RFID FRAUD PROTECTION IN A NUTSHELL
RFID fraud related theft is a real concern for governments, banks and millions of users. In Australia most banks use the RFID system known as PayPass or Paywave. It allows wireless purchases for transactions up to $100. Purchases above that require you to enter a PIN. Ironically, it is this banking technology, designed for customer convenience, that is causing inconvenience for some users of the wireless payment systems.
Data collected by the Australian Bureau of statistics has shown that identity and financial theft is on the increase. From 2012 to 2016 the economic impact from identity crime went from $1.6 billion to $2.2 billion. RFID card skimming is one mechanism through which fraudulent transactions are regularly taking place.
RFID technology has been a godsend to many industries. Efficiencies in the day-to-day operations of many businesses could benefit by the implementation of modern RFID systems. The technology has a plethora of applications such as counting cows, the development of driver-less cars and helping NASA astronauts in space. While its uses are many there also is a downside.
To understand the vulnerabilities of the technology we need to first understand what it is and how it works:
HOW IT WORKS
There are 4 components to RFID system:
- Chip antenna
- Reader scanning antenna
The chip (or tag) on your card stores a small amount data in its memory bank. A very small antenna integrated into the chip emits and receives radio signals. After receiving energy from the readers electromagnetic field, the chip transmits the radio signal. The reader then converts the data into a more usable format. Computers with specialised software take over and process the information that’s been received.
Studies have shown that a modified reader can scan a card from a distance of 7 meters
RFID tags don’t need batteries because they get their energy from the readers electromagnetic field
The lifespan of the chip is virtually unlimited
The technology is not new. The cost of implementing RFID into your cards has dropped dramatically in the last few decades. This is why it is now being implemented by banks and governments world-wide.
VULNERABILITIES OF RFID
A significant advantage of RFID devices over the others is that the reader device does not need to be positioned in the line of sight of the scanner. This advantage is also one of its pitfalls. A person only has to be within proximity and not sight of the reader. It is precisely this attribute that can easily be exploited. Pandora’s box is opened when a counterfeit reader is obtained by a dubious character. Armed with the reader, they can walk around a crowded area and start skimming RFID cards. They can steal hundreds of credit card details and personal information without ever being seen.
Upon capturing this data they can then program other cards to respond in an identical fashion known as cloning. They can also use the information to make purchases on the internet. There are lots of websites that are dedicated to teaching people how to do this. The necessary equipment and software can easily be bought on the internet.Counterfeit RFID readers can pull or delete data without you even knowing.
In an effort to standardise and make it easier to process passports, several countries have implemented RFID in passports, despite security and privacy issues. The encryption on UK chips was broken in under 48 hours. Since that incident, further efforts have allowed researchers to clone passport data while the passport is being mailed to its owner.
So as you can see, the potential for RFID card fraud is inherent to the technology it employs.
Australian banks now encrypt the data on credit cards in an attempt to tighten up the security short falls that were present in earlier RFID systems. Unfortunately, there is still no governing body to regulate the security protocols and encryption effectiveness. Internal leaks are also a concern. Older cards still use easy to read RFID technology. There is also doubts about the integrity of the encryption technology
As it stands right now, most credit cards and debit cards in Australia issued within the past decade have RFID technology embedded in them. If you don’t have RFID enabled cards you may not need protection
RFID wallets utilise something similar to whats known as a “Faraday cage”. The specification you want to look for is “electromagnetically opaque”. These blockers will prevent illegitimate reading of your credit cards.
The effectiveness of RFID-blocking wallets can vary due to flaws in design and materials. Even the most effective blocking wallets can fail due to wear and tear or user error.
RFID FRAUD STATISTICS
The Australian Bureau of Statistics holds many recent reports on how RFID related identity theft is affecting everyday Australians.
“Identity and fraud is one of Australia’s fastest growing crimes and one in four Australians had been a victim or had known someone who had been a victim of identity theft” – Australia’s Attorney-General at the time Nicola Roxon.
The Australian Institute of Criminology was commissioned by the Attorney-General’s Department to undertake a national survey in 2016 about community experiences of identity crime and misuse. The report indicates that identity crime continues to be one of the most common crimes in Australia. It also estimates that the annual economic impact of identity crime exceeds $2.2 billion. These figures support findings from the Australian Criminal Intelligence Commission that identity crime continues to be a key enabler of serious and organised crime.
Key findings from this survey showed:
Almost one in 10 people experienced misuse of their personal information in the previous 12 months, and one in five people experienced misuse of their personal information at some point in their lives.
Five percent of people experienced identity crime or misuse resulting in a financial loss in the previous 12 months.
These findings indicate that identity crime has become one of the most prevalent crime types affecting Australians.
The full report can be viewed here:
HOW DO I KNOW IF I’VE BEEN SCANNED ?
You may not know if your card information has been compromised however there is often some tell-tale warning signals.
Reports of a few very small transactions (a couple of cents) debited from an account is common. A much larger transaction then occurs many months afterwards. If you notice ANY unusual transactions you should contact your bank as soon as possible.
You can read about an account of RFID card skimming here
HOW RFID FRAUD PROTECTION WORKS
Protection against fraudulent activities is worthy of consideration in any shape or form. By inserting a metallic blocking film into the lining of the wallet it creates something similar to what is known as a Faraday cage. This will block all electromagnetic fields so radio signals can not penetrate the film to get to your cards.
The protective film must be inserted into the front and back of the wallet. This ensures complete protection of the wallet regardless of orientation. A note of caution: card skimming can still occur with a single RFID protection card. If you put your wallet in your pocket with the card facing your body the cards are still exposed.
Passive RFID fraud protection does not require any batteries. It is simply a shield, therefore your protection will last for as long as the wallet.
DON’T WORRY – THERE IS INEXPENSIVE SOLUTIONS
RFID card fraud is happening all around the world
Fraud protection is a cost-effective way to stop identity and financial theft
While your chance of being a victim of RFID fraud might only be around 5% in Australia. In other countries it could be much higher
Small cost equals peace of mind
The best way to stay protected against rouge scanners is to minimise your reliance on RFID-enabled tools. If you don’t want to forego the convenience of paypass then you can safeguard your cards with RFID protected wallets, available online through: OMBRO LEATHER GOODS