It seems like a creepy and very 21st-century crime — your credit cards being invisibly read and stolen by a futuristic gadget as you walk down the street.
A solution is a kind of armour — keeping credit cards with radio-frequency identification (RFID) technology behind a discreet aluminum shield in a wallet. Mountain Equipment Co-op, for example, sells nearly two dozen wallets, bags, money belts and backpacks equipped with RFID protection.
But, here’s the thing: though it is possible to read some credit card data remotely, there’s not a lot thieves can do with that data.
The concept involves a device like the one you tap a contactless credit card on to make a payment, but portable and more sensitive.
“If somebody walks around with a much more high-powered version of that reader, they can read at distances of — I think that ten feet is probably plausible,” says Queen’s University computer science professor David Skillicorn. “That means they can read your credit card, but they have to find a way to process it as if they were a merchant.”
The would-be thief’s reader doesn’t have access to the PIN number, or the three-digit security code on the back of the card.
“It’s the other end of the job which is difficult, which is to get the credit card company to pay you as if you were a merchant. That’s not something that is trivial for a criminal to set up. ”
This is why it’s essentially unknown for real money to be stolen by real criminals using this method — not enough data gets read to actually do anything with.
“Whose problem is it if somebody does rip off your card that way?” Skillicorn asks. “In Canada, it’s the bank’s problem.”
“Really, at this point, it’s not something worth worrying about.”
(Card skimming at retail points of sale, where a device placed by a criminal harvests your card number and PIN, is a real threat, however.)
READ MORE: Smartphone app that allows credit card skimming ‘real risk’ to consumers: experts
Some information can be remotely read from your passport, but unless you’re an international man or woman of mystery, you really don’t need to worry about that either — it’s almost all heavily encrypted.
“There will be some stuff there that’s plain text, but not very much that’s very useful. It’s not a huge vulnerability at this point, because the effort of decrypting it is somewhere between extremely hard and impossible.”
“If you are the target of some foreign intelligence organization, then it might be worth their while to have a serious attack at your passport details.”
Thu, Dec 18: Anti-virus firm Norton is teaming up with clothing maker Betabrand to develop jeans that would prevent criminals from hacking radio frequency of RFID tagged passports and payment cards.