Fraud risk minimal on canceled RFID chip card
Chips keep transmitting after accounts are closed, but data is worthless to crooks
By Tony Mecia
Dear Cashing In,
If I have a MasterCard that contains an RFID chip, and I close the account, does that protect me from scammers scanning my information? Is the chip no longer active? Or does it keep transmitting information that people can steal? -- Howard
In the old days, credit card fraud was pretty simple. Typically, it involved somebody stealing your wallet, or maybe getting hold of your account number to charge something.
Today, though, with the rise of online merchants and chip cards, fraud has not been eliminated. It has become more sophisticated. There are many more methods than simply picking your pocket. Thieves find it more lucrative to hack into computer systems or buy batches of stolen card numbers on illicit Internet sites.
And technology leads to legitimate questions such as yours. New processes intended to be more convenient and secure can open new avenues to criminals.
RFID chips are chips that card companies began putting in cards several years ago for contactless payments. The idea was that consumers could just wave the cards by a card reader at the cash register, and the transaction would go through. RFID chips, which use near-field communication (NFC), are a widespread technology: They are in parking cards that get you access to a parking garage. Veterinarians implant them into household pets for identification. Passports contain them to help with border crossings.
A lot of cards still have the chips, although card companies are moving in the direction of putting different chips -- EMV chips -- into cards.
One of the knocks on RFID cards is that because they transmit a signal at a distance of a few feet, they are susceptible to having that information stolen by crooks armed with the right electronic equipment. Experts have said this is technically possible, though rare.
When you close a credit card account, that does not turn off the chip in the card. It continues transmitting. So yes, Howard, scammers could still obtain that information.
However, they would not be able to use it, since your account is closed.
Justin McDonald, senior risk management consultant with The Fraud Practice, an anti-fraud consulting company, says that RFID chips transmit the following information (often encrypted): the 16-digit primary account number, the cardholder's name, the card expiration date and the type of card (MasterCard/Visa, debit/credit). None of that information will be useful to a criminal, because an attempted transaction using that information would be declined if the account is not active.
McDonald's best advice: "I'd recommend putting the card through a shredder, hitting the chip area with a hammer or doing something to damage the RFID chip before just throwing it away, if only to protect your name from being potentially compromised."
Sounds like good advice to me. The odds sound incredibly small that criminals could obtain anything of value from an RFID card if your account is closed. The odds are slight even if your account is open. But taking a hammer to your canceled credit card would certainly remove any doubt.
Meet CreditCards.com's reader Q&A expertsDoes a personal finance problem have you worried? Monday through Saturday, CreditCards.com's Q&A experts answer questions from readers. Ask a question, or click on any expert to see their previous answers.
Published: June 2, 2015
- Can you use US credit cards in Cuba? – Card transactions require internet service, and Cuba’s internet access is spotty ...
- How your card may reimburse canceled trip costs – Some cards offer trip cancellation protection, but you have to meet all the criteria ...
- Travel reward cards: How to avoid pitfalls – Canceling a rewards card after using the bonus can save money on the annual fee but also affect your credit ...