New credit cards with embedded RFID chips can pose a problem with security and identity theft
A team of cyber security researchers have revealed that hackers can mobile technology to use to steal credit and debit numbers from you while you’re in public. The cards at risk are enabled with radio technology that allows you to “wave and pay.”
Its as though while you are ‘waving and paying’ a hacker lurking in vicinity is secretly reading your payment card numbers and storing them. While you are unaware of such a risk, you may receive a 440 volts shock to see unknown payments at the end of the payment cycle in your billing statement.
Radio frequencies are all over the place but the frequency most smart cards (i.e. newer debit and credit cards) are in the range of 13.56 MHz (HF) the range can be detected between 10 centimeters – 1 meter (around 2 feet max).
If you have these newer cards, currently an attacker can only obtain the card number and the expiration date, not the three digit CVV security number which are required for some purchases. However it should be noted that a card number and expiration date could be put onto dummy cards and used at certain point of sale terminals that only require you to pass the card over the terminal for a payment (without the CVV requirement).
More and more of these RFID radio tags are placed into other documents including passports, employee badges which may hold more information and create potentially more problems when cloned especially in the case of employee badges which will allow access to secure buildings and the like.
So far the only known defense against these types of attacks are to create a “Faraday Cage” around the card (usually in the form of aluminum foil, or lining your pocket or wallet with a similar substance).
If you are victimized most cards like MasterCard, Visa, and debit cards have policies that say you’re not liable for any fraudulent transactions and you can be made whole, however this can take several days or weeks sometimes to get money back which has been stolen from your checking or debit card.
If you like the idea of mobile payments for now Apple Pay or Paypal can be viable alternatives since your actual card numbers are not stored on your iPhone or smart device and do not have any RFID.
The card companies were warned. Repeatedly. Nearly a decade ago. They ignored the warnings. They slandered and libeled the people giving the warnings.
Now we are here. Awesome.
The scanner would need to be within 3 feet of your card WHILE you are making the payment.
What’s the real risk here. How close would someone need to be standing to you with a card reading device in order for this to work. Under normal circumstances you would ask that person to please move because they would be practically hugging you to get close to your card.
What about when people are in a line to pay? I’ve had people closer than 3 feet when I’m in a line.