Do You Really Need a Special Case to Keep Your Credit Card Safe?

rfid-blocking-card

By now you’ve probably heard of RFID blockers — those wallets, purses and other gadgets offering protection from hackers who can pluck your personal information out of thin air.

RFID, or radio frequency identification, chips are growing in popularity. But there’s something you need to know about those blockers before you buy them.

The rise of this industry coincides with the conversion of America’s credit cards to EMV, which will ultimately put a computer chip on every piece of plastic in your wallet. That’s no coincidence, according to the EMV Migration Forum, a group created by trade group the Smart Card Alliance to promote education and adoption of EMV cards.

“The ‘RFID blocker’ sales people are using the new cards with EMV chips to confuse cardholders into thinking that all EMV cards have RFID, and you need to block them,” said Adrian Riley, a spokesman for the EMV organization.

The fact is, you don’t. The new chips on your credit card almost certainly don’t emit radio waves. You can’t pay with your new chip credit card by waving it over a sales terminal; you have to insert it in the machine. So no one can listen to your personal information on such a card with a wireless snooping device. To put it more bluntly: EMV is not RFID.

When I set out to confirm this, I was surprised to find a lot of confusion online. That’s because there is a similar-sounding technology called contactless credit cards, which do use RFID and send a signal that an RFID blocker might defeat. There is also such a thing as “dual interface chip cards” that have both EMV and this contactless RFID capability.

But I’m willing to bet you don’t have one.

I was unable to find a precise number for how many of these are in the wild, but it’s a low number. (Some estimates I found suggest less than 1%.) The Smart Card Alliance notes in a 2015 white paper that contactless credit cards, first issued back in 2004, have suffered “sluggish adoption rates.”

I’ve never seen a contactless credit or debit card used by a consumer in the U.S. (They’re more common in Europe.) Some banks are thinking about adding RFID now that the EMV conversion is well under way, but other wave-and-pay systems like Apple Pay seem to have made contactless credit cards a technology that few Americans really seem to want.

I asked an RFID blocker company for help with understanding the prevalence of RFID, and a representative of the firm sent me to a blog post at Heartland Payment Systems, which says:

“Back to the magic chip reader question. Is it possible to read the data on an EMV chip from a distance? The short answer is, ‘not likely.’ EMV cards do use RFID. Similar to AM and FM radio bands, EMV chips utilize specific bands to communicate.”

This is all incorrect, according to the EMV Migration Forum. EMV does not equal RFID. Just because there’s a chip in your wallet doesn’t mean someone can sniff the data off it with wireless technology. (I asked Heartland about the post, written by a former employee last year, and didn’t get an immediate response.)

Here’s the bottom line: Some items you may carry do emit RFID signals under the right circumstances. Your newish passport does. Your employee badge might. If you carry them around all the time and are hyper-vigilant, perhaps you’ll enjoy RFID blocking technology.

Just know it does nothing to protect your new EMV credit card from hackers. And most important, while security researchers have demonstrated that RFID payment signals can indeed be hacked wirelessly, no one I know has found an example of this occurring on any scale in the real world. You have to be very close to the victim, and the data a hacker would steal is “disposable” and not very valuable, making this a very slow way to make money compared to all the other quick ways hackers make money today.

“I …want to emphasize that contactless payment technology doesn’t pose any risk to consumers,” said Riley. “Like contact chip cards, contactless chip cards generate a one-time-use code that can’t be reused. So even if a criminal managed to get their hands on the info, any captured data couldn’t be used to execute new transactions.”

How do you know if your credit card can broadcast data wirelessly? It has a logo called a wave that looks like radio waves. If your cards don’t have it, you don’t need an RFID blocking gadget to protect them.

Remember, it’s still important to monitor your credit or debit card statements regularly for fraud. And if you’re concerned about deeper identity theft, consider putting a freeze on your credit, which will prevent anyone from pulling your credit report, unless you thaw it. You can also monitor your credit for signs of identity theft, like a sudden drop in credit scores. (You can see two of your credit scores, updated each month, on Credit.com.)

More on Identity Theft:

Image: ronstik

The post Do You Really Need a Special Case to Keep Your Credit Card Safe? appeared first on Credit.com.

Do You Really Need a Special Case to Keep Your Credit Card Safe?

rfid-blocking-card

By now you’ve probably heard of RFID blockers — those wallets, purses and other gadgets offering protection from hackers who can pluck your personal information out of thin air.

RFID, or radio frequency identification, chips are growing in popularity. But there’s something you need to know about those blockers before you buy them.

The rise of this industry coincides with the conversion of America’s credit cards to EMV, which will ultimately put a computer chip on every piece of plastic in your wallet. That’s no coincidence, according to the EMV Migration Forum, a group created by trade group the Smart Card Alliance to promote education and adoption of EMV cards.

“The ‘RFID blocker’ sales people are using the new cards with EMV chips to confuse cardholders into thinking that all EMV cards have RFID, and you need to block them,” said Adrian Riley, a spokesman for the EMV organization.

The fact is, you don’t. The new chips on your credit card almost certainly don’t emit radio waves. You can’t pay with your new chip credit card by waving it over a sales terminal; you have to insert it in the machine. So no one can listen to your personal information on such a card with a wireless snooping device. To put it more bluntly: EMV is not RFID.

When I set out to confirm this, I was surprised to find a lot of confusion online. That’s because there is a similar-sounding technology called contactless credit cards, which do use RFID and send a signal that an RFID blocker might defeat. There is also such a thing as “dual interface chip cards” that have both EMV and this contactless RFID capability.

But I’m willing to bet you don’t have one.

I was unable to find a precise number for how many of these are in the wild, but it’s a low number. (Some estimates I found suggest less than 1%.) The Smart Card Alliance notes in a 2015 white paper that contactless credit cards, first issued back in 2004, have suffered “sluggish adoption rates.”

I’ve never seen a contactless credit or debit card used by a consumer in the U.S. (They’re more common in Europe.) Some banks are thinking about adding RFID now that the EMV conversion is well under way, but other wave-and-pay systems like Apple Pay seem to have made contactless credit cards a technology that few Americans really seem to want.

I asked an RFID blocker company for help with understanding the prevalence of RFID, and a representative of the firm sent me to a blog post at Heartland Payment Systems, which says:

“Back to the magic chip reader question. Is it possible to read the data on an EMV chip from a distance? The short answer is, ‘not likely.’ EMV cards do use RFID. Similar to AM and FM radio bands, EMV chips utilize specific bands to communicate.”

This is all incorrect, according to the EMV Migration Forum. EMV does not equal RFID. Just because there’s a chip in your wallet doesn’t mean someone can sniff the data off it with wireless technology. (I asked Heartland about the post, written by a former employee last year, and didn’t get an immediate response.)

Here’s the bottom line: Some items you may carry do emit RFID signals under the right circumstances. Your newish passport does. Your employee badge might. If you carry them around all the time and are hyper-vigilant, perhaps you’ll enjoy RFID blocking technology.

Just know it does nothing to protect your new EMV credit card from hackers. And most important, while security researchers have demonstrated that RFID payment signals can indeed be hacked wirelessly, no one I know has found an example of this occurring on any scale in the real world. You have to be very close to the victim, and the data a hacker would steal is “disposable” and not very valuable, making this a very slow way to make money compared to all the other quick ways hackers make money today.

“I …want to emphasize that contactless payment technology doesn’t pose any risk to consumers,” said Riley. “Like contact chip cards, contactless chip cards generate a one-time-use code that can’t be reused. So even if a criminal managed to get their hands on the info, any captured data couldn’t be used to execute new transactions.”

How do you know if your credit card can broadcast data wirelessly? It has a logo called a wave that looks like radio waves. If your cards don’t have it, you don’t need an RFID blocking gadget to protect them.

Remember, it’s still important to monitor your credit or debit card statements regularly for fraud. And if you’re concerned about deeper identity theft, consider putting a freeze on your credit, which will prevent anyone from pulling your credit report, unless you thaw it. You can also monitor your credit for signs of identity theft, like a sudden drop in credit scores. (You can see two of your credit scores, updated each month, on Credit.com.)

More on Identity Theft:

Image: ronstik

The post Do You Really Need a Special Case to Keep Your Credit Card Safe? appeared first on Credit.com.