Protect Your Personal Information from RFID Thieves

The press is full of stories about people having their personal information stolen from contactless credit/debit and PIV cards and never being the wiser. As consumers and shoppers we are surrounded by a multitude of ways our personal information can be accessed, ranging from physical theft to highly sophisticated large-scale electronic heists (think Target).

Far less obvious, but nevertheless occurring at an alarming rate, is theft of one’s persona from the data encrypted in smart card chips. Effective in 2015, all newly issued credit cards have such chips, and the magnetic strip cards that we have been using forever will be phased out. Cards issued by USA banks (including all VISA and Master Card issuers) will be using the same RFID technology as Europe, except that the information contained in American cards will be easier to steal because our cards are designed to be easier and quicker to use at checkout counters.

The process of taking information from a smart card works like this: the personal information embedded in the chip is released when the chip is prodded by an RFID signal (13.56 MHz or UHF 860-960) which is contained in the RFID reader. The chip responds to the signal by disgorging the information stored within it. Anyone, the store or thief, equipped with an RFID reader positioned up to several feet away, can interrogate the smart chip (which is perhaps not so smart after all).

The technology needed to read a card is not sophisticated, nor expensive (about $1,000) per reader. So, for “cheap money” a 21st century pick-pocket can be in business by standing close to you and your unshielded cards.

For protection against RFID theft, look for sleeves that are made from substrates that are FIPS 201 certified. This is a government certification given to those laminates that have passed a rigorous test to ensure that RFID signals cannot penetrate to the chip. Contactless data cards, including credit cards, debit cards, and PIV (Personal Identification Cards) cannot be read as long as they are stored inside FIPS 201 compliant sleeves.

RFID Article from Sunday Telegram