Communication technology certainly makes life easier and more fun, but as we are finding out, it is still have some teething problems, particularly around security.
Radio Frequency Identification (RFID)
Radio Frequency Identification (RFID) has been around for quite some time and has many applications and uses. The most popular and most widely consumed in our daily life is in contactless payment cards such as Visa Paywave and Mastercard Tap & Go.
It is convenient, fast and it works. In fact most of us love it and moan drearily when the shop assistance asks you to insert your card and enter a pin. The only problem is that the technology and concept of contactless payment means there is no password, there is no pin number, you do not sign.
Electronic pick pockets
Ultimately there is no way to stop others from extracting funds, in the exact same way you pay for your coffee or lunch, by swiping over a reader. This is widely known as electronic pick pocketing and is more commonly being reported in the media as a growing issue.
Electronic pick pockets stroll calmly beside you in crowded shopping centre’s, bars, buses, trains and even in broad daylight on the street. These scammers use a gadget that can scan your cards at the same frequency as that of a legitimate scanner in an electronic ticketing system or card payment reader. This gadget is so compact that it can fit in an iPad cover, pocket, shoulder bag, binder or handbag.
All that is required is the wallet filled with cards in a back pocket and a scammer with a reader in satchel standing next or besides for triggering the signal on the RFID.
The moment this gadget or reader is activated your banking details are exposed. This can be termed as technical hijacking, which is become quite common these days! According to wreg.com, almost 140 million people are using the RFID card, which is valued at a $9 billion, a year industry. Source: Wikipedia
So the pickpocket doesn’t have to pickpocket you anymore to steal your hard earned cash. They digitally steal your credit card details and your money without taking your wallet and in some cases without you ever knowing.
Identity Scan Theft: How it Works and what are the Possible Hazardous Effects
Recognised as a type of identity theft, electronic pick pocketing is when a person wirelessly skim (reads) contactless cards, fetching the embedded personal or financial information. This is called card skimming or digital card theft. These RFID-enabled cards, which were originally introduced for quick purchases without waiting in long queues and compromising convenience, are now allowing quick theft.
Contactless payment cards utilise the RFID chip. Such a chip is nowadays embedded in almost all forms of smartcards, including even passports and some transport cards. So, any card with RFID technology is highly susceptible to card skimming, as it is capable of releasing a signal that is readable from the source which in most cases, someone’s wallet with bank cards.
Any scammer who carries an RFID card scanner or reader in a laptop bag or briefcase can easily steal your data in just a few minutes. Such electric readers are available for purchase on the Web, for below $100. Even more shockingly, many free apps are available to facilitate a proxy transaction between the reader and card, making skimming a breeze. Google “card skimmers for sale” and you will be amazed at how many options are out there and how easy they are to get.
Understanding the RFID Technology to Detect the Cause of Electronic Pick Pocketing
RFID is perhaps another name of going cashless for staying safer than carrying hard cash in wallets or purses. It also helps the customers to avoid waiting in queues for tickets or receipts. Keeping these benefits in mind, several financial institutions such as banks have included the RFID chip in their latest cards for facilitating contactless payment through electronic scanning machines. Notable names include Visa, MasterCard, and providers of international cards such as Oyster and Opal.
These RFID cards are smartcards that you do not hand to a cashier or swipe via a card reader. You only need to tap or wave one on or in front of a scanner utilizing radio waves. This scanner then fetches your data by contacting the embedded small RFID chip. This is why such cards are also termed as contactless or pay pass cards.
It is easy to find out whether your cards are tagged by RFID or not. For that, just examine the card for checking the symbol of Universal Contactless Card, which is somewhat like a WiFi signal embedded on a side or as a conventional radio broadcast wave.
The cards that are not powered by RFID tag or chip are also at risk. This is because a robust RFID reader can scan such cards even from a distance of several meters. It also does not need a direct line-of-sight. Wikipedia reports some RFID readers can work up to 600 metres away. Source: Wikipedia.
Types of Cards at Risk of Identity Card Theft in a Digital Way
- Bank cards
- Payment cards
- Government issued cards
- American Express Pay
- MasterCard PayPass
- VISA Paywave
- Passport Card
- Opal, Octopus, Oyster
- Access Control Cards
- Near Field Communication (NFC) credentials
- FlexSecure, FlexSmar
- Standard Contactless RFID Cards
With the extended use of RFID, this list is likely to expand to encompass more cards almost each week.
Card Skimming or Digital Pick Pocketing: The Reasons behind Vulnerability to Hacking
Well, it is not the card that is vulnerable but it is its RFID chip that is vulnerable to hijack for consequently exposing the card details to anyone in public. While most credit cards are encrypted, the expiry date and card number are found to be susceptible.
This vulnerability arises when the chip in a card gets nearer to an electric pulse or frequency wave, due to which the card starts emitting data embedded inside. While other details are encrypted, the expiry date and card number are not due to which they are easily copied or manipulated, when the pulse transacts with the card. This is why card is cloned or identity is robbed by anyone who knows that you can be the target.
According to experts, this technology of robbing others digital is quite cheap, as all it requires is only a reader and some technical skill of hacking the cards.
Identity Theft: How it is looked Upon by Security Assurers
According to police in general and credit security experts, electronic pickpocketing is not a prevalent issue but rather a potential threat. Despite this, it is still a matter of big concern for ensuring law and order. This crime is looked upon as an outcome of the vulnerability in system being exposed. It is because of these vulnerabilities that scammers are raising in numbers for exploiting.
According to credit security expert Veda, identity theft on cards provided by Australian banks and credit providers has been raised by 103%. Similarly, credit card application frauds have also increased by 23%. While the rise in the number of legitimate applications is justifiable, the same in the form of fraud is not acceptable. Nevertheless, in both the cases, the real game changer is the change in the way card owners and scammers are utilising the evolving technologies.
We would love to hear your comments and feedback. Has this article helped you? Have you or a friend ever been skimmed or had something stolen electronically? What do you do to keep your RFID enabled cards safe? Have you ever seen a card skimmer?