RFID/near-field communication credit card protectors?

[katz]

I saw a recent Facebook/News video where a security company was demonstrating how easy it is to pull your credit card/etc. info. with their scanners, just by standing close to a person. The article recommended RFID shield wallets/purses and such.

Who's to know if they are effective enough at shielding, or worse, simply a scam like those stick on cell phone boosters & radiation shields that were so popular years ago.

All of my cards do have near-field communication...so if this is a thing to be concerned about and they do work, I suppose I should invest in one of those wallets.

Any of you guys have any experience with this?

 

[Your PCMD]

Like the Ridge wallet? Just save your money and wrap them in aluminum foil if your that conscious about it.

I carry one card with me even though I have several. That card has a limit on it that I set myself. If I want $20 on it, I put $20 on it. If I want $200, well, rinse and repeat. Its not a typical pre-paid card. It's from a company called FamZoo that I have had for several years. I got it for my kids mainly as 3 of them live in Tennessee near their mom and often ask for money and its waaaaaaay cheaper than using Western Union or Money Gram. Just $60/year.

 

[HCHTech]

Just save your money and wrap them in aluminum foil if your that conscious about it.

...or, just buy the wallet and avoid looking like the tin-foil-hat guy when you purchase goods and services in public.

...or, final option, just skip this nonsense if you don't have any RFID cards. Literally the first link when searching brings up this article, where some random guy on the internet (so it has to be true, right?) posits that the actual risk is very low.

 

[nlinecomputers]

I have an RFID wallet. It looks like a regular wallet and costs the same as one so why not? But RFID is induction powered so someone trying to get a read on my cards would have to get close enough to look like he was grabbing my ass and that would cause a rather physical confrontation so I am not that worried in reality.

 

[Porthos]

I have had this wallet for about 2 years now. Of course, when I got it it was 19.99
https://www.amazon.com/gp/product/B072JCTCGD/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1

 

[Sky-Knight]

While you're at it... make sure you put your car keys in a foil bag when you get home. Because there's a far more real risk of a relay device being used outside your home, or in the restaurant while you eat to start your car, and they simply drive away.

Because most cars only check for the key at ignition. So if you're like me, with a keyless ignition system, faraday the fobs!

 

[britechguy]

Banks are notoriously risk averse. That should be a strong indication about what they think about the risk of compromise of untold millions of credit cards that have used this technology for a while now . . .

 

[katz]

I have an RFID wallet. It looks like a regular wallet and costs the same as one so why not? But RFID is induction powered so someone trying to get a read on my cards would have to get close enough to look like he was grabbing my ass and that would cause a rather physical confrontation so I am not that worried in reality.

That's kinda how they did it. The security team was carrying a small bag that was about the size of a tablet, and the scanner was inside. They would walk close to a person, but didn't necessarily have to be touching against them. They were able to lift the card info. from just being "near," which I realize is a relative term...

That said, I would rather be safe and use the technology if it does exit and does work. For myself and other family members as well. The wallets/bags are reasonably priced enough.

I'm sort of surprised that my fellow technibblers are not more "on board" with this technology...lol

I'm not necessarily a "tin hat" guy, but if there is a need to take precautions, I feel we should be prudent in that regard.

@Sky-Knight - trust me, no one would want to steal any of my "beater" cars, lol...

 

[HCHTech]

I guess I am ranking this risk low enough (rightly or wrongly) on the priority list that it hasn't warranted any action on my part. I switched to a front pocket wallet a few years ago because of arthritic hips, but I see even those are also available with RFID shielding, so I expect the next time I replace my wallet, I'll get one, probably not before that.

My car's fob has a "turn it off" function described somewhere in the 800 page manual (!) as a "battery saving" mode that prevents it from receiving or sending signals. I think I'll go look that up, probably not a bad idea to use it.

 

[britechguy]

If this were a significant problem, it would have been fixed. It really is that simple.

There will always be ways for nefarious actors to get credit card numbers they're not supposed to have.

Worrying about this is akin to worrying about being hit by a meteorite while sitting in your living room. The probability of it occurring in reality is infinitesimally small. When you add in the fraud detection capabilities of credit issuers these days, which I've seen in regard to my partner's account on several occasions recently, this is not something to spend two seconds of worry on.

I prefer to expend my mental energy on the somewhat probable rather than the incredibly remotely possible.

 

[Fred Claus]

I saw a recent Facebook/News video where a security company was demonstrating how easy it is to pull your credit card/etc. info. with their scanners, just by standing close to a person. The article recommended RFID shield wallets/purses and such.

Who's to know if they are effective enough at shielding, or worse, simply a scam like those stick on cell phone boosters & radiation shields that were so popular years ago.

All of my cards do have near-field communication...so if this is a thing to be concerned about and they do work, I suppose I should invest in one of those wallets.

Any of you guys have any experience with this?

All these RFID blockers have in common is that they all have an aluminum foil lining. Take your actual bi-fold wallet and put a piece of aluminum foil in the bill fold part and you are good to go.

 

[Diggs]

At least here in the states the card holder is liable/responsible for a maximum of $50 in unauthorized charges. The rest is the card issuer responsibility. If RFID is any issue at all I'm sure the credit card companies would be leading the way in how to prevent this type of fraud. SO far it's been a really fringe discussion especially since consumers really have nothing to loose.

The one time years ago (early Internet days) I had a card virtually stolen and liberally used and it was Visa that called me at 8:30 AM, apologized for the early call and that they waited until they thought I was up. They detected what they thought were unauthorized charges (which they were) and temporarily froze the card. I confirmed the false charges which they refunded 100% then cancelled the card and sent me a new one. That was it. Minor inconvenience. To this day though I keep a personal card with an artificially low limit ($1500) that I use for all my online purchases. Even if everything went wrong I can cover $1500 until things are sorted out. But cover $15,000+ of a regular card? Not as easy.

 

[JoelM]

It is not true that the "card issuer" is responsible. If there are fraudulent charges it is the merchant who looses. The credit card company takes the money back from the merchant for any fraudulent charges. The merchant can not do anything about it.

 

[britechguy]

If RFID is any issue at all I'm sure the credit card companies would be leading the way in how to prevent this type of fraud.

Yep. It reminds me of the fear of online banking, direct deposit, and the list goes on and on. Every time something new comes along the fear-mongering machine goes into overdrive.

Given that liability for unauthorized use now lies almost entirely with the card issuers, they have more reason to be concerned than anyone. If they thought this was a real risk the whole scheme would never have been introduced. These guys don't like losing money; they really don't like losing money.

 

[britechguy]

It is not true that the "card issuer" is responsible. If there are fraudulent charges it is the merchant who looses. The credit card company takes the money back from the merchant for any fraudulent charges. The merchant can not do anything about it.

True, but the main point is the card issuer is responsible for handling the mess. You, as an individual, don't go to the merchant to try to get your money back. The issuer is the broker for all of this.

Having been a merchant for about 4 years at one point, I am often shocked at how much credit card fraud people get away with. Simple checks like looking at the signature panel and the in-person signature when it comes to in-person sales can eliminate almost all of it. Online sales, however, are trickier, but even then if the address and zip code are required and verified that helps to cut down on some of it.

 

[Sky-Knight]

My online terminal requires zip and street match, works for international purchasers too.

But then I wind up with people complaining because they don't have a clue what the billing address is on their card!

 

[britechguy]

But then I wind up with people complaining because they don't have a clue what the billing address is on their card!

Then they deserve to be declined if they can't produce it. There are limits to the stupidity one should tolerate.

How difficult is it to know either your home address for a personal card or the address of record for any business card you're issued to use?

 

[Sky-Knight]

Then they deserve to be declined if they can't produce it. There are limits to the stupidity one should tolerate.

How difficult is it to know either your home address for a personal card or the address of record for any business card you're issued to use?

The address of record for the business card is the sticking point, it's often some PO box somewhere only the head accountant / owners actually knows. Anyone that works B2B learns they have to accept business cards WITHOUT those items matching because if you enforce that you'll lose out on sales... big ones.

 

[britechguy]

The address of record for the business card is the sticking point, it's often some PO box somewhere only the head accountant / owners actually knows. Anyone that works B2B learns they have to accept business cards WITHOUT those items matching because if you enforce that you'll lose out on sales... big ones.

Well, when I worked for AT&T, and had the corporate AMEX, we did know that address, even if it wasn't the real one, it was the one of record.

 

[Sky-Knight]

Well, when I worked for AT&T, and had the corporate AMEX, we did know that address, even if it wasn't the real one, it was the one of record.

Great, that's you...

And we all know what anecdotal evidence means... My anecdotal evidence is over a decade of auth.net logs with hundreds of corporate entities of various sizes in it. Obviously not a perfectly representative sample, but vastly better than "but in my day!".

Neither Amazon or Steam do address matching anymore. Of course they have other controls, but they don't use those.

Yet, you're also not wrong, it does cut down DEEPLY on the fraud, which is why I have my system set to capture the card, but not actually run it until I can review it when it doesn't match. It's manual, but it beats the customer trying 15 times to get the thing to accept it.