Patented back in 1973, RFID microchips began becoming viable both technologically and commercially in the early 2000`s when they started being used for all sorts of different purposes – to ID chip pets, to provide quicker travel at toll booths with EZPass and to ID employees entering and leaving an office building, just to name a few. Since the beginning, people have voiced concerns about the security of this technology and what it means as a tracking device.
However, now that concactless payments seem to be the inevitable way of the future, the security of credit cards containing RFID microchips has once again become a top concern for many.
At Shmoocon, an annual hacker convention that took place this year from January 27th through the 29th in Washington, D.C., a security researcher employed by Recursion Ventures named Kristin Paget demonstrated in front of a large crowd of onlookers just how easy it is for hackers and ID thieves to steal people`s personal data from RFID-enabled credit cards.
With about $350 worth of equipment easily obtainable over the Internet, she wirelessly read the credit card information of a card proffered by a volunteer and then turned right around to quickly encode the stolen data onto a blank card, making a fraudulent credit card.
In real life, anyone carrying a Vivotech RFID credit card reader (which Paget purchased off eBay for the purposes of the demonstration for a mere $50) in a purse or a coat pocket could simply bump up against another individual and steal their credit card information. The data is easily transmitted through denim, leather and other common clothing and wallet materials. In fact, the only things that would thwart a similar attempt are water or metal.
There are a few RFID-blocking wallets and shields available on the market today, and the web is rife with instructions on how consumers can create their own protective wallet out of duct tape and aluminum foil.
However, Randy Vanderhoof, the executive director of the Smart Card Alliance, claims that, as of yet, there has been not a single report of the fraud ever having occurred in the real-world.
“We`ve got six years of history, a hundred million users of these cards, and we haven’t seen any documented cases of this kind of fraudulent transaction,” said Vanderhoof, as reported by Forbes.