The theft of credit card information can occur in a variety of ways, but one of the most surprising may be the loss of information to hackers while your card sits unused in your purse. Referred to as wireless skimming, this type of theft has been made possible by the integration of a small chip that turns a traditional credit card into a smart card.
Vulnerabilities of RFID Cards
Credit cards vulnerable to wireless skimming are those that contain an embedded RFID chip and antennae that broadcasts much of the card information contained on the magnetic strip of a standard cards to an RFID reader to facilitate a transaction. These cards are marketed for their convenience, but the same technology also makes the card vulnerable to being compromised by hackers. To find out whether you have a card with an embedded RFID chip, check for the following trade names; AMEX ExpressPay, MasterCard PayPass, VISA PayWave or Discover Zip. You also can look for the pie-shaped logo for RFID capability, which is designed with either 3 or 4 curved lines.
Wireless Skimming Tools
RFID signals can be scanned by readers that can be purchased online for less than $100. The signal emitted from the card can be read at a distance of up to three feet, but equipped with an antenna that can magnify the signal, RFID signals can be read from a distance approaching five feet. These readers can be concealed in a briefcase or a backpack. Smartphones can be turned into RFID readers as well, simply by downloading a free app. However, a smartphone-based RFID reader needs to be less than four inches away from the credit card to read the RFID signal.
Putting Stolen Information to Use
A wireless RFID skimmer can take the credit card number and expiration date of the card, but not the PIN or the CVV number on the back of the card. As a security measure, RFID chips change the CVV number with each transaction. As a result, in addition the getting the card number and expiration date, the skimmer will grab a CVV number that can be used only one time. If the cardholder happens to make a purchase before the hacker does, the stolen information becomes useless.
Hackers deal with this challenge by creating a cloned card as quickly as possible, using machines than can load the stolen information into a magnetic strip on a blank card. To speed the process, hackers can transmit the information to a teammate who can produce a replicated card within a couple of minutes. From there, the hackers will try to use the cloned card before the owner does.
Protecting your RFID Credit Cards
Owners of RFID enabled cards can prevent skimming in several different ways. Wrapping cards in foil or keeping them in a wallet lined with foil inhibits the transmission of the RFID signal. Carrying two RFID cards side by side will confuse a wireless skimmer, because the RFID reader will capture a mixture of all the numbers on each card without being able to separate the information. If neither of those options are acceptable, call your card issuer and ask for a replacement card without an RFID chip.