Skip to main content
  1. Home
  2. Emerging Tech
  3. Features

RFID-blocking products are practically worthless. Here’s why

Simon Hill
By

We’ve all heard of RFID skimming right? It’s where criminals with RFID readers sneak up behind us and scan the credit card or passport in our pocket or bag to steal information they can use for fraudulent transactions or identity theft.

The threat of RFID skimming has given rise to an enormous industry of RFID-blocking products. It’s a standard feature in smart wallets, and you can even buy shirts and jeans with RFID blocking pockets built in. The question is: Are they worth buying?

Recommended Videos

“No, they’re a waste of money,” Roger Grimes, data-driven defense evangelist at KnowBe4, told Digital Trends. “You shouldn’t spend one cent. There has still to this day not been a report of a single real-world crime that an RFID blocking product would have stopped.”

Well, that puts it bluntly. But why is the RFID-blocking industry still booming? First, let’s understand how it all works.

How does RFID skimming work?

RFID or radio frequency identification is a form of wireless communication. RFID chips are sometimes used in passports, credit cards, and transport passes to allow fast scanning and contactless payments. These chips emit radio signals that anyone with a reader can potentially try to intercept.

Image used with permission by copyright holder

In theory, criminals can buy readers for less than $100 and then sneak up behind people and scan their pockets or bags to try and steal information. The supposed threat: the information they skim can then be used to steal the victim’s identity or push through fraudulent transactions using their details. But there’s a problem with this supposition.

“The information that’s actually stored and transmitted on the card is not enough to complete a transaction anymore,” Grimes said. “That changed many years ago.”

“The information stored and transmitted on the card is not enough to complete a transaction anymore.”

Nowadays, a credit card transmits a one-time transaction code that’s encrypted. It doesn’t give your name or billing address, and crucially it doesn’t include the three-digit code on the back of your card that’s needed for online transactions. The information that can be skimmed is simply not enough to enable the thief to commit another crime.

As for passports, the information that’s transmitted cannot be read without the key. Everything is encrypted and can be read only by authorized and authenticated readers. You also have to open the passport to the photo page to scan the chip, and most modern passports (issued after 2007) already have covers that block RFID signals.

A victimless crime

The purveyors of RFID-blocking products are exploiting an understandable fear people have of this kind of wireless crime. But there’s no evidence the RFID skimming they guard against is actually happening.

We contacted Action Fraud in the U.K. to ask about reported incidents of RFID skimming and they put us in touch with UK Finance. The organization confirmed that there have never been any verified reports of fraudsters taking money from someone’s contactless card just by bumping into them in the street or on public transport. It also revealed that no verified incidents of contactless fraud have ever been recorded on cards still in the possession of the original owner in the U.K.

What’s more, even if this kind of crime did occur, you’re guaranteed protection.

“Customers are fully protected against any losses and will never be left out of pocket in the unlikely event they are the victim of this type of fraud, unlike if they lose cash,” a U.K. Finance spokesperson told Digital Trends.

The situation is much the same in the U.S., according to the Identity Theft Resource Center.

NERO

Roger Grimes has been trying to track down a verifiable crime of this sort for years now. In addition to his work with KnowBe4, which offers security awareness training, he’s also a long-time columnist on computer security. Before that he served for more than 11 years as a principal security architect at Microsoft. He has written multiple articles, and given many talks and interviews on the topic of RFID-blocking products.

“To be honest I’m surprised the makers of these things haven’t paid a real-world criminal to commit a crime just to shut me up,” he said, chuckling.

Manufacturers of RFID-blocking products usually explain how RFID skimming works. Sometimes they refer to demonstrations by security experts at conferences showing that it is possible, or they quote statistics that refer to different kinds of credit card crime.

“It’s pretty much a scam,” Grimes said. “There has never been a single reported RFID crime that would have been blocked by one of these products, but even if there were 10 reported crimes, is that something that should generate a multi-million-dollar industry?”

Real crimes related to contactless cards

There is some crime related to RFID or NFC (near field communication) on credit cards and smartphones, but it’s relatively minor. It also typically occurs in situations where you use your contactless card, so blocking products would not be effective.

For example, there may be rare occasions where merchants overcharge, or a fake frontage has been fitted to a Point-of-Sale terminal or cash machine. But these kinds of incidents are quickly exposed, and customers are always reimbursed. They’re also situations where you remove your card from your wallet or pocket, so RFID blocking can’t help anyway.

You should be more concerned about other, verifiable crime that’s actually happening

According to U.K. Finance, fraud on contactless cards and devices remains low with 19.5 million British pounds of losses during 2018, compared to spending of 69 billion British pounds over the same period. Fraud using the contactless technology on payment cards and devices represented just 2.9 percent of overall card fraud losses.

Criminals are all about the low-hanging fruit. When they can go online to the dark web and buy credit card details, including the three-digit code, for $3 to $5 apiece why would they go to the hassle of RFID skimming?

“It’s an incredible risk for very little pay off,” Grimes said. “Using the dark web, they don’t need to worry about being close to a person or getting caught on camera.”

If you’re worried about identity theft or credit card fraud, you should be more concerned about other, verifiable crime that’s actually happening, like phishing scams. While there’s no harm in using an RFID-blocking product, it’s unlikely to help, and there’s no real need to spend money on them.

“Tin foil works just as well if not better than all of these-RFID blocking products,” Grimes said.

Editors' Recommendations

Topics
Simon Hill
Simon Hill
Former Digital Trends Contributor
Simon Hill is an experienced technology journalist and editor who loves all things tech. He is currently the Associate Mobile…
Does tracking your sleep actually help you sleep better? We asked an expert
Sleep Number It Bed review

Modern life simply isn't conducive to getting a good night's sleep. There's artificial light everywhere, we spend hours glued to screens, and it's not unusual to be checking work emails on your phone at night, last thing before you go to bed. We know that the potential health consequences of not getting enough sleep are severe, ranging from obesity and hypertension, to diabetes and heart disease. There's also the immediate impact on work performance, the risks of drowsy driving, and the higher incidence of accidents to contend with when we're tired.

It's no wonder sleep technology has been on the rise. There's no shortage of gadgets and apps that claim they can offer us a sound night's rest, or help us better understand whether we're getting the recommended full forty winks every night. There's a myriad of sleep tracking options out there, from fitness tracking bands to mats you put under your mattress, and even apps that run on your phone on the nightstand next to you.

Read more
Why are people striking because of climate change? Here’s a summary
Global Climate Strike

People all over the world are participating in September 20’s global climate strikes. They’re taking place in cities from Alice Springs, Australia to Jakarta, Indonesia to New York City. Police estimate 100,000 protesters gathered around Berlin’s Brandenburg Gate. 

A coalition of organizations worked to raise awareness about the strikes, but it started with children and young adults. Sixteen-year-old Greta Thunberg, who recently testified before a congressional committee, gained fame for her three-week sit-in outside the Swedish Parliament to protest its lack of action on climate change. She continued weekly strikes, and other school kids around the world started joining her for Fridays for Future. In an interview with Teen Vogue, Thunberg asked people to imagine themselves looking back on today in 20 to 30 years. “Do you want to be able to say that you did fight against it and tried to push for a change early on?” she said. “Or do you want to say that, ‘No, I just went on going like everyone else because it was too uncomfortable.’”

Read more
MIT pill inflates in your gut so you can’t digest it. Here’s why that’s awesome
3d printer custom medication magic pill mem2

Jell-O-like, expanding pill

Ever eat a meal that’s way too big and, afterward, feel like the food is continuing to expand inside your stomach? That’s kind of what researchers at the Massachusetts Institute of Technology (MIT) have developed with a new ingestible pill that is able to rapidly blow up into a soft hydrogel object the size of a ping-pong ball after it’s been consumed. Once inflated, it can then be used to track the body’s core temperature -- and one day perhaps ulcers, cancers, and other gastrointestinal conditions -- for up to one month. It could even potentially help people lose weight where needed.

Read more