RFID, and why you don't need a shielded wallet

Updated: Dec 25, 2018

You've probably heard such scare tactics as these:

Are you aware that your personal information can be stolen simply by someone passing within 10 feet of you?  Criminals are using readers, which can be purchased on eBay for as little as $8, that send a radio signal to ping your RFID chips and harvest your personal information.

Firstly, less than 5% of credit cards in the US are RFID-enabled, and the other cards and devices that are enabled contain less identifying information than your public records.

If thieves want personal data to use fraudulently, they'll purchase it with bitcoin from one of many darknet websites, by the hundreds or even thousands of identities.

"There's probably hundreds of millions of financial crimes being done every year and so far zero, real life RFID crime." - Roger Grimes

Eva Velasquez, president of the Identity Theft Resource Center, says she is most concerned with other ways thieves steal personal information.

"Things like telephone scams," she says. "Simply asking people for that information, pretending to be your bank or the IRS. There really are a plethora of ways."

RFID/NFC chips with personal information, which you simply press to the contact reader, only work within that radius. The distance they operate within acts as their security.

On top of this, current RFID technology is encrypted. Yep, it's likely that an RFID skimmer these days will get either useless information or encrypted information which they lack the processing power to decrypt.

"AES authentication and privacy: UCODE DNA supports up to two 128-bit AES authentication keys. They are stored in the tag IC’s securely guarded internal memory and can be pre-programmed and locked by us or inserted by the user. These cryptographic keys can be used for tag authentication or for privacy protection."

In conclusion, the facts don't look good for the RFID-blocking wallet industry. Don't waste your time/money/energy on it, rather focus on using strong passwords and not giving personal information out over the phone unless you're sure of the caller.

Bonus image of the RFID/NFC chip that I programmed with an Arduino Uno microcontroller. The white card is also a passive RFID tag.


© 2019 Jason Ralston Computer Services​