Thieves can theoretically capture data from your tap-to-pay card. The chance is small, but here’s what you can do about it.
Security expert Craig Coats is in the business of testing the hackability of RFID cards to understand just how vulnerable the cards we use are to theft.
His office at Assero Security has all the equipment needed to skim credit card information and make counterfeit cards.
RFID cards never need to leave your wallet to be used. You just wave them over a reader to pay. But, just because they’re safely tucked away doesn’t mean their information can’t be stolen and copied onto new cards.
“This is an RFID card that we purchased over the Internet,” Coates explains, holding up a blank white card. “These are available for pennies online in bulk, and combined with a low-cost RFID reader-writer, that’s all one needs.”
Using one of these readers hidden in a backpack or briefcase, a thief can in theory skim the information from your RFID credit card just by standing close to you for a couple of seconds.
They can then pull up that information on their computer and encode it onto a new card.
“The finished product is a nice embossed card with raised numbers,” says Coats. “Looks official, feels official, and is ready to go.”
Though it may seem simple, this kind of theft comes with some obstacles.
First, the criminal needs to get within inches of the victim in order to read the card.
“There are plenty of hackers out in the world doing this, but the odds that you or I will cross paths with them sometime in our lives is pretty long,” he says.
Still, Coats suggests protecting yourself just in case.
An RFID blocking wallet or sleeve contains a wire or foil mesh that blocks radio signals. Some cost less than $10.
“A little bit of money can buy a lot of peace of mind,” Coats says.
If you favor security over style, one of the best protections is good, old-fashioned aluminum foil. It might not be pretty but it keeps your information safe.