A determined thief could intercept radio waves from a dual-interface credit card, but in practice it’s not worth the bother
Dear Cashing In,
I have an EMV card. How can I tell if it’s a “dual interface EMV,” which I understand are for contact and contactless transactions. I have been reading that if it’s the contactless type it can be hacked just by someone walking by with a RFID reader and in order to protect myself from hackers I would need to buy a secure sleeve. –Maria
It’s understandable that you’re concerned about card fraud. On a regular basis, we hear news about data breaches and identity theft, and we think about how to safeguard ourselves and our information, including our credit cards.
Contactless cards that contain radio frequency identification (RFID) antennas have been around for several years, but they haven’t become widely adopted because relatively few merchants have the equipment to process the payments from the card.
However, if you start looking around, you will see the contactless card symbol at more places than you might think, which designates that the merchant can accept contactless cards. That symbol is often described as a “wave.” The best way to describe it is a series of four slender, backward C’s that gradually increase in size from left to right.
|This symbol means a card contains RFID technology that allows purchases by tapping or waving the card.|
Some card issuers that are sending out cards with EMV chips are enabling them to work without contact with a terminal. You simply wave them close to the payment machine at the register.
There are different ways that bad guys can access your information. Using a reader and walking by you to skim information from a card that contains an RFID antenna technically is possible but is extremely rare. It’s even harder for crooks to pull off that feat if the cards have EMV chips, as opposed to older contactless technology.
The industry and anti-fraud experts say that contactless cards with EMV chips are more secure than earlier generations of contactless cards, because the 16-digit credit card account number is encrypted and useless to criminals.
“The information intercepted from an RFID EMV card cannot be used to make purchases online or to create a cloned card,” says Justin McDonald, senior risk management consultant with The Fraud Practice, which advises banks on card security. “It is possible that some personally identifiable information can be intercepted from an EMV RFID card, but it is not enough to use that card to make purchases.”
Video: Do you need a credit card RFID protector sleeve?
To find out whether your card has the contactless payments feature, you can start by looking at the card and seeing if it has the wave symbol on it. You can also call your bank. Banks are spending millions to fight fraud, because they want customers to feel safe using their cards. In addition, they typically have to pay for any losses associated with fraud, so they are especially motivated to find ways to stop it.
Randy Vanderhoof, executive director of the Smart Card Alliance, an industry group, says your bank will have better information on card security than alarmist Internet articles will.
“You should trust your bank or the brand (Visa, MasterCard) to explain the security of contactless cards, not random sites meant to mislead consumers into fearing they are at risk,” he said in an email.
That said, it is true that you can find all kinds of protective sleeves that make the remote possibility that somebody will steal your card information in this way even less likely. If it makes you feel safer, there’s no harm in using one.