Personal data and funds must be kept completely secure – this is an indisputable fact. It is especially true for those people who travel often or who take frequent business trips. A lot of information is now stored on different devices that use RFID technology. Let’s see how secure this technology is, and whether we need to take any additional steps to protect the data stored in this way; So, do you really need RFID blocking technology?
RFID technology safety. Why do you need RFID blocking?
RFID (radio frequency identification) is a process that uses electromagnetic fields to identify and track tags attached to objects. Tags contain electronic information that can be read by an RFID reader which uses radio waves.
This electronic information can be intercepted and stolen. Why? RFID chips are always on and are accessible by anyone with an RFID reader and these RFID readers are sold freely. The chips on contactless cards contain your data, which could be made available to fraudsters. The RFID chips can be skimmed with a reader without touching your wallet or pocket. This is called electronic pickpocketing.
The most common devices with an RFID chip are RFID credit and debit cards, RFID identification cards, and RFID passports. Contactless cards are so widely used that criminals have many opportunities to get hold of your card information. Although most RFID chips are partially encrypted, and the distance at which the card chip can be read is reduced, data and money theft are still possible!
How can your data and money being stolen? It’s quite simple; It is possible for a criminal to take a payment from your payment card with a mobile payment machine or by using a mobile phone, send the data to another phone and make a payment on that second device. Also, they can read information from a contactless card using RFID readers. The hacker only needs to get close enough to the victim’s card for a short period.
It is also possible to make payments which are above the payment limit (£45 in the UK or $100 in the USA). There is a way to bypass that limit on Visa cards. In 2019 researchers extracted several successful payments as high as £101. Hackers need special hardware to intercept and insert messages in the communications between the card and the reader. They could tell the card that verification wasn’t needed and then told the terminal that verification has already been made. For the attack using two mobiles, it was possible to use one smartphone to tap a card and clone it. The cryptogram is sent to the second phone, which simulates the card as if it were making a mobile payment.
So, fraudsters can skim details off your contactless card.
What information can be intercepted by an RFID reader?
Contactless cards contain personally identifiable information (PII). If hackers get hold of this information, it can be harmful. For example, an attacker could open a credit account in your name. Or hackers could simply steal your money.
When reading an NFC banking card compliant with EMV, for example, the following PII is available:
- Full Card Number.
- Full Expiry Date.
- Card Type (Mastercard, VISA, etc).
- Card Issuer.
- Service Codes.
- Application Identifier (AID).
- Transaction Counter.
- Pin Try’s Left.
- A list of the last transactions completed on the card, even transactions that were not contactless.
- In some cases, your Name, Surname.
Growth of identity theft
The theft of money or personal data is quite common. The number of such crimes is growing. For example, in the United States, there were 650 572 cases of identity theft in 2019 (20.33% of all fraud cases). Credit card fraud was the most common type of identity theft in 2019 making up 41.8% of all identity theft reports (over 270,000 reports). According to Ascent’s study on American credit card habits, 35% of consumers have been victims of credit card fraud.
UK Finance shows fraud using contactless caused £19.5 million of losses during 2018, up from £14 million in 2017. At the same time, UK Finance has predicted that by 2028, 37% of payments made in the UK will be contactless. For comparison, in 2018, only 18% of payments were contactless.
In 2018, nearly $28 billion of illegal credit card purchases were reported worldwide, and that number is expected to grow over the next 5 years.
Criminals could also use your data to open a credit account in your name. This type of fraud (new account fraud) increased by 24% in 2018.
Synthetic account fraud is also quite common. Synthetic account fraud involves using a combination of real and fabricated information. After creating a synthetic account, the identity thief has two options: make a purchase or get cash immediately, and then abandon the account without paying the bill. This type of fraud accounts for 80% of credit card fraud losses in 2019-2020. It’s the growing type of financial crime in the United States.
In general, unauthorized access is on the rise so be careful when using your contactless cards.
RFID card clash
Another problem with contactless cards is an RFID card clash. Many people carry several RFID cards in their wallets: credit and debit cards, driver’s licenses, passports, and access cards. Therefore, you may have a problem with scanning cards, the RFID reader will not be able to read the necessary information.
If you ride the underground, you can easily pay for two trips instead of one, since the system may not know whether you are getting on or off. If you pay with a credit card, but there are several of them in your wallet, money may be debited from the wrong card instead of the one you wanted to use. To avoid such misunderstandings, RFID blocking technology is often used. For example, in the form of blocking cards or wallets.
Conclusion. Do you really need RFID blocking?
Identity and personal data theft are common today, so you would benefit from using RFID blocking technology.
‘If you are worried about someone reading your cards, there are several RFID blocking products that can prevent skimming.