RFID, what a wonderful tool they've given criminals.

Some of you may have them, others might have yet to get them.

The new wave of consumer novelty convenience is taking off quite rapidly.
Have a look at your Credit Cards, Passport, Drivers License, etc. Depending on which country you're in, some of them may have RFID tags in them.

RFID is a remotely scanned chip, essentially replacing the magnetic strip on your cards so that you can swipe them without actually having to stick them in a magnetic card reader.

At airports and other traffic heavy checkpoints, they're being used to "speed up" the boarding process.
This won't last for long though. The RFID tag in the new American passports and other varieties of pass cards in other countries have lately proven to be easily tampered with.
A few self proclaimed hackers around the world have proven quite clearly various ways in which you can manipulate the RFID tag in these cards and passports. In one case, showing how easy it is to steal the identity of other travellers... and then going on to prove that they wouldn't be caught when using those stolen identities. Clearing the security checkpoints as if nothing was amiss.
They also went on to show how to disable and alter other peoples RFID tags so that they appear as red-flagged individuals.
(You get red-flagged and detained, while the criminal walks through security with your identity.)

Basically, it won't be long before more security checkpoints catch on and abandon the new RFID system and go back to physically checking your credentials.


Now for the scary part.
Credit Cards.

A number of credit card companies have begun selling cards with RFID tags in them. Capital One is the first one that comes to mind. I've been getting their "demo" cards in the mail on an almost monthly basis.
You likely have one in your junk mail pile.

Go ahead and open it, look at the card... of course the demo card doesn't actually have a working RFID tag in it, but look for the square spiral with the solid square in the middle... that's where the RFID tag would normally be on an actual card.
You've seen that before. Many stores use those to tag merchandise.

Here's the scary part; if you have one of those cards, I can walk past you with a $10 card reader in my pocket... and I've got your credit card number, the card holders name, and yes, the expiry date.

That's it. All I had to do was walk past you.
Now I can make purchases at your expense. Not that I would, I'm not that kind of a person, but you can see what I'm getting at.

Those cards don't come with security features on their RFID. Then again, when have credit cards ever had security, everything needed for theft was always written on the face of the card. But now, it can be stolen remotely.

If you're a skeptic like myself, you're probably thinking to yourself; "Why would a credit card company do something as stupid as broadcast my information wirelessly?"
I don't have an answer for you, that's a good question for you to ask them yourself.
I suspect though, that they did it for the same reason you might have purchased the card... it's a neat novelty and convenience you didn't have before.

Just because the card makers are bumbling idiots when it comes to security doesn't mean you have to be.


There are options.

1: Don't buy RFID enabled cards... or anything RFID enabled for that matter.

2: If you have an RFID enabled card, ask if you can have it exchanged for the classic model without the tag in it. (It can't hurt to ask).

3: If all else fails, a hammer will solve your concerns. I'm not joking! (I'd check with the company first to make sure you aren't voiding agreements... for legal reasons). RFID tags are controlled by an IC... hitting the chip (in the center of the square spiral) will destroy the chip itself, while still leaving the magnetic strip on the card in good condition.
You won't be able to smack your wallet against the paypass node any more and hear the cool little beep, but your information and finances will be safe. And the card is still good for swiping in regular card readers.

4: If smashing the IC is against some agreement you signed, then you can buy wallets that shield RFID cards from being read. They usually come with stainless steel linings in the wallets walls... heck, might be worthwhile to get one just to stop bending your cards anyways.
These wallets make it impossible to read the cards while they're inside. It's called the Faraday effect.
However, even with an RF shielded wallet you must still be vigilant, just as you would be with your pin number. When you remove your card from your wallet, make sure nobody's standing around you... and make sure there is only ONE card reader near you... other readers can be planted near counters and terminals for the purpose of stealing your RFID information.


This is not an exaggeration or a joke.
It is very possible for me to walk past you, and walk away with your life.

Ask for none RFID enabled cards in the future.