You may have seen wallets or backpacks advertising RFID shielding, a protective covering designed to keep malicious ne’er-do-wells from scanning any items that contain embedded wireless receivers, like certain credit cards and passports. Sure, RFID shielding does prevent unwanted wireless transmissions, but with so little evidence of RFID-based theft, combined with the security measures present in today’s RFID tech, it doesn’t seem to be a threat you need to worry too much about.
Radio frequency identification (RFID) technology is present in a ton of products, from the passive security tags stuck to the laundry powder to the card reader that scanned your credit card you used to pay for it.
The key card you use to get into the office every morning uses a form of RFID to communicate with the door’s access point, reading the information on the card and unlocking for you.
But the rumours of hackers wandering about with RFID-scanning equipment, skimming people’s cards for profit, is just fear-mongering. A whole RFID security industry has been built around the fear of people stealing your information from a distance, while the evidence supporting such claims is largely nonexistent.
Most examples of RFID-based theft originate from security researchers attempting proof-of-concept attacks. Videos of contactless card skimming are often years old and take advantage of security flaws. Scanning also requires both close proximity and special equipment like external RFID scanners.
When we asked Eva Velasquez, CEO & President of the Identity Theft Resource Center about the likelihood of RFID-based theft, she said there is little data supporting the claim. “Plus, thieves have better (and quicker) ways to obtain this info,” said Velasquez.
“For one, it’s cheaper for a criminal to buy credit card numbers on the Dark Web instead of purchasing a RFID scanner. They could also do some hacking and steal these numbers much faster than going person to person with a scanner.”
[referenced url=”https://www.lifehacker.com.au/2017/01/ask-lh-do-rfid-blockers-actually-do-anything/” thumb=”https://www.lifehacker.com.au/wp-content/uploads/sites/4/2017/01/iStock-187934619-768×432.jpg” title=”Ask LH: Do RFID Blockers Actually Do Anything?” excerpt=”Hi Lifehacker, a lot of people are trying sell RFID blockers to protect your card against getting skimmed via paywave while you are out and about. I was wondering if this was a thing that can actually happen or if they are just scaremongering to sell a product?”]
Contactless cards rely on one-time-use codes generated for each purchase, making it much harder to duplicate and use a scanned card. If you just don’t like cards, both iOS and Android offer contactless payment in the form of Apple Pay and Android Pay, respectively. Since both payment options use NFC, a particular version of RFID and require further authentication from the user, it’s unlikely hackers will get any valuable information from your phone.
If you’re still worried about someone snatching your personal information, there are ways to protect yourself without spending stacks on a RFID-blocking wallet. RFID blocking sleeves can protect individual items, like credit cards and passports (which already have an RFID shield in the cover), while leaving the rest of your belongings as they were.
They’re cheap and you can score packs that protect multiple cards as well as passports for under $10.
Now, there is one reason you might want to consider some RFID shielding tech, or snagging an RFID shielded wallet. One might find it useful if only to stop two contactless card from transmitting simultaneously.
In his review of the $US69 ($94) Waterfield Finn Access RFID wallet, The Verge’s Vlad Savov used its RFID shielding capabilities to shield the transmission of his bank card while allowing his Oyster card to sit in the wallet’s unshielded outer pocket, making it easier for him to pay for transport without confusing ticketing machines.
In short, save your money when it comes to RFID security. The threat is virtually nonexistent and hackers have better ways to gain access to your information, whether through card skimming ATMs or by purchasing information from database leaks.