I went shopping today for my little brother’s high school graduation present, because I’m a terrible sister who thought she had until Thursday when the ceremony is in fact on Tuesday. Sorry bro! Also, if you’re reading this, stop because I’m gonna detail what I got you and it’s not super awesome or anything so please let the surprise be part of the joy.
Anyway, right. I’m someone who takes internet security very seriously. Partly because i watch the news too much, partly because I’ve read Little Brother by Cory Doctorow and partly because my fiancee knows his shit when it comes to computers.
I also take my credit cards very seriously. So, when I went to buy my little brother a fancy-wallet I could stuff some gift cards and cash in as a grad present, I was surprised to see that RFID protected wallets and passports are a thing. I kicked myself so hard for not ever even thinking about protecting my card like that.
For those who don’t know, RFID (Radio Frequency Identification) is a part of a lot of tap-and-go credit cards. You can see if yours is equipped, like mine bloody is despite my protests, by a symbol that looks something like this:
The convenience of the tap-and-go is lost on me because I have never used it, but the danger is that a savvy criminal can access using a scanner even when the card is snug in your pocket. It’s known as RFID skimming and Wikipedia defines it thusly:
RFID skimming is a form of digital theft, which enables information from RFID based smart cards to be read and duplicated. It can be used as a form of wireless identity theft or credit card theft among other forms of information theft. Typically it works by illegitimate reading of RFID chips at a distance using an RFID reader device, which downloads the card information. From there, it can be written to a new blank card, which then operates in the same manner as the original legitimate card. Because the data is identical on both cards, and the information is only copied, it makes no difference if the original data is encrypted or not.
RFID skimming has been demonstrated as far back as 2008 and as recently as 2013, however levels of theft are difficult to determine, as victims typically do not know how their card data was compromised.
I thought “OMG, I need to buy this wallet for my brother to keep him safe! And while I’m at it I should get one for me! How did I not know this is a thing?! I watch Mr. Robot for fuck’s sake!”
Also, i was kind of dumb because I thought the chip in my chip-debit card was something that could be read by one of these scanners, which my brilliant partner was quick to point out. And so began the deflating of my “I’m so smart and protected now” ego.
The bottom line is that I’m not sure if I got ripped off.
I mean, I know the thing works, it’s just a Faraday cage that blocks the radio signals emitted by a scanner from interacting with your card. Technically, you could just wrap your phone in tinfoil for roughly the same effect. You’ll just look a little crazy, and it’ll be a touch inconvenient to have to unwrap it like a chocolate bar every time you actually want to use it.
What makes me think it was maybe a dumb purchase spurred by my own paranoia is that I keep reading the same thing from a lot of smart people on the internet. And that thing I keep hearing, is that it’s most likely too much hassle for someone to be standing around scanning individual credit cards. A smart criminal would just find a way to set up an ATM skimmer, which is a whole other story.
I’m not looking to make a solid point on either side of this argument, I just haven’t written in a while and I want to think this thing out in the best way I know how. To write out what I’m thinking so I can remember the thoughts long enough to actually research them.
Also, I figure if this was news to me, maybe I can help one or two other paranoid losers like me think twice about their personal financial security.
Either way, I have an RFID protected wallet and in a few days my freshman brother will too.
You better not have read this before Tuesday, dude.