Radio frequency identification (RFID) skimming is a form of digital theft which enables information from RFID-equipped credit cards to be read and duplicated. It can be used as a form of wireless identity theft or credit card theft.
Typically, it involves the illegitimate reading of RFID-enabled credit cards (or other devices) at a distance in order to download the card’s information. From there, the information can be written to a new blank card, which operates in the same manner as the original, legitimate card.
Because the data is identical on both cards, and the information is only copied, it makes no difference if the original data is encrypted.
Now that people are aware that information on their cards, and even their passports, can be read wirelessly and remotely, many are looking for ways to protect themselves.
Purchasing an RFID blocking wallet (or sleeve, or pouch) is one way.
RFID blocking wallets block RFID signals using electromagnetic enclosure technology called a Faraday cage. This technology is said to make credit cards electromagnetically opaque by distributing electrostatic charges or radiation around the cage’s exterior, thus protecting its contents from electric charges.
Those looking to obtain an RFID blocking wallet need to be aware that all of these devices are not created equally. Some are more effective than others. Even the most effective can fail due to wear and tear or user error.
While RFID wallets offer some protection against RFID card skimming, they are no replacement for safe habits and exercising caution. Some experts question whether RFID skimming is really a threat worth worrying about. So, do you really need an RFID wallet?
First, do your credit cards actually have RFID technology? Roger A. Grimes, security columnist for InfoWorld, reports that less than one percent of all credit cards in circulation have RFID capability. It is therefore unlikely that yours do.
There is an easy way to find out: can you hold your up credit card to a payment terminal, and without inserting or swiping it, pay for something? Not all cards can do this. The ones that can have been marketed as such; their names imply wireless payment (PayPass, Express Pay, and so on), and they often bear an RFID/contactless payment logo.
The little metallic square on your new credit card does not indicate RFID but is actually a microchip meant to enable more secure transactions. Further, most contactless payment cards have EMV (chip-and-PIN) protection. These cards use the chip to secure RFID communications by generating a single, encrypted code for each transaction.
As RFID continues to fall out of favor, the world is now going to wireless payments via mobile devices. Apple Pay, for example, had more users in its first day in the market in 2014 than all active users of RFID credit card products combined. Apple Pay is more secure than RFID and works with every major credit card, as long as your vendor supports Apple Pay.
While it is theoretically possible to steal information wirelessly, actual occurrences are basically slim to none. The truth is, there are much easier and more profitable ways to steal people’s data.
That doesn’t mean that your credit cards are safe from being hacked. But it’s almost certain a would-be thief with a wireless sniffer is not going to be the one to do it. So back to the question–are RFID wallets really necessary? Probably not.
This article was originally published in 2016 and was updated October 25, 2018.