How to protect your credit card with RFID chip from unauthorized scans

According to latest estimates, more than 1 billion credit cards and IDs have been released with an RFID chip in the recent past. You may have heard about the new payment form that many larger retailers in the US support. Just wave with your credit card at the counter in close proximity to a payment station and your credit card information are automatically transmitted to the payment processor. That is in theory a great system as it simplifies and speeds up payments when you make purchases.

But since you just have to hold your credit card near the station and do not have to enter any form of authorization, what's keeping third parties from exploiting the signal that the credit cards emit? The answer is next to nothing.

If you have the right set of tools, and you can get your hands on them for about $100 online, you too can retrieve the credit card information, including the credit card number and expiration date from any card that is having an RFID chip and that is not protected by its owner. The one hindrance is that an attacker needs to get real close to the location of the credit card, usually within 2-4 inches. That's not a problem though if you are standing in line or in crowded places.

Find out if your credit card has an RFID chip

To find out whether a credit card has an RFID chip, you can look at the card to tell if it does or does not. If you see the marked symbol on the image below, it is supporting RFID. Also, if the card says PayPass, payWave or blink, it also has RFID capabilities.

Read also:  Avira Password Manager review

rfid credit card

What the credit card companies say

Visa, MasterCard, American Express and other credit card companies have stated that RFID technology is safe, and that state of the art fraud detection prevents abuse of the system. Field tests however have shown that the system can still be exploited, for instance with a kit that is recording the information and creating a duplicate of the credit card.

Protect your credit card from leaking information

If you do not use the new payment options at all, you can ask your bank for a credit card without RFID chip. While costs may be involved, it is the best way to make sure no one is able to read your cards data. If that is not an option, you could alternatively try and remove the RFID chip from the card but that is leaving visual signs of tampering which may get you into explanation troubles. You could alternatively try to smash the chip with an hammer to destroy it.

You can also buy protective sleeves for your cards and IDs that block the signal from being picked up, or use tinfoil as a low cost alternative for that.



Closing Words

I just asked a few of my friends whether they know if their credit card has an RFID chip on it, and only one knew about it. What about you? Do you know if your cards support RFID?

Please share this article

Facebooktwittergoogle_plusredditlinkedinmail



Responses to How to protect your credit card with RFID chip from unauthorized scans

  1. Marc August 21, 2012 at 11:00 am #

    Yes, I know that two of my cards contain PayPass chips. I've used one during a vacation in the US, in Germany there are only very few POS with support for those cards.

    I'm wearing my wallet in a front pocket of my shirt, so it's quite hard to get into the cards proximity without me noticing. I always take out other RFID cards when using them, so that no potentially tampered readers for other purposes (such as public transport tickets or door keycards) can read my credit cards along the way. Besides, I am in fully control which PayPass card is actually used when taking it out to wave in front of a payment device.

    Since unauthorized charges can be easily disputed with the credit card company, I am not too worried about the cards at this time. Because of my cards are also being protected by SecureCode for online use and mandatory PIN entry for POS use, making counterfeit copies of my cards using the card's visible information (card number, expiration date, CVC) seems like a somewhat pointless idea.

    Merchants accepting the cards without the proper security mechanisms (SecureCode/PIN entry) will be the ones to have discussions about chargebacks in this situation.

  2. DanTe August 21, 2012 at 1:09 pm #

    I read somewhere that putting the cards in a microwave nukes the chips. Anyone tried it?

    • Martin Brinkmann August 21, 2012 at 2:26 pm #

      Dante that works, but the card could catch fire in the process, so it is not really recommended.

    • Wally August 21, 2012 at 2:51 pm #

      I've done this, but it leaves a suspicious-looking burn mark where the RFID chip is embedded.

      My current approach is to find the chip by looking for a small square protrusion, and whacking that with a hammer and punch a couple of times. Test it next time you go to the store, and if it still works whack it again.

  3. Marc August 21, 2012 at 1:14 pm #

    I would only recommend trying that when you're also willing to risk destroying the chip connected to the contacts on the card's front which is used in an increasing number of POS terminals. Keep in mind that the magnetic strip is becoming more of a back-up method for reading the data and is going away some day.

  4. Karl K August 21, 2012 at 3:02 pm #

    RFID chips do NOT EMIT A SIGNA all by themselves! They are passive devices (resonant circuits) that respond to "pinging" by an r.f. source from the card reader device on the vendor's counter. When "pingged" by the card reader, the passive circuit in the credit card responds with a train of data that is programmed into the RFID tag.

    Anyone who wishes to hi-jack that information would have to have a reader similar to those used by a vendor and a way to capture the info (along with a power source for all that equipment). It would be pretty obvious to all but the most spaced-out card holder that a situation like that "just isn't right"

  5. KRS August 21, 2012 at 3:55 pm #

    Someone got hold of my credit card information and ordered stuff on my account. Fortunately, the MasterCard computer caught it, but it was a bother getting the card reissued and updating all my mail-order information.

    I now use a Pacsafe RFID-blocking wallet. . Along with the peace of mind, I like it as a wallet.

  6. virtualguy August 21, 2012 at 5:52 pm #

    Apparently, the credit card companies and banks are willing to assume the risks. They are well aware of the fraud issues. In the U.S., consumers are only liable for the first $50 of any credit card fraud or theft. In most cases, they won't even ask you for that $50. It is a much bigger danger, however, with ATM cards, because that is YOUR money, not the banks. I don't know if the RFID technology is used on ATM cards. I hope not.

    • KRS August 22, 2012 at 2:28 am #

      My new ATM/debit card (Citibank) proudly trumpets its RFID "wave it over the terminal" circuitry.

  7. concernedofDC August 22, 2012 at 9:53 am #

    It is clear Martin is a true prophet of doom. He is obviously an expert with many technical qualifactions related to this topic, otherwise he would need to quote some3rd party academic references,and would never regurgitate inane mis-quoted rubbish.
    We should all take care to ensure we wear tin foil hats when we go outside otherwise the our brainwaves will be detected by the unseen black helicopters, this must be true becase you cannot prove otherwise. I must go now as some men in black suits and dark glasses are ringing my doorbell

  8. oldlb August 22, 2012 at 10:18 am #

    aluminium cases for cards advertised, would these offer protection?

  9. Coyote August 22, 2012 at 5:12 pm #

    ^Yes just about any metal or thick material would block the signals, As was stated you have to have the card within inches with no obstructions.

    However, with a powerful enough signal booster to act as a reader theoretically one could plant a device in the middle of a room and either fry or read every card that gets activated.

    A simple fix for this would be encryption that works off a synchronized key system that only authorized retailers/etc. would have access to.

    • oldlb August 23, 2012 at 8:31 am #

      aluminium case advertisement states "RFID friendly", so presumably would be useless

  10. Judith gretes August 13, 2015 at 3:49 am #

    Has anyone given thought that this may be the chip mentioned in the Bible

  11. Steven January 2, 2016 at 1:33 am #

    I have thought about that, how ever, i can say that it is NOT. Here are the reasons:

    1. It points out in Revelation that the mark will be forced unto us, and if we dont accept it. We would not be able to sell or buy.

    2. Just as in the days of Jesus, when he told his disciples that He would be taken from them for our sake. They did not understand what he was talking about Until it happened.

    You see when the mark comes we will know at that very second.
    With this chip called the rfid chip, it is NOT forced upon us and we can still buy and sell things with out the rfid chip.

    Hope this clears that up for you
    God bless.

Leave a Reply