3 minute read
CYBER SECURITY
Are RFID-Blocking Wallets Necessary to Prevent Credit Card Theft?
The pandemic is giving a substantial boost to all things touchless. So contactless credit cards, already gaining favor, seem poised to become ubiquitous. They account for more than half of transactions in Australia and several other countries and are quickly becoming the default as new cards are rolled out in the US. All newly issued Bank of America credit cards are contactless-enabled and “most American Express products have contactless technology,” the company says.
But Are They Safe?
RFID-enabled credit cards—you can usually tell them by a sideways Wi-Fi icon imprint—are read by RF-capable payment terminals. Wave them in front of the reader or tap it, and you’re on your way. But the security threat from an airborne information transfer is obvious—any in-range reader, not just a legitimate payment terminal, could capture the same information.
Thus, as production of RFID cards began in earnest in the early part of the decade, scary headlines followed, like NBC New York’s 2011 piece “New Technology Can Steal Credit Card Info Right Out of Your Wallet.” In proof-of-concept experiments, researchers demonstrated how it could be done. A wave of digital pickpockets would hit the streets, some warned. And a new marketplace was born. By Garett Seivold Garett Seivold is senior writer for LP Magazine. A trained journalist, he has spent the majority of his career writing about security, risk management, supply chain, and loss prevention topics. He can be reached at GarettS@LPportal.com.
RFID-blocking technologies have become big business. There are protective backpacks, wallets, sleeves, and shield cards. You can purchase shirts and jeans with RFID-blocking pockets built in. Criminals can buy readers for less than $100.
Much Ado About Nothing?
You can read accounts of information being stolen from RFID credit cards in scientific journals but not in police reports. It’s just not a thing, say most experts, including Eva Velasquez, CEO and president of the Identity Theft Resource Center (ITRC).
The supposed threat is that information an individual skims can then be used to steal the victim’s identity or conduct fraudulent transactions using their details. But Velazquez says there is just no data to suggest that the theoretical risk is a real-world problem. In a recent ITRC blog, “Do I Need RIFD Protection?” the organization says, “while hacking of RFID items is certainly within the realm of possibility, it’s just not a viable threat, especially not in comparison to other behaviors that can leave you at risk.”
Indeed, many fraud analysts and criminologists are on record as saying that trying to lift information from RFID credit cards would be a hugely difficult and tedious endeavor compared to the ease with which someone can cheaply procure a trove of credit card information on the dark web.
The ITRC says there is nothing wrong with using a RFID-blocking wallet if it provides some extra peace of mind, but warns that it shouldn’t take people’s minds off the important security precautions they really need to take, like reviewing credit reports regularly and protecting online accounts with strong, unique passwords.
Enhanced Security Features
Contactless cards today still have a computer chip and a tiny antenna and broadcast information through the air to be picked up by a contactless reader, but security enhancements make them fraud resistant, say analysts. The card chip in today’s contactless credit cards
