RFID skimming fraud for U.S. cards grew more than 700% in the first half of 2022. Debit and Credit card fraud is huge business and according to the FBI, costs financial institutions over $1 billion dollars every year.
If you haven’t been a victim of this type of fraud yet, you’re very lucky. But it doesn’t mean it can’t happen to you.
Types of RFID Skimming
There are two types of RFID skimming. You may be familiar with skimming devices hooked up to debit machines or ATMs.
These illegal card-reading devices steal your card number and PIN number, allowing them to duplicate your card and then use it or sell it.
With the move to contactless payments, there’s now wireless skimming, where thieves can steal data from the RFID chip in your credit card, debit card, passport, and NFC chips in phones (allow for contactless payment from your phone).
What is an RFID Chip?
AN RFID chip is a radio frequency identification chip or tag that uses radio waves to read and transmit information stored in the chip. They’re read by scanning devices within a few feet’s distance.
It’s that little shiny rectangle on your debit or credit card, replacing the magnetic swipe you used to use. They’re also used in some passports, drivers licences, and ID cards.
It’s also replaced barcodes and is used in access badges, airplane baggage management, retail and supply chain management, transit systems, parking systems, prescription management systems, and automatic payment systems.
This technology is cost-effective, easy and fast to use but hackers learn quickly and their technology advances as quickly as the beneficial kind. Putting your money and identity at risk.
What’s the Difference Between RFID and NFC?
NFC stands for Near Field Communication, it’s at type of RFID that allows for short-range communication through radio waves between your smartphone or tablet and another compatible device.
Some phones can receive and send data (making them NFC active and passive), while others can only send data.
This is the technology that lets you pay with your phone instead of a physical card at a store checkout, using Android Pay or Apple Pay. You can also bump and automatically send info to another phone.
When you make a payment, it is encrypted with tokenization. Each payment also has a one-time code for extra security. RFID does not use encryption, so it’s not as secure as NFC.
Now some people believe that because of all this encryption and the speed a payment occurs that Apple Pay or NFC cannot be skimmed. Personally, I don’t trust that. Do you? There’s an NFC Proxy app to read this information and that’s just one app.
What is NFC/RFID Skimming?
Hackers, thieves, or skimmers intercept the radio waves from your device or card, or read the radio waves from your device. Once they have this information they can use it to spend your money, commit identity fraud, etc.
Here are two examples of how someone could steal your chip’s information.
1. You’ve pulled your credit card out while you’re in line making a purchase at your favorite store. The person in line behind you steps probably uncomfortably close, and pulls out an RFID reader device and intercepts or just reads your credit card right there.
This would likely be really noticeable to you but it might not on a crowded train.
The thief can now use that card for their own purchase or to max out your credit card. You may have personal settings set up to notify you of purchases made, or you may find out too late. Then good luck dealing with your credit card company.
2. Here’s another scenario. You’re having dinner in a restaurant or a coffee in a cafe with your wallet in your purse or your coat pocket. Unknown to you, someone at a nearby table has wirelessly scanned your credit card and used it without your card even moving from your wallet.
These are just two examples of many real threats we now have to deal with with these advances in technology.
What Data Can Be Stolen from an RFID Chip?
A hacker can get your credit card number, the expiry date, and your name from the card. Everything needed to make a duplicate card or sell your information online.
Passports and Licences will give personal information like your address, birthday, etc. Information making it possible to make a counterfeit passport. Here are some statistics of how big the identity theft business is.
Skimming Is Easy and Inexpensive To Do
Unfortunately, criminals can buy a skimmer or reader for less than $100 or buy inexpensive Apps on their phone. These apps are capable of reading RFID signals up to 15 feet away from you.
How to Prevent RFID Theft
The easiest way to protect yourself from this kind of theft is to buy RFID blocking products, like sleeves, pouches, or wallets. When your card or phone is inside this pouch, signals cannot reach it.
Faraday Bags
You can also buy Faraday bags like a backpack, duffel bag, cell phone bag, etc that will block key fobs, passports, bank cards, your phone and other electronics from hackers too.
You can read my post on the best Faraday bags that block all signals from and to your devices that offer complete protection from hacking and tracking. These are the same pouches used by the military and law enforcement.
Other Ways To Protect Yourself
Since you have to take your phone or cards out of your wallet or protective pouch to use them, you’re vulnerable to attacks. But you still have to use them.
Here are some ways you can protect yourself while using your cards or your mobile phone.
- Make sure no one is standing close to you while you pay at the machine.
- Don’t take out cash on weekends from ATMs (there’s more skimming devices connected on weekends when banks are closed).
- In general use your cards less on weekends.
- Use gas pumps closest to the attendant. They’re less likely to be tampered with.
- Turn on notifications with your financial institution. That way you’ll know as soon as there’s an irregular transaction.
- Always check your credit card statement for any strange purchases.
- Use cash instead of cards or contactless payments.
RFID and NFC Skimming Are Real Threats
RFID and NFC skimming are real threats. They cost people money, aggravation, time, and stress every day. Unfortunately it’s an easy way to scam people and hackers don’t need to be especially skilled in order to do it.
Knowing about this danger and taking steps to protect yourself will help you to avoid becoming a victim of this type of crime. Be aware of your environment, cautious, and use RF shielding technology.