Get a Free Credit Consultation
Swipeless Credit Cards Containing RFID Chips - Are They Safe?
Last Updated: May 4, 2012
If you were one of the estimated 9 million Americans who fell victim to identity theft last year, you know that getting billed for someone else's credit card charges stinks. Enter the "radio frequency identification" (RFID) credit cards which are designed to provide an extra layer of protection against indentity theft. But does it work?
What is RFID Technology?
An RFID card transmits credit card information through radio waves from a chip embedded in your card. If you are using a card with an RFID chip, and your merchant has a compatible reader, you don't have to swipe your card when making a purchase. You just hold your card inches from the scanner and wa-la - your sale is transmitted.
Major credit card moguls MasterCard, Visa and American Express are promoting contactless versions of their credit cards, which only need to be held near a special reader at the checkout counter for a sale to go through, eliminating the need for the standard card swiper.
Do the Benefits Outweigh the Drawbacks?
There is conflicting data regarding the ability of a criminal to "skim" information off of a RFID-enabled credit card without ever having to touch the victim. All the criminal needs is an $8 device easily purchased at an electronics store. This video shows the "act of skimming" and the remedy of the victim purchasing a "sleeve" or "wallet" that uses foil to sheild the credit card from such invasions. (by the way, you can purchases these sleeves on the internet)
The bottom line is, the sources we've found thus far seem to indicate the answer is a resounding "no". The use of the RFID chip embedded into credit cards may potentially let credit card hackers steal your personal information. The scariest part is that it can happen right in your presence, without you even knowing it. In fact, we've shared several blog posts with readers regarding this subject to date. Our post on June 1, 2008 gave a "complete tutorial on how to spend $50 worth of equipment to hack into anyone’s credit card embedded with RFIDs". In our September 4, 2008 post, we discussed a potential television segment that "Mythbusters" was planning to air on this RFID technology - which was subsequently killed, after reported phone threats to the Discovery network. Now if that doesn't sound suspect, I don't know what does.
It seems writers at creditcards.com have similar concerns about the safety of contactless cards. In a March 2009 article, they question the safety and security of the technology as well.
How Does RFID Technology Work?
A traditional credit card uses a magnetic strip to store account information, which is retrieved when swiped through a credit card machine. A "swipeless", or "contactless" credit card uses RFID to store the same information within a "smart chip". The chip is embedded within the credit card itself. When exposed to a contactless credit card reader, the electromagnetic waves emitted by the reader initiate the chip to respond via a small radio antenna, which then transmits the data to the reader and on through the card issuer's network.
Other Applications of RFID Technology
RFID technology has been used since World War II, where it was applied to identify friendly versus enemy aircraft. It is commonly used in identification tags for people or animals, as well as warehousing or retail inventory or electronic lock applications such as cardkeys.
Dangers of RFID
The concern is that a potential hacker could be standing next to you with a card reader hidden out of view, lifting your account information from the card without your knowlege, in a process dubbed "skimming". Fortunately, the card issuer's would likely be responsible for any fraudulent charges.
Can I Protect My Privacy With Contactless Cards?
You can purchase a RFID-blocking wallet with a conductive metal shield in it, usually steel, nickel or copper. A cheaper, but less reliable method is to wrap your card in tin foil to block the receipt of the RF signal.
Card issuers say sleeves aren't necessary, of course. They insist the unencrypted account information that the UMass researchers found was an anomaly and that most contactless cards employ stronger security. Issuers also have removed the cardholder's name from second-generation cards, saying it would be difficult for a thief to use the card number without a name or security code. Nonetheless, the data is pretty convincing, laboratory or otherwise. And our private information, which is the bridge to our credit and financial lifeblood, is perhaps the most valuable aspect of a person's life outside of their health. Individuals need to be aware of what they are being exposed to, and make choices accordingly. Don't need that credit card after all? Cancel it, or ask for one without the RFID technology if possible. They can only say no.
Do you have a question you feel we haven't answered?
Get a FREE initial credit or debt consultation or buy our book "Good Credit is Sexy".
Order Paperback Now and Receive a FREE Sample Letter CD - Only $19.95 |
