HOME

TheInfoList



Click Here for Items Related To - RFID Skimming
OR:
RFID Skimming on:   [Wikipedia]   [Google]   [Amazon]

RFID skimming is a method to unlawfully obtain someone's
payment card Payment cards are part of a payment system issued by financial institutions, such as a bank, to a customer that enables its owner (the cardholder) to access the funds in the customer's designated bank accounts, or through a credit account and ...
information using a
RFID Radio-frequency identification (RFID) uses electromagnetic fields to automatically identify and track tags attached to objects. An RFID system consists of a tiny radio transponder called a tag, a radio receiver, and a transmitter. When tri ...
reading device.


How RFID skimming is performed

Modern payment cards have a built in chip that transmits card information wirelessly. This is because it is necessary in order to enable
contactless payment Contactless payment systems are credit cards and debit cards, key fobs, smart cards, or other devices, including smartphones and other mobile devices, that use radio-frequency identification (RFID) or near-field communication (NFC) for making sec ...
s, which has become increasingly popular during recent years. Criminals can take advantage of this new technology by using a scanner that wirelessly scans the victim's payment card in the same way that a cash register scans it, when making a contactless payment. These scanners are legal and can be bought in regular electronics stores. Most modern mobile telephones running Android OS have a built in NFC reader that can be used to unlawfully scan contactless payment cards. A criminal can hide the scanner e.g. inside a glove or a bag, and then place it close to the victim and wirelessly steal the victim's payment card information. With the wirelessly obtained payment card information, the criminal can use it to make fraudulent purchases online. This is called card-not-present fraud. Methods similar to RFID payment card skimming may also be used for copying other RFID-based
proximity card A proximity card or prox card also known as a key card or keycard is a contactless smart card which can be read without inserting it into a reader device, as required by earlier magnetic stripe cards such as credit cards and contact type sm ...
s, such as those used for keycard locks. 125 kHz RFID and other systems relying on a unique identifier number (UID) are vulnerable to this.


Incidence

There are no statistics available regarding RFID skimming, as it is difficult to determine the method of card fraud.


RFID skimming compared to other types of skimming

In contrast to other types of skimming such as ATM skimming or hacking an online merchant web page, RFID skimming requires little or no technical expertise. In order to execute ATM skimming, the criminal needs to custom build a device, then place that device inside an ATM and later pick up the device after the victims have used it. Hacking online merchant web pages requires substantial computer knowledge.


Methods for preventing RFID skimming


Metal foil

Shielding is possible by wrapping the payment card in aluminum foil. However aluminium foil tends to wear out quickly. Informal tests found that the shielding effect was not 100% effective, although the foil did very much reduce the maximum range for reading, from about to .


Permanent disabling of RFID functionality

According to informal reports, RFID functionality can be disabled permanently by cutting internal wires and the use of a
microwave oven A microwave oven, or simply microwave, is an electric oven that heats and cooks food by exposing it to electromagnetic radiation in the microwave frequency range. This induces Dipole#Molecular dipoles, polar molecules in the food to rotate and ...
has also been reported successful. Cutting requires location of the internal wires, followed by cutting, drilling, or heating. Methods that visibly damage the card may lead to it being rejected as a payment method when presented to a retailer in the normal way.


RFID-blocking materials

There are RFID-blocking wallets, purses, sleeves, and cards. Wallets, purses, and sleeves work by acting as a
Faraday cage A Faraday cage or Faraday shield is an enclosure used to block some electromagnetic fields. A Faraday shield may be formed by a continuous covering of conductive material, or in the case of a Faraday cage, by a mesh of such materials. Faraday cag ...
that creates a screen around contactless cards, which stops electromagnetic fields interacting with the cards.


RFID-blocking cards

An RFID blocking card is an RFID-blocking device that operates without a battery by receiving the RFID signal from a card reader or skimmer, scrambling the RFID signal making it unreadable by any device. Most RFID wallets try to stop the electromagnetic fields interacting with RFID cards whereas RFID blocking cards intended for 13.56 MHZ credit cards disrupt the communication.


References

{{Reflist Contactless smart cards Identity theft