Open up your wallet. Take a look at your credit cards. There’s a good chance you’ve got at least one RFID-chipped card in the mix. For years, millions of MasterCard PayPass, American Express ExpressPay, Visa PayWave, and Discover Zip cards have been making payment transactions quicker and easier. Company executives and industry reps say the technology, in use in the financial world for nearly a decade, is safe for consumers. Others beg to differ. The convenience of tapping your card on a PayPass or ExpressPass terminal could mean getting more than you bargained for. Here’s how it works: RFID-enabled cards do away with the traditional magnetic strip and instead rely on a microchip that transmits radio signals. Those signals relay card information to the payment terminal for processing. Sounds great, right? Well, there’s a catch. Those radio signals can be picked up without your consent. Card readers are cheap, readily available, and relatively easy to use. Digital payment smartphone apps put the power to swipe your information into even more hands. A fraudster could sidle up next to you, with his reader (hidden in a pocket or bag) a few inches away from your wallet or purse and make off with your name, credit card number and other information. That data is then transferred to a blank card, ready to be swiped. Quick, easy, and all without your knowledge. Think pickpocketing for the digital age. Though articles have been popping up for years on the dangers of RFID-card skimming — researchers gathered cardholder names and other unencrypted data back in 2006, according to the New York Times — dangers still exist. At a Shmoocon hacker conference in 2012, Recursion Ventures’ Kristen Paget made a purchase with data stolen from an RFID-chipped card, captured with a card reader she bought for $50 on eBay, according to Forbes. Paget easily transferred the data from a card supplied by a volunteer from the crowd onto a blank credit card. Credit card companies say your information is safeguarded behind security codes and security questions that stop thieves in their tracks. And unlike with traditional means of card theft, RFID scamming seems to be limited to a single transaction. Cards generate one-time use CCV codes — a three- or four-digit number on the back of your card used in verifying purchases. Experts say this security measure makes RFID theft unsustainable. But that may not stop scammers who get their hands on the technology. Protect yourself with a few easy steps.
Know what you’re working with
There’s a good chance your card is RFID-enabled. It’s easy to check if you’re not sure. Scan the card for a logo. An RFID-enabled card should be contain an identifying word or phrase (like PayPass or Blink) or a wave symbol. Try it out. Tap your card against an RFID reader next time you make a purchase. If you’re still unsure or tapping the card on a swipe-less terminal doesn’t work, search online or call your credit card company.
Be on the lookout
Be wary of strangers standing too close or eyeing your belongings. Just a few seconds is all it takes to transmit important information via radio signal. Monitor your transactions and credit reports, or set up an account with an identity theft protection provider. Notify your credit card company if anything looks amiss.
Buy a safeguard
Online retailers are awash with wallets made to block radio signals. HuMn, a wallet company that started with a Kickstarter campaign, uses aluminum and carbon fiber plates to protect against RFID skimming. The sleek wallets start at $50.
Do It Yourself
Not ready to drop $50 on a wallet? No problem. There are online tutorials galore for making your own signal-blocking wallet. Make Wired’s Faraday Cage wallet using duct tape, foil, scotch tape and a ruler. Want to go even simpler? Stick your cards in an Altoid tin (a makeshift Faraday cage), make a wallet out of duct tape or wrap those cards in foil. It may not be fancy, but it works.
