Computers & Electronics

RFID protection - how much are ppl at risk?

  • Last Updated:
  • Jun 11th, 2016 7:57 am
Tags:
None
[OP]
Deal Guru
User avatar
Sep 21, 2010
14884 posts
4328 upvotes
Montréal

RFID protection - how much are ppl at risk?

Just saw a snippet about this on a morning show and apparently thieves have the tech to scan those chipped credit cards and steal one's info up to 5 blocks away?? Anyway, they have been promoting those 'sleeves' to protect one's CCs for the longest time and I wonder how useful and required is this protection, locally in Canada and traveling abroad? I personally never heard too much about this type of theft (knock wood). Wouldn't you still be exposed because eventually you'd have to take it out from that 'sleeve' to use it, so if the thief *really* wanted to get yours and was patient, you'd still be screwed?
23 replies
Jr. Member
Jan 28, 2013
161 posts
46 upvotes
Canada Eh
I don't trust RFID technology yet with my bank details. There's must be a damn good reason why Mythbusters got banned for covering it in an episode. As for the ability to scan cards 5 blocks away, I think that might be a bit of a stretch.
[OP]
Deal Guru
User avatar
Sep 21, 2010
14884 posts
4328 upvotes
Montréal
playingintraffic wrote: I don't trust RFID technology yet with my bank details. There's must be a damn good reason why Mythbusters got banned for covering it in an episode. As for the ability to scan cards 5 blocks away, I think that might be a bit of a stretch.

...
Heh, worrying stuff. I guess we possibly have more to fear from gov't agencies vs the run-of-the-mill thief.
Deal Addict
Aug 1, 2006
1496 posts
745 upvotes
Toronto
Tap and pay (contactless) transactions are limited to $50 or $100 and your credit card company will flag anything suspicious anyways.
Credit [Visa, MasterCard, etc.]/Interac debit cards are also zero liability.

There's more important pressing things to worry about.
Home automation, NOVO (HiFi) Magazine, Google Trusted Photographer, electric vehicles.
[OP]
Deal Guru
User avatar
Sep 21, 2010
14884 posts
4328 upvotes
Montréal
JPTN wrote: Tap and pay (contactless) transactions are limited to $50 or $100 and your credit card company will flag anything suspicious anyways.
Credit [Visa, MasterCard, etc.]/Interac debit cards are also zero liability.

There's more important pressing things to worry about.
That's good to know, but isn't the issue more about privacy concerns and personal data, which eventually could lead to opening up all one's bank details, vs just ripping off $50 at a time?
Member
Sep 24, 2015
230 posts
101 upvotes
Maybe the banking and credit card companies could try putting some sort of switch on the side of the card that could temporarily disable the RFID chip when it's not needed.
Deal Addict
Aug 1, 2006
1496 posts
745 upvotes
Toronto
tranquility922 wrote: That's good to know, but isn't the issue more about privacy concerns and personal data, which eventually could lead to opening up all one's bank details, vs just ripping off $50 at a time?
There are much easier ways to track someone than through a contactless credit card. e.g. their smartphone's unique Bluetooth or WiFi address.

Contactless payments don't transmit anything besides the values required to process the transaction. Cardholder names aren't even stored in the contactless portion. (Smart Card Alliance Security FAQ).

Once payments completely move to tokenization (similar to Apple/Samsung/Google Pay), your credit card details won't even be sent anymore. Each transaction will be secured via one-time use values. Many banks already do this for online transactions: your credit card generates a unique one-time use values for each online transaction.
Home automation, NOVO (HiFi) Magazine, Google Trusted Photographer, electric vehicles.
[OP]
Deal Guru
User avatar
Sep 21, 2010
14884 posts
4328 upvotes
Montréal
JPTN wrote: There are much easier ways to track someone than through a contactless credit card. e.g. their smartphone's unique Bluetooth or WiFi address.

Contactless payments don't transmit anything besides the values required to process the transaction. Cardholder names aren't even stored in the contactless portion. (Smart Card Alliance Security FAQ).

Once payments completely move to tokenization (similar to Apple/Samsung/Google Pay), your credit card details won't even be sent anymore. Each transaction will be secured via one-time use values. Many banks already do this for online transactions: your credit card generates a unique one-time use values for each online transaction.
Hmmm, that's interesting to know. So why the hush-hush re the Mythbusters thing if it's not that vulnerable/little sensitive info?
Newbie
Oct 18, 2014
60 posts
8 upvotes
N/A
playingintraffic wrote: I don't trust RFID technology yet with my bank details. There's must be a damn good reason why Mythbusters got banned for covering it in an episode. As for the ability to scan cards 5 blocks away, I think that might be a bit of a stretch.
What you forgot to state is that Savage later retracted his conversation:

In a statement from Savage--who was speaking for himself at the conference and not appearing on behalf of the show--provided to CNET News by Discovery Channel on Wednesday, the MythBusters co-host retracted the substance of what he'd told the Last HOPE audience.

"There's been a lot of talk about this RFID thing, and I have to admit that I got some of my facts wrong, as I wasn't on that story, and as I said on the video, I wasn't actually in on the call," Savage said in the statement.


Source: http://www.cnet.com/news/mythbusters-co ... kerfuffle/
Deal Addict
May 10, 2011
1454 posts
503 upvotes
Ottawa
It is sale tactic based on fear and ignorance. First of all it is impossible to scan the chipped cards from far away because you can't amplify the signal like a regular RF signal. The card does not have any internal power source so it get its power from induction. And induction does not work from a distance. No power, no signal.

Also even if you managed to read from the card there is nothing valuable on the card. The chip uses a public/private key system to authenticate with the terminal, so all you will get is the public key. If you aren't familiar with the technology then let's just say there is nothing you can read from the card that would allow a thief to clone it, or use the info in any way to make a transaction.
[OP]
Deal Guru
User avatar
Sep 21, 2010
14884 posts
4328 upvotes
Montréal
delaynomore wrote: What you forgot to state is that Savage later retracted his conversation:

In a statement from Savage--who was speaking for himself at the conference and not appearing on behalf of the show--provided to CNET News by Discovery Channel on Wednesday, the MythBusters co-host retracted the substance of what he'd told the Last HOPE audience.

"There's been a lot of talk about this RFID thing, and I have to admit that I got some of my facts wrong, as I wasn't on that story, and as I said on the video, I wasn't actually in on the call," Savage said in the statement.


Source: http://www.cnet.com/news/mythbusters-co ... kerfuffle/
Yes, but what exactly did he backpedal on? Either he completely made up some bs or he got told to shut up (w/ $ or threats) about his recount of the phonecall.
[OP]
Deal Guru
User avatar
Sep 21, 2010
14884 posts
4328 upvotes
Montréal
csi123 wrote: It is sale tactic based on fear and ignorance. First of all it is impossible to scan the chipped cards from far away because you can't amplify the signal like a regular RF signal. The card does not have any internal power source so it get its power from induction. And induction does not work from a distance. No power, no signal.

Also if even if you managed to read from the card there is nothing valuable on the card. The chip uses a public/private key system to authenticate with the terminal, so all you will get is the public key. If you aren't familiar with the technology then let's just say there is nothing you can read from the card that would allow a thief to clone it, or use the info in any way to make a transaction.
That's reassuring. Like I said in the OP, I haven't heard much about this type of theft but wanna learn more. Still, what do you mean by your 1st sentence? We're not all running out buying these things, they pretty much have them on all our bank, credit and other cards w/o our consent lol.
Deal Addict
May 10, 2011
1454 posts
503 upvotes
Ottawa
tranquility922 wrote: That's reassuring. Like I said in the OP, I haven't heard much about this type of theft but wanna learn more. Still, what do you mean by your 1st sentence? We're not all running out buying these things, they pretty much have them on all our bank, credit and other cards w/o our consent lol.
I was referring to those sleeves you were talking about.
Jr. Member
Jan 28, 2013
161 posts
46 upvotes
Canada Eh
delaynomore wrote: What you forgot to state is that Savage later retracted his conversation
I didn't forgot to state that because I simple was unaware. Thank you for the knowledge though!
Deal Addict
User avatar
Jul 19, 2010
1638 posts
515 upvotes
Alpha Centauri
frostyrabbit wrote: Maybe the banking and credit card companies could try putting some sort of switch on the side of the card that could temporarily disable the RFID chip when it's not needed.
A better idea would be to touch a specific contact point on the card which will only activate the RFID signal when doing a Tap purchase.
Deal Addict
Jan 18, 2009
2981 posts
1584 upvotes
csi123 wrote: It is sale tactic based on fear and ignorance. First of all it is impossible to scan the chipped cards from far away because you can't amplify the signal like a regular RF signal. The card does not have any internal power source so it get its power from induction. And induction does not work from a distance. No power, no signal.

Also even if you managed to read from the card there is nothing valuable on the card. The chip uses a public/private key system to authenticate with the terminal, so all you will get is the public key. If you aren't familiar with the technology then let's just say there is nothing you can read from the card that would allow a thief to clone it, or use the info in any way to make a transaction.

This!

I read out my MC's info using NFC app and saw nothing alarming. It's not any less secure than using your credit-card online.
Member
User avatar
Jun 4, 2016
211 posts
227 upvotes
If you didn't make the purchase the cc company will take care of it. Sure it is inconvenient to change credit cards... But i don't think that it's worth worrying about something like that
Deal Expert
Aug 2, 2004
33721 posts
7359 upvotes
East Gwillimbury
Most terminals I've used needs physical contact, but I have seen terminals that work from 3 cms away if you hover the card over it. Either way, a thief has to be really close to your card.

What you need to do is get a sleeve for your passport. If you're paranoid, they now sell wallets that block RFID
Sr. Member
User avatar
Aug 9, 2005
796 posts
287 upvotes
tranquility922 wrote: apparently thieves have the tech to scan those chipped credit cards and steal one's info up to 5 blocks away??
The best wireless routers don't even come close to 5 blocks, let alone passive RFIDs. I hope you misheard or there's a morning show that's going to be laughed off the air.

As for passport/card holders, RFIDs are still susceptible to foil right? Why not just DIY?

Top