RFID Skimming: Is the Danger Real?
Summary: Products such as “RFID wallets” claim to prevent frauds and scams like RFID skimming, in which thieves steal information off your chip-embedded credit card. Be wary of these claims; there are better forms of identity theft protection available, including dark web scanning.
Before You Spend Your Money on Anti-Skimming Products, Here’s What You Need to Know
You probably know that the embedded computer chips found in most credit and debit cards are meant to protect you from financial fraud. But you may have also heard of a scam called RFID skimming, where a thief steals the card number from your chip-embedded card just by walking past you. You may have even seen ads for products like “RFID wallets,” which claim to prevent this kind of theft.
What Is RFID?
Radio-Frequency Identification (RFID) involves the use of radio waves to read and capture information stored on an electronic chip attached to an object. RFID chips, or “tags,” can be read via scanning devices from up to several feet away. These chips have been used by businesses for years to manage inventory and shipments, as well as in access badges for security systems.
More recently, RFID chips have been used more on credit and debit cards, allowing the card to be read without being scanned through a machine. They have also been added to some passports and driver’s licenses. The idea is to improve convenience and security—sort of like grocery stores without checkout stations where your purchases and credit card are automatically read on your way out the door.
What Is RFID Skimming—and Should I Worry About It?
Some security experts have voiced concerns about a phenomenon called RFID skimming, in which a thief with an RFID reader may be able to steal your credit card number or personal information simply by walking within a few feet of you. It’s a scary thought, but how likely is it to happen? The truth: not very likely, for the following reasons.
- Most credit card chips are not RFID-capable. Today’s chip-embedded credit cards don’t actually transmit any information that could be captured without inserting the card in a reader.
- Contactless credit cards are encrypted. Even if you have a so-called contactless card, such as Visa PayWave or MasterCard PayPass, in which you simply hold the card next to a reader, this type of card securely encrypts the information it transmits.
- RFID skimming is not worth the effort for thieves. It’s time-consuming for would-be criminals to walk within a few feet of every potential victim. They consider it a hit-or-miss proposition, as it depends on whether passersby are using this technology and whether enough information can actually be stolen. It’s far easier and faster for thieves to steal huge quantities of credit card numbers and identities through Internet scams or by simply buying the information on the dark web.
How to Protect Your Cards and Personal Information
While RFID skimming should be the least of your worries, it’s important to take steps to protect against the very real threats of credit card fraud and other forms of identity theft.
Be proactive with automatic, 24/7 monitoring of your credit report and credit score, so you’ll get immediately alerted to any new credit card transactions or other financial activities in your name. And use a tool like IDX CyberScan, which searches all layers of the web, including the dark web, to see if your personal information has been exposed on sites where cybercriminals buy and sell stolen data.
Still feel strongly about getting RFID protection? There’s a cheap, easy solution: Researchers at Consumer Reports magazine found that while RFID wallets don’t always work, simply wrapping an RFID-capable card or document in a piece of foil works just fine.
About IDX
We're your proven partner in digital privacy protection with our evolving suite of privacy and identity products.