Some security experts fear contactless card technology, which uses radio-frequency identification (RFID), opens consumers up to a whole new form of identity theft. As a result, several retailers sell RFID-blocking wallets, claiming they can keep your card information safe from fraudsters with sophisticated card readers. But is it really worth it? Here’s what experts say.
Innovations in credit card technology are making it easier and easier to pay, while also increasing transaction security.
One development that has been catching on lately is radio-frequency identification – RFID for short.
RFID technology allows cardholders to make a payment by just bringing their card close to a card reader. This contactless approach has caused some security experts to fear it also opens consumers up to a whole new form of identity theft.
As a result, several retailers sell RFID-blocking wallets, claiming they can keep your card information safe from fraudsters with sophisticated card readers. But is it really worth it? The facts say no.
See related: Contactless cards get crucial boost as Chase embraces tap-and-pay
How RFID credit cards work
RFID has been around for a long time and is a term used to describe technology that uses radio frequencies for things like scanning items at a grocery store or giving you access to your office via a key fob.
With credit cards, the particular type of RFID technology used is called near-field communication (NFC).
You may have heard that term before because it’s the same technology mobile wallets like Apple Pay, Samsung Pay and Google Pay use. Instead of swiping your credit card or inserting it into a card reader, you bring your card or phone close to the reader – typically no more than a few centimeters – and the NFC chip and antenna send the card information via radio waves.
“Waving, as opposed to swiping, means the hardware never touches and makes for a slightly more convenient transaction,” says Robert Siciliano, a security awareness expert and CEO of Safr.me.
NFC technology also uses tokenization to replace the actual card number with a unique set of numbers and characters for each transaction, making it impossible for a thief to link it back to the original account information.
The token is also valid for only one transaction, so even if someone were to get the information, it can’t be used again.
Within two years, half of all U.S. payment cards will be equipped with NFC technology, according to Randy Vanderhoof, director of the U.S. Payments Forum. The complete migration to contactless cards can take up to five years.
Which credit cards have RFID technology?
American Express, Capital One, Chase, Citi and Wells Fargo all offer contactless technology, although not necessarily on all of their credit cards.
If you have a card with one of these issuers and aren’t sure if it’s equipped, check for a symbol with four curved lines that look like radio waves on the front or back of your card.
If you don’t see the symbol, you can also call the card issuer to double check.
See related: How to reduce your fear of cybercrime, and protect yourself
What about RFID fraud?
Since credit cards began offering contactless credit cards, consumers and experts alike have worried that the new technology could make it easier for thieves to get ahold of credit card and other personal information.
All they’d need, for instance, is to stand next to you in the subway or another crowded place with an RFID-equipped card reader and place it close to your wallet.
This is where RFID-blocking wallets come into the picture. Using a mesh material made up of small conductive wires, these accessories can block external electromagnetic fields, such as one created using a credit card scanner, from communicating with the NFC chip and antenna in your card.
But if you’re concerned about this happening, don’t be. According to Siciliano, researchers have been able to expose vulnerabilities in RFID credit cards in controlled environments. But “there have been no documented cases of someone actually using [an RFID] reader to steal a credit card,” says Patrick Sweeney, author of “RFID for Dummies.”
Even if an identity thief did manage to commit RFID fraud, there are a few things to keep in mind.
“The wireless communications between the card, mobile or point of sale are generally encrypted,” says Siciliano.
This means fraudsters wouldn’t be able to access your credit card number, billing information or name. Instead, they’ll get a token they can use only once. And if they do manage to create an unauthorized transaction, you’ll be covered by your credit card issuer’s fraud protection.
Even if this is all theoretically possible, the Identity Theft Resource Center doesn’t consider RFID fraud a threat, especially compared to other forms of credit card identity theft. So unless you have your eye on an RFID-blocking wallet because of its design or look, you’re likely better off with a regular one.
Stay vigilant with other forms of credit card fraud
Because RFID fraud is virtually non-existent, RFID-blocking wallets may create a false sense of security. It’s important to be aware of and protect yourself against more threatening forms of credit card identity theft.
In 2017, for instance, account takeover fraud tripled from the previous year, according to Javelin Strategy & Research. This happens when a thief gains access to your credit card account through a data breach, malware or phishing and uses it to make unauthorized transactions.
To reduce your exposure to this type of fraud, make sure to use complex passwords and a password manager, so you can have a unique password for each online account.
Also, be wise about how you use your credit card online.
“There are a lot of websites out there that look almost like a legitimate retailer,” says Vered Gottesman, vice president of marketing at e-commerce fraud prevention company Forter. “But in reality, they’re a fake website that has been established just to collect credit card numbers and personal information.”
Also, websites that aren’t secure and phishing emails can leave your information exposed to people who want to do you harm. Avoid shopping on websites you’ve never heard of before or that don’t have an address that begins with HTTPS.
If someone asks about credit card information over the phone or in an email, hit the brakes.
“Never ever take a call or reply to an email about your credit cards without verifying the source,” says Sweeney. “All your credit cards have dedicated numbers, and if someone calls you to verify information, offer to call them back on the number shown on the card.”
Other tips include:
- Watch for card skimmers at the gas station and ATM.
- Don’t send your credit card information in an email or text message.
- If your credit card issuer offers the feature, use virtual credit card numbers for online shopping.
- Use a virtual private network (VPN) when browsing on a public Wi-Fi network.
- Report fraud to your card issuer as soon as you get a whiff of it.
Be extra careful if you juggle lots of cards
If you’re a credit card enthusiast who enjoys having multiple credit cards with various rewards and perks, Gottesman suggests making sure that you can still easily monitor each account for fraud. If it’s too overwhelming, it may be worth closing some accounts to make it more manageable – just keep in mind that closing card accounts can lower your credit score by increasing your credit utilization ratio and lowering your average age of accounts.
There’s no way to entirely eliminate the chance of falling victim to credit card fraud, but these precautionary measures can help keep you safe.