Is it possible for thieves to pickpocket you without actually picking your pocket a more discreet and no sweat way? Without stealing your wallet and running away? Disturbingly, it is possible! A cheap RFID reader or an RFID reading app in a smartphone is all they need. In just a few seconds, they can steal your identity and make falsified purchases in your name. You’ll be footing the bill for someone else spending! What’s more terrifying is these kinds of thieves lurk almost anywhere, in train stations and shopping centers. How are these hackers able to do these? What can you do to protect yourself?
The exploitation of RFID loophole
Radio Frequency Identification Device known as RFID is commonly used for warehousing application which primarily allows packages and pallets to be tracked. It is a technology that makes automatic payment on toll roads. Around 2004, passports and certain credit cards adapted the technology and introduced faster scanning and contactless payments. For almost a decade now, RFID had become popular in the financial services industry. These chips are supposed to make life easier, but there’s more things that need patching up to safeguard people who are using RFID.
When E-passports were introduced, there had been a growing concern about traveler’s personal details. Passports these days have a small gold emblem (it looks like a rectangle with a circle in the center) at the bottom of the front cover. Most countries have these integrated RFID chips embedded in passports that enable it for RFID scanning. These chips contain miniature electromagnetic fields that make it possible to readjust with proximity, no initiate communications needed. It holds the electronic version of passport data, the owner’s photo, and fingerprints are said to make it easier for the immigration officials to process your information and identify you.
In the 2011 document made by the industry newsletter Nilson Report, most of U.S. credit cards contain RFID contactless chip cards and over 35 million of these cards are in circulation. Looking at your credit card now it’s a bit hard to tell if it has a built-in RFID chip since only some have visible markings. The radio-frequency-identification chip markings could be a text with the words PayPass, ExpressPay, Blink, or payWave or four curved lines stacked like the WiFi symbol only sideways. Instead of swiping the card or inserting it into a terminal like the standard check out with RFID embedded cards you can make payments by just touching the card to the scanner. While these features are making shopping easier, the convenience comes with an unimaginable risk.
“RFID chips are basically tiny two-way radios that are so small they can fit inside a credit card, a clothing, the inside of a shampoo bottle cap, etc.,” Walt Augustinowicz, CEO of the RFID-Protection company Identity Stronghold expressed. “The chip, essentially a transponder, carries identifying data and can be queried and read, or ‘sniffed,’ at a distance.”
There is no off button for the RFID chips and that’s what makes it more vulnerable to attacks.
How the stealing works?
Digital thieves can download an RFID scanning app on their smartphones. These devices are similar to the scanners used by vendors in grocery stores. RFID readers can also be bought from eBay for only $50. Once installed and enabled, it can pick up the signal transmitted by the RFID chips in cards. After skimming the information, it is then transferred to a $300-$400 machine that will replicate it to a card. It takes some skill to work on the replicating but a detailed step-by-step outline can be learned after a simple Google search for ‘credit card RFID hack’. It will give amateur hackers tutorial and demo videos result. How unnerving.
“Being able to get the most important information around you allows a criminal to take over an account,” said Steve Casco, CEO of Cardnotpresent.com. “They can call up an entity — a Netflix, a bank, a school — and give all your information to the customer service rep on the other end, and now it’s under their control. They can do things that you have no clue about.”
Security Firm Flexis did a demonstration of how a scanner can pick up an RFID signal with a distance of only 69 feet away. It can pick up wireless signals that are transmitted when a card is being used.
“The device can read many different RFID tags- including MiFare Cards, EMV Cards, and many types of RFID tags,” David Bryan, a Chicago Trustware security specialist stated. “It works with many Near Field Communication tags and devices.”
When did the number of credit card and identity theft blow up?
The U.S. Department of Justice released its data on credit card related theft and financial crimes between the years 2005 and 2007, the most recent data (according to DOJ’s official Freedom of Information Act). It’s no surprise that the data showed an increased rate of debit and credit card issuance that correlates with the increase in financial crimes. As the rate of the issuance increases, the credit card theft follows suit.
Principal analyst at ABI Research, Phil Sealy stated that around 26 million RFID embedded cards were issued in 2006. It’s roughly around 550 million payment cards in the U.S. For other countries, the numbers are said to be higher. U.S. passports issued starting 2006 have these RFID chips. In the United Kingdom, there is a rise of 79%in online fraud cases three years after switching to chip cards. The rate is doubled in Canada and Australia.
“The rate of online fraud is increasing faster than the rate of e-commerce transactions in the United States,” stated Al Pascual, director of fraud and security at Javelin.
In 2011, credit card companies responded to the alarming widespread of electronic pickpocketing. Nevada’s Attorney General issued a consumer advisory understating the risk of RFID-enabled cards that are vulnerable to electronic pickpocketing.
“I understand why credit card companies downplay the risks their products pose to cardholders and the boon they present to electronic pickpockets,” Augustinowicz, CEO of Identity Stronghold declared “but I’m baffled by the idea that federal law enforcement agencies can take a more than 30-percent spike in credit card information thefts as their cue to stop collecting data and making current statistics available.”
The online database of The Federal Trade Commissions compiled over 13 million consumer complaints from 2012 to 2016. Of the total number, 13 percent were identity theft related complaints. That’s around 1.3 million. Florida, Georgia, and Michigan were on the top with the highest per capita rate of reported fraud. The most common fraud reported was employment, tax-related, and identity theft. Michigan, Florida, and Delaware were the states with the most cases of identity theft reported.
“There is not enough emphasis placed in their online channels from a consumer perspective,” said Angel Grant, director at network security firm RSA. “People are now shopping from all different types of devices, not just a PC. From a user-interface perspective, they’re designed to be optimized, but not from a security perspective.”
Between now and 2020, the number of hacked credit card fraud is predicted to rise higher than it already is. Criminals are rushing to get the most out of the loophole in these credit cards before newer systems are established to recognize the fake replicated cards. According to firm Norton, almost 70% of credit card will be defenseless to digital pickpocketing in the coming years.
Iovation/Aiete group, a financial industry consultant, conducted a study and interviewed 16 of the biggest debit and credit card issuer in the United States as well as, four largest payment processors.
“It is going to get worse. … There’s still tons of fraud opportunity out there,” Julie Conroy, research director at Aite Group expressed her worry. “Criminals aren’t going to get honest and get new jobs. They’re switching tactics and focusing on other areas.”
It seems like this fraudulent way is not going away too soon.
“I doubt we’ll ever get to that point where fraud is diminished,” said Seth Ruden, a senior fraud consultant at ACI Worldwide. “We’ve created greater opportunity for fraudsters to manifest a presence in our world, and that’s the kind of place we’re at now — they’ve done what they needed to do to secure their position in our economy.”
How to prevent being electronically robbed?
There is a device called Faraday cage, it protects your information by stopping the radio waves from both directions. It sounds like the perfect solution but the only problem is it can get too bulky, so it’s out of the picture.
Credit cards had developed additional security questions and security codes that change after a single transaction. Researchers have a divided opinion about this, it limits the damage but there is still the risk. There is still the possibility of a thief stealing the data and using it right away for a purchase.
Chase Bank claimed that they are discontinuing the use of radio technology on their cards. For bigger attempts, companies are finding ways to prevent RFID scanning. Others are recommending to stop RFID technology altogether. They had proposed alternatives such as android pay that uses NFC, a more convenient and safer alternative. But these are all ideas that yet to materialize.
One obvious way to prevent this kind of theft is to prevent criminals from reading your card or passport. You can remove the RFID chip and destroy it by microwaving it for a few seconds but with this, you cannot use it anymore. Another alternative would be to wrap your card in aluminum foil, it will block the scanners and you can just remove the foil when you want to use your card.
Consumer Reports in 2011 found that wrapping credit cards with tinfoil can prevent illegal RFID scanners to steal the card’s information, while effective, it a bit unstylish. Another option is credit card sleeves. These products are made of high-density polyethylene fibers. Sounds expensive but is actually not. It can be bough with only 50 cents, a better option and added security than tin foil. But these are only for cards, how about for passports? What if you have many cards and these sleeves are a bother to you? Well, there is something bigger that can cater to that.
Messenger Bags for Men and Women
With the growing threat of electronic pickpocketing and RFID security issues, companies had been selling more products with RFID blocking feature. Tech-savvy accessories had emerged to address the concern of consumers about identity theft. Clutch purse, jeans, wallets, passport pouch or holder, money belts, and the RFID blocking messenger bag for men and women. Let’s list down the reasons why the latter is the best choice.
- A world-renowned IT security pro designed these messenger bags. It was developed after traveling the world finding the solution to data security issues, an actual security and not just a mere illusion of it.
- You don’t have to change your SSN from time to time or hire an attorney for a clean credit; you can protect yourself with this messenger bag that can prevent identity theft with its RFID blocking compartments.
- It’s spacey but not too big it’s uncomfortable to carry. You put in your 10” laptop, iPad, Tablet, cellphone and still have space for other travel essentials. This travel bag is one tough baggage that provides your valuables cushion, care, and security.
- Take all your items in one bag! No need for a slim RFID blocking wallet or a laptop bag. TygrsEye Crossbody messenger bag is an all in one RFID travel accessory. An ideal choice if you tend to go over the baggage limit. It is also lightweight and made of sturdy materials that are hard to slash-resistant.
- It is guaranteed to protect all your precious belongings especially your passport and credit cards. Try it and see for yourself. You’ll feel safe storing your items in it or your money back. Get yours now for only $39.97 and never worry about being a victim of RFID scanning thieves.