What the heck is RFID theft and should anybody be worried about it?
The quick answer is that you should worry about it, sort of… in theory.
But does anyone know for sure?
To be honest, it’s confusing, but we’ve got answers. Read on to find out.
It goes without saying, always take your personal and digital security seriously. Consult an expert before making any decisions regarding the information presented in this article.
Table Of Contents (click the titles to skip ahead):
- What Is RFID
- RFID vs EMV
- What Is RFID Theft & How It Works
- Is RFID Theft Real
- Technological Fixes
- Do You Need RFID Protection
- How RFID Blocking Works
- Blocking Hacks
- Best RFID Blocking Gear
Everything You Need To Know About RFID Theft
I wrote this post because it’s hard to find a straight answer about RFID and the risk of RFID theft.
When I learned about it made my head was spinning with more questions. What does it actually do? What really is the risk? Why does it matter? Should I be worried about RFID theft?
If you are asking similar questions, this is the post for you. I spent the better part of three weeks obsessing over RFID and whether or not to get an RFID blocking travel wallet.
Hopefully, this article will help stop your head spinning and give you the definitive answers you are looking for in regard to RFID risks, gear, and technology.
What Is RFID?
RFID stands for Radio Frequency Identification. It is a technology that has been around for a while now. And like many new technologies, we the end users weren’t really given much choice about it.
Credit card companies introduced the ‘tap’ pay system with RFID enabled cards around 2005. But this technology has been around for a long time. It is literally everywhere.
Shipping and warehouse companies use it to track packages wirelessly and it is used in everything from work ID badges, to library cards, to inventory tracking.
You know those little plastic security tabs they take off your clothes at the store when you checkout? Those are RFID tags.
To know if your credit card is RFID enabled, look for this symbol:
How Does It Work?
An RFID tag is an electromagnetic chip that both sends and receives information.
When a scanner is nearby an RFID chip is activated, sending information to the scanner for reading.
In the case of your credit card it is sending the card numbers to the reader to be processed.
You can think of it as an invisible barcode.
With RFID the scanner doesn’t need to physically see or scan the code, it just has to be within the vicinity to trigger and pick up the signal.
In most cases a reader has to be close (within 6 inches) to the tag it is trying to read for the tag to be activated and the information received.
However, there is evidence that it can be done over a distance of a few meters with the proper equipment.
This all sounds great for supply management—data flying through the air for anyone to easily pick up—but when it comes to our personal information it can present a security risk.
RFID vs EMV
Before talking about how RFID theft works, it is important to know about EMV credit cards.
EMV stands for Europay Mastercard Visa. Basically, these are chip cards.
Cards with these chips are more secure than RFID because they have to be physically inserted and read by the machine.
This means someone cannot read your information without physically having your card.
In Europe and Canada, most cards with EMV chips also require a PIN number.
Although this standard is becoming more common in the US, most chips still only require an easily forgeable signature.
This technology, while not foolproof, provides two further layers of theft protection than RFID.
Chip cards have to be physically read by the machine, then a unique PIN is required to complete the transaction.
That said, thieves can still install readers at physical ATMs. In this case, they collect your information as you physically enter it.
What Is RFID Theft And How Does It Work?
So how do thieves actually steal your information from an RFID enabled card?
In theory, a person only has to buy an RFID scanner and get close enough to your wallet or purse to scan the tag, at which point the numbers needed for a transaction will be sent to the scanner.
Someone might get close to you on a crowded train or steal your credit card info by walking by you closely on the street.
After that, they could use those numbers for online purchases or to clone a fake credit card.
This process is called RFID ‘skimming’ or ‘electronic pickpocketing.’
You’ve got to admit, it’s pretty simple. But does this really happen?
Is RFID Theft Real?
Now this all sounds pretty easy, but RFID theft is actually harder to pull off than those viral Youtube videos would have you believe.
First, because it is a radio frequency, the signal from an RFID chip is easily interrupted or distorted.
Anyone who was alive when TVs still had big metal antennas or has an old radio knows that what is around the antenna or near it can greatly affect the signal.
As discussed more below, this is the principle RFID blocking technology works from.
Further, if you have more than one of these cards in your wallet when someone with a reader passes by all the cards will emit information at the same time, confusing the reader with a jumble of unreadable information.
Second, and more importantly, there are no documented cases of fraud by way of RFID skimming, and credit card companies have ensured that it is near impossible anyway.
Card Companies Say They Fixed It With New Tech
Most experts agree that RFID skimming is possible, but they also agree that the pieces of information you can get through digital pickpocketing are near useless.
The data a chip emits does not contain PIN numbers or CVVs (Card Verification Value-the 3 digit number on the back of your card). And any card issued recently does not transmit any customer names.
Without those unique identifiers, the cards would only be useful for small purchases on insecure platforms anyway.
New Cards Are Encrypted
Card companies now claim that RFID chips only create one encrypted transaction code per scan. Meaning that even if someone did scan your card that code would only be good for one purchase and they would not obtain any transferable information about you.
Additionally, each transaction is encrypted with a unique code only valid for that specific purchase.
Encrypted transaction codes require a decryption token that is not provided on the customer side of the transaction.
Essentially, the information a would-be thief gets is garbage, or as David Bonalle, VP for advanced payments at American Express put it, “It’s basically useless information […] You can’t steal that data and just play it back and expect that transaction to work.”
Credit card companies have also refined RFID technology for distance. Whereas previously chips could be read from a few meters away, newer chips are manufactured to only be readable at near-touching proximity.
Do You Need RFID Protection
From the above, it appears industry experts would agree that RFID fraud is very unlikely if not very difficult. This begs the question, why do you see RFID blocking travel gear everywhere you go?
Well, since inception of this technology it has been misunderstood. This led well-intentioned people to invent a solution; RFID blockers.
While this has grown into a billion-dollar industry, do you really need it?
If you believe the industry experts you probably don’t need it. Still, RFID blockers are readily available and affordable. Why not use them just in case? It doesn’t hurt to be a little more secure, does it?
I agree with this second approach. If you can find what you are looking for with RFID blocking technology at a similar price, you may as well got for it.
There is an RFID blocking hack that you can make for near nothing as well.
How RFID Blocking Works
RFID blockers actually work on a very simple principle.
As mentioned above, radio frequencies are easily intercepted and distorted by competing frequencies (other cards in your wallet) or by physical obstacles such as distance, material, or more importantly, metals.
Most RFID blocking materials are made with some sort of metal. RFID blocking wallets or sleeves will have metals like copper or nickel integrated into the materials.
These metals block and distort the radio frequencies that allow your card to be read without contact.
The exception to this is Tyvek, which is made of a type of plastic. Yes, the building material used to wrap houses before the siding goes up.
RFID Blocking Hacks
Tyvek is a great DIY hack for RFID blocking. You can find it at most hardware stores and find scraps sitting around construction sites. Use it to make your own sleeves for credit cards.
If you have never used Tyvek it is nearly indestructible.
Regular aluminum foil that you probably have in your home right now has also been shown to be a great RFID blocker. It’s cheap, can be found practically anywhere in the world, and is easily customizable.
You might read some copy from RFID blocking manufacturers that say otherwise but watch this 2 part video and decide for yourself. In it, he proves that aluminum foil works to block card readers.
This guy also talks about something called the VaultCard. If you don’t want to bother with foil or buying a whole new wallet, this is a great option.
You just slip the card in with your other credit cards and it uses military-grade technology to jam RFID nearby readers.
Red Construction Paper
While this one is hard to believe, he proves it in his video. While I don’t think I would trust this method alone, it goes to show that blocking RFID skimmers is easier than the security apparel industry would have you believe.
Do Your Passport Need RFID Protection
It is worth mentioning that most modern passports are also RFID enabled. If you see this symbol on your passport, it has an RFID chip.
Just like a credit card, you can place your passport in a blocking wallet or tin foil if you want to mitigate the risk of your information being skimmed.
However, according to the Bureau of Consular Affairs, passports chips are designed to only be read when the passport is open.
If this is true, then when traveling with your document closed in your pack or wallet there shouldn’t be any risk of data skimming.
Top RFID Blocking Gear
After reading this, if you still want the added security of an RFID blocking wallet, take a look at our top picks.
These picks are based on price, durability and of course, style.
Best Large-Clutch Sized RFID Wallet
As I said at the beginning, I opted for a simple Eagle Creek RFID Organizer. But recently I came across the unisex Tyvek Clutch by Paperwallets. I am going to get one of these then line it with a sheet of aluminum foil. I’ll keep you updated on performance.
Paperwallet make super stylish wallets and unisex clutches out of artist colored Tyvek.
The material is light, has a slim profile, and is RFID blocking.
They also make a micro wallet if you just want something for your cards or change.
Find them at the Paperwallet website.
Pacsafe V250 Travel Wallet
A simple-durable design with a wrist band the V250 travel wallet has ample space to hold cash, cards, and a passport in a discreet design.
Find it at REI.
Pacsafe Continental Wallet
For something a little more fashion-forward, try the Continental wallet. With the same well thought out organization as the V250 the Continental can go from the Inca Trail to a 5-star dinner without breaking a sweat.
Find it at REI.
Best Compact RFID Wallet
VaultSkin, the same company that makes the VaultCard also make an extensive line of RFID blocking accessories. The Manhattan Slim Bifold a classic choice for the stylish minimalist.
If you prefer something with a zipper check out their Notting Hill Slim Zip Wallet.
Best RFID Blocking Sleeves
If you don’t want to get a new wallet or travel organizer, just buy a few RFID blocking sleeves to put your cards and passport in. They are fairly inexpensive and won’t add too much bulk to your luggage.
Try the simple color-coded sleeves from Boxiki Travel. A set of 12 runs you less than $10.
Should you want a more do-it-yourself option you can always go the Tyvek or aluminum foil route. You can get sections of Tyvek online for a decent price. Plus, once you have it around the house, you are going to find it is great for everything!
I went more in depth about RFID blocking day packs in another article. But my top choice is the LOCTOTE Flak Sack. This bag is virtually indestructible, made to last. If you want more space, check out the Cinch Pack.
Summary: RFID Theft In A Nutshell
RFID stands for Radio Frequency Identification. RFID theft occurs when someone uses their own RFID reader to trigger the chip in your credit card; a process called ‘skimming’ or ‘digital pickpocketing.’ The card thinks it is being asked for information to carry out a sale. The reader receives information like the card number, expiration date, and in some cases your name. In the unlikely case of a passport being read the thief would only get whatever information is printed on your passport.
RFID chips (often called tags) embedded in credit cards, passports, packages and more, are triggered by a nearby RFID reader or scanner. This looks like the wireless tap pay machine at the store but can be much smaller or even be integrated into a phone. When triggered by a scanner the card transmits information necessary for a transaction; most often the credit card number and expiration date. Think of it as an invisible barcode system, only the machine doesn’t have to physically see or scan your card to process a transaction, it only has to be nearby.
In most instances, a thief would need to be within 6 inches of the card to read it. This might occur on a crowded subway, in a museum, or even while walking by you. A thief can then use your credit card number to make other purchases from less secure sources such as online or abroad.
Most experts agree that RFID theft is rare if non-existent in 2020. Credit card companies now claim that each card transaction is encrypted, requiring a one time token to complete processing. This means that even if a thief did skim your information it would only be good for one purchase. Additionally, when triggered by an RFID reader, most cards no longer transmit your name or the CVV code on the back of the card. RFID theft is possible, but what a thief can do with the information they skim is very limited. For passports, the Bureau of Consular Affairs asserts that a passport cannot be read by a nearby RFID reader unless the passport is physically open.
As we mentioned, RFID theft is rare to non-existant. However, if you want to play it safe there are a number of inexpensive-practical options. A RFID blocking card, like the VaultCard is military grade and takes up almost no extra space. You can also get RFID blocking organizers like the Pacsafe. Or follow a simple zero-cost hack as we discuss below.
While RFID blocking apparel companies might disagree, it has been proven by clever individuals that foil works just as good as official RFID blocking materials to deter RFID theft. See the video below for a demonstration. Read above for further discussion.
RFID theft is a misunderstood risk associated with modern technology.
While it is theoretically possible to steal someone’s card information using RFID skimmers, the data they get would be missing the necessary identifiers to carry out large scale fraud or in most cases even a simple transaction.
Modern RFID chips transmit encrypted data without name identifiers making it near impossible for a thief to use your information.
Still, most people would rather be on the safe side. If you are one of those people you can either get an RFID blocking wallet, card, or sleeve; or use a few simple hacks.
Both aluminum foil and Tyvek have been shown to block RFID frequencies to help ensure the security of your cards and passports.
Remember, preparation and vigilance are always the best theft prevention.
How will you protect your information while traveling?