Is RFID a Threat?

by Mark Ward January 02, 2017

Is RFID a Threat?

Who Discovered the RFID Threat?

Early on as credit card and other companies were experimenting with various methods for payment, the ability to have a “contactless” payment form was created. This allowed those who had cards with RFID (Radio Frequency Identification) technology to place their card close to the receiving payment device and pay for the purchase without the need to swipe their card (although swiping technology ala the magnetic strip is still there).

These types of cards have marketing names on the card like PayPass, Blink, PayWave, Express Pay, etc.  If you have any of these on your card or a wavy logo, then you have an RFID enabled card.

Security researchers proved quickly that the RFID technology had its weakness in the close field transmission convenience it provided to users.  Since it was a signal, it could be picked up by anyone with the right equipment, who could clone a card’s information and use it for fraudulent purchases.  But there’s a problem with the real-life implementation of this idea being a holy grail for criminals.  It's one thing to find a problem in the research lab, it's another to see it used in the real world.

Criminals Aren’t That Stupid

For starters, you have to be within a few feet and sometimes inches of the transmitting card to read it.  Criminals aren’t that stupid.  To start with, the percentage of credit cards with RFID transmission technology is small, statistically around zero percent.  So would a criminal stand on the corner of busy street for hours hoping to catch a would-be victim when the likelihood of success is so low?  Probably not, they know they can spend their time more effectively doing something else.  The cost of acquiring all the equipment needed to “sniff” an RFID signal is much more than the cost of just going to the underground Internet and buying bulk blocks of credit card numbers.  They know how to use their time for the best return, and not waste it on something with little chance of success.

But what about other RFID enabled items like Passports, ID cards, driver’s licenses, etc?  Well, the best a criminal might glean from those items is an address.  That information is ubiquitous and frankly, not very useful to them.  So what about the risks in today's market?

Technology Marches On!

As technology tends to do, it advanced quickly and the use of RFID has quickly fallen out of favor as the new EMV chip cards were adopted. As credit cards expire, new ones are issued and as new technology advances so too are new cards issued. Some companies like American Express still offer all three options on their card; contactless, magnetic stripe and EMV chips for convenience, but with the country-wide move to EMV, vulnerable RFID has gone the way of the dinosaur.

Additionally, with the move toward mobile payments using cell phones and wearables, it has diminished the allure of an all RFID world. For example, the new metallic square chips on the new cards being issues are NOT RFID, and any new RFID cards now incorporate a chip-and-PIN protection scheme which generates a new password key between the card and the machine every time it’s used for payment which makes it near-impossible to capture and replicate.

Controversy in a Vacuum…Time to Make Money!

As Roger Grimes of InfoWorld expressed it, the RFID “scare” is nothing but “entertainment for the paranoid”. But that in itself makes this a wonderful opportunity for companies to capitalize on the scare and make some money!  We can even find the Electronic Frontier Foundation trying to sell you a an RFID blocking wallet. You will see that despite the lack of any real threat, companies have rushed to produce unique wallets and pursues which block RFID.  You have as many RFID blocking wallet choices as you do for normal wallets.  The fact remains, however, that this is a marketing opportunity, there is no real threat to your wallet from RFID “skimming”.

Do you need an RFID Wallet?

With the low risk, evolving technology and fraud coverage from your card issuers, I’d like to hear from ANYBODY who has had their card compromised from the RFID “scare”, and if you have, what did you lose?  Your credit card information will be compromised, if it hasn’t already, but it won’t be via RFID thievery.  It will continue to happen as website hacks are successful in harvesting millions of credit card numbers, but not via RFID. Don’t waste your money on a special RFID wallet.  Get the wallet you really want instead.


Mark Ward
Mark Ward

Author




Also in Narwhallet

5 Must and 5 Never Things to Carry in Your Wallet
5 Must and 5 Never Things to Carry in Your Wallet

by Mark Ward January 20, 2017

Easy enough, these top 5 “must” and “never” carry lists are all you need.  Making a conscious choice every day in what you carry brings dividends in knowing what you always have available and what you could lose.

Continue Reading

7 1/2 Best Minimalist Wallets. Period.
7 1/2 Best Minimalist Wallets. Period.

by Mark Ward January 17, 2017

Here are the best 7 and 1/2 minimalist wallets we see on the market.  THESE ARE IN NO PARTICULAR ORDER, because we love wallets so much, that it’s hard to tell your children who’s your favorite.  You can try and debate us, but we’re not going to listen.

Continue Reading

Spectacles, testicles, wallet, and watch
Spectacles, testicles, wallet, and watch

by Mark Ward January 11, 2017

Thank goodness that style or fashion hasn’t had a chance to displace a man’s testicles, but if we’re talking about castration, then culture has done a fine job of making men wussies and father’s some kind of bumbling idiot.

Continue Reading