Memphis, TN – Thieves now have the capabilities to steal your credit card information without laying a hand on your wallet.
Subscribe to our Daily Roundup Email
It’s new technology being used in credit and debit cards, and it’s already leaving nearly 140 million people at-risk for electronic pickpocketing.
It all centers around radio frequency identification technology, or RFID.
You’ll find it in everything from your passports to credit and debit cards.
It’s supposed to make paying for things faster and easier.
You just wave the card, and you’ve paid.
But now some worry it’s also making life easier for crooks trying to rip you off.
In a crowd, Walt Augustinowicz blends right in.
And that’s the problem.
“If I’m walking through a crowd, I get near people’s back pocket and their wallet, I just need to be this close to it and there’s my credit card and expiration date on the screen,” says Augustinowicz demonstrating how easily cards containing RFID can be hacked.
Armed with a credit card reader he bought for less than $100 on-line and a netbook computer, WREG On Your Side Investigators put Augustinowicz to the test.
For about an hour he patrolled Beale Street, looking for RFID chips to read, and credit card information to steal.
“There you go,” said Augustinowicz scanning one willing participant’s wallet. “It’s a MasterCard,” he explained looking at the man’s credit card number and expiration date pop up on the screen.
Even people who thought there was no way we could pick their pocket electronically without laying a hand on them, soon learned they were wrong.
“You have a SunTrust card in there,” Augustinowicz explained to a second “victim.” “And that’s your account number and expiration date,” he said showing the man the screen.
“That’s just too vulnerable for everyone to take advantage of,” said another person, who at first doubted she would fall victim to electronic pickpocketing.
Even scarier, Augustinowicz says bad guys could work a crowd, stealing numbers and then e-mail them anywhere in the world.
“After a game here I could literally pull couple thousand cards,” Augustinowicz explained to a group of women visiting from Chicago.
Using just an off-the-shelf card reader, Augustinowicz explained he could swipe credit card numbers, expiration dates, and in some cases, even people’s names.
It’s enough, Augustinowicz says, to do damage.
“We’ve done it,” he insisted. “We’ve picked up the phone, called 800 numbers, ordered stuff under a fake name, shipped it to a foreclosed home and the product comes in the mail.”
It’s not just your credit and debit cards at-risk.
While they are harder to hack, all US passports issued since 2006 contain RFID technology that can be read, and swiped.
“It gives me a lot of personal information like your date of birth, your photo if I wanted to make some sort of ID,” said Augustinowicz demonstrating with his reader.
Augustinowicz is the founder of Identity Stronghold (http://www.idstronghold.com).
His company markets secure sleeves, and ID holders designed to block RFID hacking.
Among his customers is the US government.
“As soon as I squeeze it, it can read it,” explained Augustinowicz showing off a badge holder. “When I have it closed, it can’t read it.”
So is Augustinowicz just a boogeyman, trying to scare people into buying a product, or is the threat real?
We showed video of Augustinowicz in action to computer security expert, and University of Memphis professor Mark Gillenson.
“It’s potentially a major problem,” said Gillenson after watching clips of Augustinowicz swiping people’s credit cards number.
Gillenson calls it technology run wild, and calls our findings compelling.
“I think people do need to be concerned and do need to be aware and we’ll see if this becomes a major problem,” said Gillenson.
And that’s the big question.
Experts at the Identity Theft Resource Center tell WREG On Your Side Investigators they’ve never seen a case of RFID skimming used to steal information.
But Augustinowicz believes that’s because the crime could easily go untraced; unsuspecting people, falling victim to just another face in the crowd with a hidden scanner in hand.
“You might as well paint your credit card number across your t-shirt and walk around with it because it’s the same difference,” warned Augustinowicz.
In our time on Beale Street, Augustinowicz scanned 26 wallets and purses.
Five of them, nearly 20% had cards with RFID chips.
All wallets and purses scanned for our story were scanned with the permission of the credit card holders.
The solution is to keep your cards wrapped in aluminum foil.
There are a number of ways you can protect yourself. 1) you can wrap your credit card in aluminum foil. 2) You can destroy the chip with a nail and hammer. The magnetic strip will still work as it’s independant of the chip. Even if someone steals your info and uses it to make a purchase your maximum liability is $50.00. Practically speaking you will probably owe nothing. The film is more hype than reality. You give your card to many different people whem making a purchase, plus you give your card number online too. So far, in all the years I have never had a problem.
That’s why mine came with a 0 liability if anyone stole or used the card without my consent.
You can buy wallets that are ‘faraday cages’ to reduce this kind of thievery. I saw some on Thinkgeek.com and they had some for passports. RFIDs buried in these modern cards are very insecure.
Very old problem. Not really “breaking news”.
Also all taxis now have RFID readers (called “paypass”) so a cabbie can potentially read your cards and ID when you get near the sensor.
There are companies making protective wallets for a few years.
The new-style US Passports (from 2007) come with a shield to make it more difficult to read when it’s closed – but this doesn’t always work.
The little credit-card-sized US Passport cards can be ordered with a sleeve (since these can be read also, and even give someone access to all of your biometric data) which blocks the readers.
Some states (including New York) have the RFID tag embedded in their drivers’ licenses too – someone can get all of the info that the DMV holds in your file, by coming near your pocket or wallet. This is also not new.
Washington State provides a sleeve to keep your license in, so it cannot be read by anyone on the street – New York does not offer this protection.
As has been shown many times on the morning news (many channels throughout the past couple of years) you can shield your own wallet contents simply by lining the wallet with aluminum foil – this blocks most handheld readers.
Some states use the RFID chip in your drivers license (which you may not even know is there) to pull over certain drivers – they can see who is in the car, when you drive by them or when they pull over alongside you on the street or highway.
As other websites have explained, there are many people who feel this is too “Big Brother” for them (and many stores even have RFID readers at the entrance of the store – supposedly to track theft of high-risk items) so many stores could scan people who walk in to see who walked in (name, age, address, hair color, height, which credit cards are in your wallet, etc) – the marketing uses are endless.
And disturbing.
Although nobody advocates the willful destruction of state property – it has been shown on TV and online that putting your drivers license in the microwave for under between 5 and 10 seconds will “fry” the RFID chip so it can’t be read at a distance. It shouldn’t affect the license itself in any other way.
I don’t use aluminum foil. But I do have a small thicker-walled copper and aluminum box that I keep my cards in. A reader down at the local hackerspace was unable to get a read off them from a foot away.
Personally I prefer to use a secret drop box, hidden in some remote location in the unlikely event I may purchase some small bric-a-brac or kitsch. I also don’t subscribe to modern 21st century ideals with regard to consumers feeling of personal responsibility to keep this economy regurgitating its endless trash from abroad. Need I say more or is it all falling on the proverbial cerebral wasteland.