In writing about our personal experiences, we sometimes mention products & services that we use or recommend. This page may contain affiliate links for which we receive a commission.
You hear about it all the time…
Electronic pickpocketing is on the rise. Credit card numbers and personal information are being stolen by thieves using illegal card skimmers and RFID card readers
In reality, there are plenty of ways your credit card information can be stolen.
But since we’re only talking about RFID protection today, here are the 2 ways that RFID is used in connection with your credit cards:
- RFID chips are embedded in more credit cards than ever before. Eventually all credit cards will have a chip in them. At this time, most credit card issuers are not utilizing the security feature that requires a PIN prior to accessing the card.
- Mobile payments (like Apple Pay and Android Pay) are also becoming more common. Here, you only have to wave your phone (with your credit card information stored inside) near a vendor’s card reader to pay for something. For your protection, there is a 2-step authentication process before the card will work.
In contactless payment applications like these, the RFID chip stores all of your personal credit card information. When an RFID card reader is held close to the chip, the information is read, and your account is charged.
So yeah, electronic pickpocketing and the need for RFID protection is a compelling story, but is it really a threat?
Before you rush out to buy all new items with RFID protection, here’s what you need to know…
History Of RFID Technology
The first major user of contactless payment was Mobil in 1997 with the introduction of Speedpass – which allowed you to pay at the pump with a special keychain fob.
RFID technology moved into credit cards in 2005.
In over 10 years since RFID technology has been in place, a security epidemic with chip cards being remotely accessed has not happened – yet.
How RFID Credit Cards & NFC Payments Work
The underlying technology used with contactless payments is called Radio Frequency IDentificaton (RFID).
An RFID chip costs pennies and can hold a wide array of information. To date, RFID chips have been used in numerous applications – ranging from warehouses to hospitals. Heck, you can even install RFID door locks in your home or office now!
For security purposes, RFID chips in credit cards are built with strong encryption to protect the personal information stored on them. In addition, the chip sends a unique, one-time use code for each and every transaction – and those codes do not match the number printed on the card.
The only downside is the fact that most U.S. credit card companies are not requiring the chip and pin authentication at this time – which makes them a tad less secure during the checkout process than they were intended to be. But that’s simply an extra layer of protection, not a necessity.
Another form of contactless payment is based on cell phone Near Field Communication (NFC) antennas. NFC is a type of High-Frequently RFID. Apple Pay and Android Pay are currently the leaders in the field of NFC mobile payments.
With NFC devices, digital theft is very unlikely due to 2-step authentication. For example, with Apple Pay you have to hold the phone near the reader and authenticate with the home button Touch ID reader.
So really, your chip credit cards are the most vulnerable when they are being carried on your person – in a wallet or purse.
RFID cards do have a unique vulnerability. Your card can be read surreptitiously. Unless you were paying attention to the guy behind you with a reader, you’d never know you were being skimmed. Source
How Electronic Pickpocketing Works
A digital pickpocketer works something like this:
- They hold a portable RFID card reader close to your RFID-chipped credit card.
- A connection is made.
- Either money is transferred into an account without your knowledge OR your personal information stored on that card is transferred into a database where it is later sold to others.
An enterprising thief simply needs a crowd, a wireless handheld RFID reader, and someone who is unaware that a credit card reader is being pointed at them.
Possible? Definitely! Plausible? Let’s walk through it…
How Likely Are You To Need RFID Protection?
To determine your true level of risk, consider these facts:
- The electronic pickpocketer needs a crowd – because RFID-enabled cards aren’t all that common yet in the United States. So, if a digital pickpocketer is going fishing, he will need to cast his line many times.
- Remote handheld readers are available online for under $50. If crime is your profession, that’s a fairly small cost of doing business and not much of a deterrent.
- The device that makes the electronic connection isn’t very big. Although it can be reasonably well concealed, it still looks unusual when you actually see someone using it – so that could catch the attention of someone.
Even if electronic pickpocketing can be done with some amount of stealth, most criminals engaging in fraud do behave semi-rationally. The risk/reward/effort equation probably makes this a less attractive crime than other credit card crimes – like gas station skimming or ATM card skimming.
How To Protect Yourself
Still, you need to be smart. How you use and handle your chip credit cards is important.
Here are some things you can do to minimize your risk:
- Put all of your RFID cards inside protective sleeves.
- Wrapping a credit card with aluminum foil is a cheaper version of an RFID protection sleeve, however that’s not a foolproof method.
- Carry wallets and purses that have RFID protection built in.
- Don’t carry cards with an RFID chip. Ask the issuer for a card without a RFID chip instead.
While some credit cards, such as certain versions of the American Express Blue Card, actually have a visible RFID chip, most do not. Many are marked with the RFID signal, which consists of 4 nested curved lines, much like the symbol for Wi-Fi wireless networking. Others will have a logo or text marking bearing the words “PayPass,” “Blink,” “payWave” or “ExpressPay”. Source
For now, most new credit cards will have both a magnetic stripe and a chip – rendering the cards vulnerable, if the data stored in either of those formats is hacked.
If your credit card has a chip, then it’s slightly more safe to use than one without a chip. But it’s not until credit card companies go the extra step and require “chip and pin” authentication that our RFID credit cards will truly be secure – in the way this EMV technology was designed. (EMV stands for Europay, MasterCard, and Visa, the 3 groups who began this initiative.)
Beyond that, pretty much all you can do is keep your chip cards safe from unscrupulous people with remote card readers by using some form of RFID protection like an RFID wallet or an RFID purse (mentioned above). They also make a number of handy travel aids like RFID vests, RFID luggage, and RFID passport covers too.
By the way, EMV technology doesn’t do anything about online fraud, unfortunately. So, if your card information is stored in an online shopping account or other website and that information gets compromised … the little chip on your card won’t protect you. The only thing you can do is have hard-to-guess passwords and change them often. Source
As new versions of contactless payment come into play, it will become even more important for you to understand RFID technology – so you can make the best choices for your digital security.
More About Chip Credit Cards & RFID Protection
- Chip Credit Cards Are More Secure Than Magnetic Strip Cards
- How RFID Credit Cards Are Cloned
- Can Chip-Enabled Credit Cards Be Hacked Wirelessly?
- An Unhackable RFID Chip In Credit Cards?
I got my first computer in 1986 and immediately started writing, saving documents, and organizing my entire life on it. Thus began my love affair with gadgets and all things tech. I built my first website in 1998 in old-school HTML code — before websites were "a thing". Blogs weren't invented yet. It was the same year that Google was born. My husband and I created TheFunTimesGuide.com in 2004 — before YouTube, Twitter, Reddit, and Mashable were launched. That was the year Facebook started and 'blog' was the Word of the Year according Merriam-Webster. Ever since then, anytime a new electronic gadget hits the market… I have to have it. (My husband's impulsive nature to try out every new tech gadget invented is even worse than mine!) When I'm not trying out fun new tech gadgets, you'll find me at the corner of Good News & Fun Times as publisher of The Fun Times Guide (32 fun & helpful websites).