New credit cards with embedded RFID chips can pose a problem with security and identity theft
A team of cyber security researchers have revealed that hackers can mobile technology to use to steal credit and debit numbers from you while you’re in public. The cards at risk are enabled with radio technology that allows you to “wave and pay.”
Its as though while you are ‘waving and paying’ a hacker lurking in vicinity is secretly reading your payment card numbers and storing them. While you are unaware of such a risk, you may receive a 440 volts shock to see unknown payments at the end of the payment cycle in your billing statement.
Radio frequencies are all over the place but the frequency most smart cards (i.e. newer debit and credit cards) are in the range of 13.56 MHz (HF) the range can be detected between 10 centimeters – 1 meter (around 2 feet max).
If you have these newer cards, currently an attacker can only obtain the card number and the expiration date, not the three digit CVV security number which are required for some purchases. However it should be noted that a card number and expiration date could be put onto dummy cards and used at certain point of sale terminals that only require you to pass the card over the terminal for a payment (without the CVV requirement).
More and more of these RFID radio tags are placed into other documents including passports, employee badges which may hold more information and create potentially more problems when cloned especially in the case of employee badges which will allow access to secure buildings and the like.
So far the only known defense against these types of attacks are to create a “Faraday Cage” around the card (usually in the form of aluminum foil, or lining your pocket or wallet with a similar substance).
If you are victimized most cards like MasterCard, Visa, and debit cards have policies that say you’re not liable for any fraudulent transactions and you can be made whole, however this can take several days or weeks sometimes to get money back which has been stolen from your checking or debit card.
If you like the idea of mobile payments for now Apple Pay or Paypal can be viable alternatives since your actual card numbers are not stored on your iPhone or smart device and do not have any RFID.