over to someone at a drive-through, restaurant, or store, you’re in a sense trusting that total stranger with enough information to go on a shopping spree.
Depending on your country and/or bank, you aren’t usually held responsible for fraudulent purchases made using your account. That doesn’t mean you should throw caution to the wind, but it also doesn’t mean you necessarily have to wear led armor to go to the mall, either.
Old Card Vs. New Cards
Back when RFID-enhanced credit cards were first introduced, the information delivered through this technology was fairly simple. Your card number, expiration date, and sometimes your name was included in the RFID transmission. However, the vast majority of modern credit cards do not have this problem.
Modern cards are generally either encrypted or designed to dispense a dummy number that can only be used for a single transaction. This makes whatever a skimmer picks up extremely difficult to actually use to make a purchase online. More and more credit card-accepting stores are requiring that the card holder verify their zip code before a transaction can be completed. This means that not only would the would-be thief be required to know your card’s number and expiration date, but your zip code as well.
Online merchants usually require the three-digit security code printed on the back of your credit card to process a transaction. This information isn’t transmitted through RFID.
Can RFID Be Easily Hacked, Altered, or Otherwise Violated?
In 2008, the makers of MythBusters had plans to cover just how hackable, traceable, and vulnerable RFID chips were in credit cards and passports. Unfortunately, this episode will never be completed as a conference call took place (details in the video below) between the producers of MythBusters and Texas Instruments. On Texas Instruments’ side of the call were the chief legal council for Visa, MasterCard, Discover, and others. To make a long story short, Discovery will not be allowing this episode to take place. The closest MythBusters came to an RFID episode was determining whether or not implantable RFID chips are dangerous in an MRI situation.
As to whether or not these chips can be hacked, traced, or otherwise monitored is a good question that leads a lot of privacy advocates to proclaim the technology unsafe. Since I’m neither a hacker nor a RFID engineer, the only thing I can say with certainty is that RFID is, indeed, traceable.
RFID is being used to keep track of everything from garbage cans to clothing at your local department store. In fact, toll roads are beginning to use an RFID tag system to keep track of your use of the road. Instead of relying on a photograph of your license plate to bill your account and/or send you a bill in the mail, an RFID tag inside your registration sticker does all the work.
Credit card RFID tags started out differently than they are today. Today, the tag’s transmission range is significantly lessened, making it more difficult for a random passer-by to pick up your card’s data.
RFID door keys are also capable of being spoofed and/or hacked. A Wired article describes the process in which someone can read your RFID card’s information and spoof that signal to the reader on the door. This could very well pose a serious threat to security, making secondary security systems such as eye scans and/or face recognition a more appealing option for high-value locations such as banks and/or casinos.
How to Prevent Electronic Pickpocketing
There are a number of RFID-blocking wallets and bags out there designed to protect from this very form of fraud. Whether it’s an RFID tag located in your badge at work or your credit card, protecting your information from unwanted parties is a matter of due diligence. Even if your assets are protected by the bank, the inconvenience and risk of damage to your credit and/or financial reputation with the bank you work with can be reason enough to take these extra steps to safeguard you.
Many banks offer the option of not having an RFID chip installed in your credit or debit card. I’ve opted out of the RFID option myself for the majority of my cards, and the only one I have with RFID capabilities is an island unto itself without risk of overdraft.
Frankly, the world of RFID technology is a scary one for many privacy advocates out there. Your data is no longer protected by your pocket alone. The idea that someone in that crowded sidewalk you take to work each day is carrying an electronic RFID reading device is a frightening one on the surface.
Taking just a few steps to protect yourself can make all the difference in the world.