Sometimes an invention can solve a problem. At other times, it can leave you wondering: Was this a problem to begin with? Think of the difference between a TV remote control and a Flowbee. Everyone likes to change the channel without getting out of the Barcolounger, but how many people want to cut hair using a vacuum cleaner?
In recent years, credit card companies have begun using RFID tags in selected cards to allow fast, contactless payments. Immediately, people began to worry about their credit card information being stolen. So someone invented "RFID-blocking" wallets. They claim to block transmissions from your credit cards, but what exactly are they blocking? Is it a problem? In other words, are these wallets more like TV remotes…or Flowbees?
What is RFID?
RFID stands for "radio frequency identification." In a nutshell, an RFID credit card has an electronic tag and antenna embedded that transmits the payment information to a reader. This same technology allows you to wave your gas card at the pump to earn rewards or drive through a tollbooth with your E-ZPass.
Imagine simply waving your card, Harry Potter style, in front of a device on the checkout counter rather than swiping it every which way through a magnetic stripe reader. Voila! Faster, easier, and no need to hand over your card.
But…if your card's vitals can be read through thin air, can you control exactly who reads it? RFID readers can be bought by anyone, cheap. As you're waving your card around, just how much should you be worrying about someone behind you - or behind the counter - secretly scanning and stealing your credit card data?
Why credit card companies like RFID
You may wonder why this technology is taking off for credit cards. Speed, convenience and, yes, security are key factors.
Jay Foley, executive director of the Identity Theft Resource Center, notes, "If you've stopped and taken a look at where cards are going now - where is the card reader at the grocery store? At Kohl's? At Saks Fifth Avenue? It's on your side - you, the consumer. Companies don't want their employees touching your card. And the readers are touchless - you don't have to worry about someone knowing which way to swipe, which way is up. You just wave it, and, boom, it goes."
Do you have an RFID-enabled card?
You probably can tell if your card can be used for contactless payments just by looking at it. Many of the financial institutions that issue credit cards have adopted a common symbol. "It looks like a radio wave growing in the distance," says Randy Vanderhoof, executive director of the Smart Card Alliance, an industry group for businesses using smart-card technology.
While many use this symbol, it's not universal; JPMorgan Chase's Blink cards have a unique branded logo.
Don't have one yet? Vanderhoof notes that the popularity of cards varies by region. "It's up to the merchants to decide if they're going to accept the cards, and it will depend on whether the local financial institutions provide them." So, depending on where you live, contactless-payment cards may be old hat or still a new idea.
Are RFID chips secure?
One barrier to acceptance by consumers seems to be security concerns. Local TV stations have done stories showing how the scanners work, and raising eyebrows when in one case the news team was able to use a device to read bystanders' card numbers.
So far, there have been no reported cases of identity theft using RFID readers. But Dr. Marjie Britz, a criminal justice professor at Clemson University, in South Carolina, says it is "naive" to assume that it hasn't happened. She points out, "The vast majority of individuals who have had their identity or personal information compromised do not realize it for a significant period of time," and therefore it's difficult to know when, and how, the theft occurred.
Risks are inherently limited
But Foley isn't particularly concerned by the current risk. He notes two limitations - the distance at which readers work and the data available on the credit card. Card readers work up to a distance of two to four inches. "Yes, I can read someone's card by picking up a scanner and walking two to four inches behind them - if I don't get punched first," Foley says with a laugh.
Then, the potential thief has a limited time to use the information, Foley explains. That's because the transmission generates a unique code, which is discarded the next time you use the card.
Finally, RFID chips don't transmit sensitive information such as your card's security code or your address or phone number.
What about RFID-blocking wallets?
RFID-blocking wallets are an evolution of law-enforcement technology. Britz says these "Faraday devices" - bags, cages and wallets - act as an electromagnetic shield and are often used to protect electronic evidence. To get a peek at some of the devices used for forensics purposes, look at Faraday-Bags.com's "Black Hole" line.
Britz notes that these types of items, including ones for consumers, are coming down in price. ThinkGeek.com's offering runs about $20.
So should you be afraid?
First, heed Britz's observation: Many victims of identity theft don't realize it for some time. No matter how your data is stolen, you are protected by your card's zero-liability policy, mandated by the federal government, as long as you or your credit card issuer catches the suspicious activity in time. But to catch such activity, you must monitor your card activity regularly.
Still concerned about RFID tech? Britz suggests avoidance. "It suffices to say that avoiding cards employing RFID technology eliminates that possibility (of identity theft) completely."
Or, you could upgrade your wallet. After all, Foley concedes, "They look kinda snazzy."