In the past when people spoke about “identity theft”, they usually meant impersonating or pretending to be another person in physical life. Nowadays the term “identity theft” is also commonly used to refer to cases when credit card details are stolen. The same term is also used to refer to cases when one steals identity card details, passport details or be it any other membership card details for personal gain.
Information in RFID Credit Cards and Passports Can be stolen by an RFID Reader
Many people are unaware that the information stored on RFID credit cards and biometric passports can be stolen from a distance, without actually having to get hold of a person’s credit card or passport. RFID cards and passports contain an RFID microchip or RFID tag that emits the information stored in the card in the form of radio transmission. The thing is that this radio transmission can be read from a distance of up to 10 feet (3 metres away) by means of an RFID reader.
Most RFID readers are relatively small and cheap and some smartphones also include one in the form of an NFC chip. As a matter of fact, some identity thefts are simply carried out by means of a smartphone and a free app.
RFID enabled credit cards include but are not limited to Visa PayWave, MasterCard PayPass, American Express ExpressPay and Discover Zip. On the other hand, all biometric passports have an RFID tag. All passports that are now issued in the US, UK, Canada, Australia and most other countries are biometric passports.
Some Apparent Experts are Not Well Informed
According to some supposedly experts, it is not possible to retrieve data from a biometric passport when the passport is closed. However other experts suggest that this is not really the case. According to the article “UK Biometric Passports not Secure”, a security expert managed to obtain data from a biometric passport that was closed and sealed in an envelope.
While some believe that having ID card or passport details stolen is not such a big issue, the same cannot be said in the case of the theft of credit card details. The information stored in credit cards is encrypted in order to make it safe, however those that steal information from RFID enabled cards usually know what to do in order to decode this information. Credit card details theft is usually a bigger issue if one is travelling as the victim may end up not being able to pay any restaurant or hotel bills.
When asked to clarify on this issue, spokespersons from credit card companies stated that although they appreciate the possibility of having one’s RFID credit card details stolen, they do not believe that there is any real cause of concern for their clients. For more information please refer to the article “Digital pickpockets using smartphones to steal credit cards”. However I have little or no faith in what such spokespersons say, especially if they have little or no security background.
Avoiding Identity Theft
So what can one do in order to avoid having his or her credit card details stolen? The most obvious thing is to avoid using RFID enabled credit cards altogether, especially if one is travelling. In fact most of today’s credit cards are of the type “chip and pin”; which requires the user to insert the credit card in a card reader and then input a unique pin number. While the information on a chip and pin card can still be stolen, one actually needs to get hold of the card and insert it in a special reader in order to read the information inside the card.
Checking the bank statements on a regular basis can also help in identifying strange transactions, which might be a result of the theft of credit card details. While this is not a way of preventing identity theft, the sooner a case of identity theft is identified the better. Another way of protecting RFID cards is to use a special type of envelope, but more about this will be covered in another article.