RFID skimming
RFID skimming is a form of digital theft, which enables information from RFID based smart cards to be read and duplicated. It can be used as a form of wireless identity theft or credit card theft among other forms of information theft. Typically it works by illegitimate reading of RFID chips at a distance using an RFID reader device, which downloads the card information.[1]
Incidence
RFID skimming has been reported as far back as 2008[2] and as recently as 2013,[3]
In 2010, Identity Theft Resource Center reported no known incidents of criminal skimming; however, according to the founder of Identity Stronghold, levels of theft are difficult to determine, as victims typically do not know how their card data was compromised.[4]
Methods for preventing RFID skimming
Shielding
Shielding attempts to block radio signals from reaching the tag by enclosing it within a container made of material that blocks electromagnetic signals in the RFID spectrum by acting as a Faraday cage.
RFID blocking wallets and sleeves
Shielded containers for regular use in the form of single-document sleeves, wallets, pouches, etc.
Metal foil
Shielding is possible simply and inexpensively by wrapping a tagged object in aluminum foil,[5] which can be configured as a sleeve permitting a card to be slid out. Informal tests found that the shielding effect was not 100% effective, though it did very much reduce the maximum range for reading, from about 1.5 feet (50 cm) to 1–2 inches (3–5 cm).[6]
Permanent disabling of RFID functionality
RFID functionality can be disabled permanently by cutting internal wires; use of a microwave oven has also been reported successful, according to informal reports.[7] Cutting requires location of the internal wires, followed by cutting, drilling, or heating. Methods that visibly damage the card may lead to its being rejected as a payment method when presented to a retailer in the normal way.
Temporarily blocking RFID functionality
A new technology which has not been widely deployed, a blocking card is a credit card-sized security device intended to be kept close to vulnerable cards. It works by detuning the RFID signal of nearby cards, and thus allows them to be stored in a non-shielded container. When removed from the proximity of the blocking card for legitimate uses they function normally. The efficacy of these blocking cards has been challenged and there are several videos posted showing these blocking cards failing in real world tests.[8]
RFID alarms
There are devices that detect any attempt to read an RFID device and generate an alarm. They cannot know whether the access is legitimate or not.
References
- ↑ Fenlon, Wesley. "How does ATM skimming work?". HowStuffWorks. Retrieved 3 August 2013.
- ↑ boingboingtv. "How to hack RFID-enabled Credit Cards for $8". YouTube. Retrieved 3 August 2013.
- ↑ Garble Card. "walletCG". YouTube. Retrieved 3 August 2013.
- ↑ "Electronic Pickpocketing". WREG. 3 December 2010. Retrieved 3 August 2013.
- ↑ "Can Aluminum Shield RFID Chips?". RFID Shield. Archived from the original on March 30, 2014.
- ↑ "Aluminum Foil Does Not Stop RFID". Omniscience is Bliss.
- ↑ Instructables Web site:How to Disable 'Contactless Payment' on Your Debit Card
- ↑ https://www.youtube.com/watch?v=yfj_QS4z5ZM