Is RFID a Threat?
Who Discovered the RFID Threat?
Early on as credit card and other companies were experimenting with various methods for payment, the ability to have a “contactless” payment form was created. This allowed those who had cards with RFID (Radio Frequency Identification) technology to place their card close to the receiving payment device and pay for the purchase without the need to swipe their card (although swiping technology ala the magnetic strip is still there).
These types of cards have marketing names on the card like PayPass, Blink, PayWave, Express Pay, etc. If you have any of these on your card or a wavy logo, then you have an RFID enabled card.
Security researchers proved quickly that the RFID technology had its weakness in the close field transmission convenience it provided to users. Since it was a signal, it could be picked up by anyone with the right equipment, who could clone a card’s information and use it for fraudulent purchases. But there’s a problem with the real-life implementation of this idea being a holy grail for criminals. It's one thing to find a problem in the research lab, it's another to see it used in the real world.
Criminals Aren’t That Stupid
For starters, you have to be within a few feet and sometimes inches of the transmitting card to read it. Criminals aren’t that stupid. To start with, the percentage of credit cards with RFID transmission technology is small, statistically around zero percent. So would a criminal stand on the corner of busy street for hours hoping to catch a would-be victim when the likelihood of success is so low? Probably not, they know they can spend their time more effectively doing something else. The cost of acquiring all the equipment needed to “sniff” an RFID signal is much more than the cost of just going to the underground Internet and buying bulk blocks of credit card numbers. They know how to use their time for the best return, and not waste it on something with little chance of success.
But what about other RFID enabled items like Passports, ID cards, driver’s licenses, etc? Well, the best a criminal might glean from those items is an address. That information is ubiquitous and frankly, not very useful to them. So what about the risks in today's market?
Technology Marches On!
As technology tends to do, it advanced quickly and the use of RFID has quickly fallen out of favor as the new EMV chip cards were adopted. As credit cards expire, new ones are issued and as new technology advances so too are new cards issued. Some companies like American Express still offer all three options on their card; contactless, magnetic stripe and EMV chips for convenience, but with the country-wide move to EMV, vulnerable RFID has gone the way of the dinosaur.
Additionally, with the move toward mobile payments using cell phones and wearables, it has diminished the allure of an all RFID world. For example, the new metallic square chips on the new cards being issues are NOT RFID, and any new RFID cards now incorporate a chip-and-PIN protection scheme which generates a new password key between the card and the machine every time it’s used for payment which makes it near-impossible to capture and replicate.
Controversy in a Vacuum…Time to Make Money!
As Roger Grimes of InfoWorld expressed it, the RFID “scare” is nothing but “entertainment for the paranoid”
. But that in itself makes this a wonderful opportunity for companies to capitalize on the scare and make some money! We can even find the Electronic Frontier Foundation trying to sell you a an RFID blocking wallet
. You will see that despite the lack of any real threat, companies have rushed to produce unique wallets and pursues which block RFID. You have as many RFID blocking wallet choices as you do for normal wallets. The fact remains, however, that this is a marketing opportunity, there is no real threat to your wallet from RFID “skimming”.
Do you need an RFID Wallet?
With the low risk, evolving technology and fraud coverage from your card issuers, I’d like to hear from ANYBODY who has had their card compromised from the RFID “scare”, and if you have, what did you lose? Your credit card information will be compromised, if it hasn’t already, but it won’t be via RFID thievery. It will continue to happen as website hacks are successful in harvesting millions of credit card numbers, but not via RFID. Don’t waste your money on a special RFID wallet. Get the wallet you really want instead.