Open up your wallet. Take a look at your credit cards. There’s a good chance you’ve got at least one RFID-chipped card in the mix.
For years, millions of MasterCard PayPass, American Express ExpressPay, Visa PayWave, and Discover Zip cards have been making payment transactions quicker and easier. Company executives and industry reps say the technology, in use in the financial world for nearly a decade, is safe for consumers.
Others beg to differ. The convenience of tapping your card on a PayPass or ExpressPass terminal could mean getting more than you bargained for.
Here’s how it works: RFID-enabled cards do away with the traditional magnetic strip and instead rely on a microchip that transmits radio signals. Those signals relay card information to the payment terminal for processing.
Sounds great, right? Well, there’s a catch. Those radio signals can be picked up without your consent. Card readers are cheap, readily available, and relatively easy to use. Digital payment smartphone apps put the power to swipe your information into even more hands.
A fraudster could sidle up next to you, with his reader (hidden in a pocket or bag) a few inches away from your wallet or purse and make off with your name, credit card number and other information. That data is then transferred to a blank card, ready to be swiped. Quick, easy, and all without your knowledge. Think pickpocketing for the digital age.
Though articles have been popping up for years on the dangers of RFID card skimming — researchers gathered cardholder names and other unencrypted data back in 2006, according to the New York Times — dangers still exist.
At a Shmoocon hacker conference in 2012, Recursion Ventures’ Kristen Paget made a purchase with data stolen from an RFID-chipped card, captured with a card reader she bought for $50 on eBay, according to Forbes. Paget easily transferred the data from a card supplied by a volunteer from the crowd onto a blank credit card.
Credit card companies say your information is safeguarded behind security codes and security questions that stop thieves in their tracks. And unlike with traditional means of card theft, RFID scamming seems to be limited to a single transaction.
Cards generate one-time use CCV codes — a three- or four-digit number on the back of your card used in verifying purchases. Experts say this security measure makes RFID theft unsustainable. But that may not stop scammers who get their hands on the technology.
There is a common misconception about “shielding” RFID. Passive RFIDs don’t have a power source, so they get it from the incoming scanner field through inductive coupling. The shielding works both by limiting the energy transfer (so the RFID doesn’t “wake up”) and by decreasing the signal-to-noise communications ratio (so the RFID and the scanner don’t “understand” each other).
The absorption of the shielding depends, for any given material, on the frequency being used; for smart cards we want good absorption in the 13-14 MHz range.
Different materials – even metals – have different shielding properties at different frequencies; for example, aluminum won’t stop low frequencies (or stationary magnetic fields: a magnet will still work even if wrapped in aluminum foil). Steel sheet or soft iron sheet will screen low frequencies and absorb much of the magnetic component, but will leak at very high frequencies.
So, while an aluminum foil will create a Faraday cage stopping dead most high-frequency RF, microwaves, etc., it may not be enough to screen an inductively coupled RFID smart card from a juiced-up, savvy scanner. A single layer of aluminum foil will not stop any except the cheapest, more shoddily constructed readers. Of course, more layers will increase protection.
You would perhaps be better off with jamming — using a shield made of a valueless (e.g. expired), but still working, smart card of the same make and model. Or “sandwiching” the real card between two valueless ones. Not only will the middle card receive less power, but the outgoing signal will be mixed with two others on the same frequency (activation delay makes this method not completely safe, though).
Otherwise, you can use 30-mil magnetic iron foil (looks very much like aluminum), or have the wallet lined with Near-Field Cobaltex which is almost as good and weighs less.
For the truly paranoid, apart from several layers of Cobaltex, there are metamaterial shieldings (e.g. silvered-nickel-iron or nickel-cobalt-copper mesh from several suppliers, from Achron to Laird Technologies) which are significantly more expensive but have even more stopping power. And you don’t need a lot of material to line a wallet after all.
You can then test the effectiveness of the shielding by using a shielded RFID credit card to try and pay at the next gas station. If it doesn’t work, you smile happily, take the card out of the wallet and tell the gas guy “Sorry, it usually works even from inside the wallet”. If a reader at one inch can’t interface, it’s unlikely that a pirate reader will be able to do it from much farther.
It would also be interesting to build a coil tuned to 14 MHz and connect it to a rectifier, buffer capacitor and buzzer stage. It would suck most of the energy from the scanner field, converting it into an audible sound and giving the alert. Basically the same thing as a near field probe, except it could be completely passive: it takes quite a lot of energy to run a blind skim a RFID at a distance, so the scanners are probably heavily up-juiced and give off radiation enough to be detectable. (It would also possible to build an active scanner detector by tweaking this design).
WHAT ARE NFC TAGS ?
NFC (near field communication) is a wireless technology which allows for the transfer of data such as text or numbers between two NFC enabled devices. NFC tags, for example stickers or wristbands, contain small microchips with little aerials which can store a small amount of information for transfer to another NFC device, such as a mobile phone.
WHAT INFORMATION CAN YOU STORE ?
There’s a whole set of different data types you can store on an NFC tag. The actual amount of data varies depending on the type of NFC tag used – different tags have different memory capacities. For example, you may choose to store a URL (web address) or a telephone number. A standard ‘Ultralight’ chip NFC tag can store a URL of around 41 characters, whereas the newer NTAG213 chip nfc tag can store a URL of around 132 characters.
Usually, this information is stored in a specific data format (NDEF – NFC data exchange format) so that it can be reliably read by most devices and mobile phones.
WHAT ARE NFC TAGS USED FOR ?
Generally, you can mark this into three areas – asset management, marketing and personal use. Generally, for personal use, there are other ways to control your phone which are more useful than using NFC. Marketing hasn’t taken off yet, mainly because Apple phones still don’t support the reading of NFC tags. Asset management is the most signficant area and NFC tags are being used in everything from healthcare (where the person is the asset!) to counterfeit prevention systems.
COULD SOMEONE CHANGE MY NFC TAG ?
NFC tags can be locked so that once data has been written, it cannot be altered. For most tags this is a one way process so once the tag is locked it cannot be unlocked. Encoding and locking are two separate actions. NFC tags can be re-encoded numerous times until they are locked.
HOW CAN I ENCODE NFC TAGS ?
The easiest way at the moment is to use an Android NFC enabled mobile phone. Just download a simple, free and safe App called ‘TagWriter’ which is made by NXP – the same people who make the majority of NFC chips. You can be encoding your tags in minutes.
WHICH PHONES SUPPORT NFC ?
Right now, almost all mobile smart phones support NFC and the vast majority exluding Apple’s iPhone can both read and encode tags. NFC.Today suggest that you use an Android still for encoding tags but there’s some good Apps available now on the Windows phone. We run a list of NFC enabled phones.
WHAT ELSE CAN I DO WITH NFC TAGS ?
Like the number of NFC enabled phones, the number of NFC Apps is growing quickly. For example, you can already download Apps which will allow you to encode tags to turn your phone’s wifi or bluetooth on or off – or open your favourite weather page. Encode a tag for your office desk and just tap it to change all your phone settings. There’s also an increasing number of application Apps which, for example, will allow businesses to manage assets.
IS THE NFC TAG TECHNOLOGY DIFFERENT THAN MOBILE PAYMENT TECH ?
A lot of the press you see about NFC will be about mobile payments. It’s the same technology but whereas we are talking here about using NFC to transfer a web address or simple data, NFC payments are a lot more complicated and involve a mobile wallet on your phone and all sorts of other things. Most of the momentum with NFC is with mobile payment systems such as Apple Pay.
WILL NFC TAGS REPLACE QR CODES ?
That’s a big question and we think that the answer is probably not.
We generally feel that QR Codes and NFC tags sit alongside each other and both have their advantages and disadvantages. It’s generally considered that the user experience with NFC tags is generally better and in the instances where the additional cost of using an NFC tag is less relevant to the overall cost (for example on a wristband, brochures or posters), it makes sense.
However, QR Codes don’t require the user to be so physically close, are free to print and are able to be read by most current smartphones (albeit with a suitable app) so for marketing and similar use cases, they are clearly a better choice.
WHAT BATTERIES DO THEY TAKE ?
That’s the clever thing about NFC tags. They don’t require batteries. They get their power from just being near a powered NFC device, for example a mobile phone.
HOW CLOSE DO YOU HAVE TO BE TO THE TAG ?
The answer of course depends on your phone and the tag itself, but generally you need to be within a couple of centimetres (an inch).
OPRFID high quality transparent Material clear PVC card, could be used as the Business cards, the high-class membership cards, could be printed as the customized design, it is very impressive and beautiful. The size could be customzied as the customers request, the common size such as the credit card size 85.5*54*0.76mm, etc. The thickness such as the 0.38mm, the 0.4mm,0.5mm,0.6mm, is commonly used as well. The Glossy finish, the Matt finish, the Frosted finish is popular.
Material:PVC, PET, ABS
Size:85.5mm * 54mm (ISO CR-80 Standard)
(card size/dimension can also be customized depending on your requirement)
Thickness:From 0.3mm to 2mm, standard thickness 0.76mm
Processing:4 color offset printing, magnetic stripe, embossing number, signature panel, photo,
barcode, hot stamping, gold / sliver color, scratch-off, series number,
hole punching, spot UV printing, hologram, etc.
Applications:Restaurants, retail outlets, clubs, casinos, beauty parlors, cakes & pastry shops,
medical clinics, fitness centers, photography & camera shops, advertisements, etc.
Payment terms:By T/T or Western Union. 100% full advance payment of the total amount
Production time:8-12 working days after receipt of 100% advance payment (below 50,000pcs)
Delivery:By sea or air express
Packaging:For standard size cards:
Inner box:22.5 * 9.3 * 6cm (250pcs / per box)
Carton:52.5* 22.5 * 15cm (5,000pcs / per carton)
RFID (or radio frequency identification) is a technology that uses electromagnetic fields to transfer data wirelessly. Broadly, this technology can be used for a range of different purposes, from identifying livestock animals to tracking automobiles through an assembly line. For the purposes of this particular blog post, though, we will discuss how to protect your credit cards from RFID.
There is a growing trend in the credit card industry where card companies are manufacturing cards with RFID chips or tags. These chips can communicate your card details to certain payment terminals in a contactless fashion. In other words, with an RFID credit card, you can pay for a transaction without the normal step of swiping or sliding your card through a magnetic strip reader. Depending on your card company, this technology might have slightly different names, like PayPass or PayWave. However, the basic idea—of contactless payment—remains the same from one RFID card to the next.
The Danger of RFID Technology
While RFID cards can be a bit more convenient to shop with, they also introduce a new identity theft threat into the equation for cardholders such as yourself. With the right equipment, a cybercriminal or identity thief could feasibly extract your credit card details (including number, expiration date, and security code) remotely. There are RFID-reading devices or sensors that can essentially “pick your pocket” digitally.
So how can you protect yourself? Sticking with non-RFID cards might not be an option, and unless you are ready to start using a mobile payment platform like Apple Pay or Google Pay, you probably aren’t ready to stop carrying around your credit cards with you at all times. And since it’s not easy to know whether or not someone close to you in a store or on a train might have an RFID sensor in their bag, you might be at a loss for how to defend yourself against this (relatively) new-fangled threat.
How to Keep Credit Cards Safe from RFID Theft
Luckily, there are ways to basically “fortify” your cards so that even thieves with the right equipment can’t access your information. Some of the best defenses are products you can purchase; others are DIY home solutions. All are worth a try to keep your credit card information out of the hands of high-tech thieves. Read on to learn about your various options for RFID defense.
1. Use an RFID-Blocking Wallet
As RFID technology has become more popular and commonplace over the past few years, wallet designers have realized their new role in the market as defenders of credit card information. Since your cards are probably tucked inside the slots of your wallet 99% of the time, it makes sense than an RFID-blocking wallet would be the best option for keeping credit card information safe.
When a payment terminal or an RFID sensor collects information from your card, it must first send a signal to your card requesting the information. This signal causes the microchip in your card to activate and send back the information stored on the card’s RFID tag. On more recent cards, the chip and RFID tag will encrypt your credit card information before sending it back, making it more difficult for cybercriminals to get usable information from digital pickpocketing.
However, the best defense is still to block any unwanted signals from reaching your card and activating the chip in the first place. RFID-blocking wallets do exactly that. Using a special synthetic material for their interior slots and lining, these wallets essentially build a wall around your cards that outside signals can’t penetrate. If signals can’t get in, then your card’s microchip can’t activate, and if your card’s microchip can’t activate, then it can’t transmit credit card data while stowed in your wallet.
If you are interested in picking up an RFID-blocking wallet to keep your cards safe, read our blog post “The Best RFID Travel Wallets” to find some of the best wallets currently available on the market for this purpose.
2. Use Aluminum Foil
If you don’t want to invest in an RFID blocking wallet, you might try the most popular DIY method for blocking RFID signals: wrapping your credit cards or lining your wallet with aluminum foil. There are some differing opinions around the web on how well this defense works, as some RFID readers will still be able to detect your card even through a layer of foil. However, foil absolutely does inhibit these signals and makes it borderline impossible for RFID sensors to activate the chip in your card if they are more than about an inch away. Since you will normally notice if someone is that close to you, the foil trick absolutely can reduce your level of risk.
3. Use an Altoids Tin
If you are a fan of Altoids mints, try to remember to save the tin next time you finish a container. Metal containers are great for blocking or greatly inhibiting radio waves, and in a pinch, an Altoids tin can work perfectly as an RFID-blocking wallet.
4. Pack Your Wallet with RFID Cards
You might think that carrying fewer RFID cards in your wallet would help to mitigate your risk level. The smarter solution, though, is to pack the slots of your wallet with RFID cards. According to MarketWatch, having lots of different RFID cards in your wallet will confuse a scanner with an information overload of sorts. The cards “cancel each other out” when there are four or five different RFID microchips in your wallet, making it difficult for thieves to steal your information remotely.
Even with protective measures in place, you should still keep an eye on your bank accounts and credit card statements for any suspicious activity. The biggest issue with digital pickpockets is that it’s very difficult to tell they’ve stolen from you until they start using your cards. With that point in mind, keeping an eye on your statements and being ready to cancel cards at the earliest sign of suspicious activity is still your best bet for keeping your cards and finances safe.
RFID blocking card is used for protecting RFID cards, such as credit card, bank card, passport, etc, protecting your card informations from illegal scan. You only need put into 2pcs rfid blocking card in your wallet, the wireless signal of credit card can be effectively shielded, any devices couldn’t steal your card information.
RFID blocking card Function
In recent years, with the development of NFC technology, when our bank card accidentally touch the mobile phone, our daily consumer records will be revealed. Our RFID blocking card can be a safe lock for our wallet.
RFID blocking card Features:
Various wallet and luggage available
No need battery replaceable
How to use RFID blocking card?
RFID blocking card is easy to use and carry around. We just insert such card in the wallet together with our credit card.
RFID blocking card Application:
You can use such RFID blocking card to protect our all smart cards, including Bank Card, ID card, (RFID) field shielding effect.
OPRFID’s RFID blocking card is a very thin but powerful card, it prevent any one who attempt to wiretap card information without your permit. You need two cards to put in both sides of your wallet to protect the RFID cards insides.It is a plastic card looks no any different from a payment card but only half of standard card thickness. These specially-designed card help preven thieves from stealing your personal information with RFID scanners. Passport card security. RFID scanning prevention. Use with any wallet.
This RFID Blocking Card Protects Your Smart Cards from unwanted capture of data from contactless cards issued by banks, governments and other institutions such as:
* Credit or Debit (for example: MC PayPass, VISA PayWave, etc.)
* Enhanced driver’s license, Hunting and fishing license
* Access / security control, Employee / School ID
* Health insurance, Medical ID
* Gift, Membership, Library
* Transit / Park pass
Protects against access by NFC-equipped Smartphone
MIFARE is one of the most popular contactless smart card technologies in use, with over 10 billion chips and 150 million readers having been produced to date. This 13.56Mhz high frequency technology is based on the ISO/IEC 14443A standard and is used extensively for payments, transportation, access control, education, and loyalty card schemes amongst other applications.
MIFARE was developed by Mikron in the early 1990’s and stands for MIkron FARE-collection System. It was acquired by Philips in 1998 which has since spun off to become NXP. The original MIFARE Classic 1k chip was introduced in 1994 and licensed by Infineon Technologies who produce the compatible Infineon MIFARE 1k. Over the years, the MIFARE product family has grown to include a wide range of chips that address the needs of more specialized applications, but the largest evolution came in 2002 with the introduction of the MIFARE DESFire chip.
DESFire chips contain a full microprocessor that is similar in structure to SmartMX and has much more robust security features compared to MIFARE Classic. While the proprietary Crypto-1 security protocol used in MIFARE Classic has been publicly compromised, the Triple-DES/AES based crypto of DESFire Ev1 remains secure. This has made DESFire Ev1 a popular choice in transportation, payments, and access control applications where security is essential. DESFire Ev2 was announced by NXP in November 2013 and will include applications such as MIsmartApp to allow 3rd party use of memory space without the need to share secret keys.
OPRFID’s MIFARE and DESFire cards can be found in some of the largest transportation, payments, and loyalty card projects worldwide. We supply printed and personalized MIFARE and DESFire cards to over 50 universities and hundreds of globally recognized brands. OPRFID supplies the entire MIFARE and DESFire product portfolio including:
Modern applications often call for multiple chips of different frequency to be contained within a single card. The manufacturing challenge is to laminate the chips and antennas in such a way that RF signals will not interfere with one another while still maintaining minimal chip and antenna blemish. OPRFID excels in engineering bespoke solutions for any conceivable combination of two or three chips in a single card. Common hybrid card combinations that OPRFID supplies include: Low Frequency + High FrequencyC: LF + HF cards are the most common dual-frequency cards and usually have an HF antenna laminated around the outside of the card with a thick coil LF antenna contained within. Legacy LF systems like HID prox are often replaced by higher security HF implementations that still require usage of the original LF chip while all sites convert to the newer HF standard.
High Frequency + Ultra High Frequency: HF + UHF cards are becoming increasingly popular in loyalty and payment schemes that also want to track attendance and location of a customer. These hybrid cards generally have the UHF chip placed separately above or to the side of the HF chip to ensure there is no interference.
Low Frequency + Ultra High Frequency: LF + UHF cards are used in specialized situations where simple access control is required alongside personnel tracking. Like HF + UHF hybrid cards, LF + UHF is generally accomplished with the LF antenna running above or beside the UHF antenna.
UHF follows the EPCglobal Gen2 standard and uses the 850—960Mhz frequency card band to provide fast data transfer rates and much longer read ranges (up to 10m) compared to either LF or HF cards. UHF labels and tags are used extensively in warehousing and goods tracking while UHF cards are popular for location and attendance tracking applications. UHF is negatively affected by materials in the environment such as metals and liquids, but is the best choice for applications that require a long read range and simultaneous reading of a large number of tags. Common UHF chips offered by OPRFID include: Alien Higgs 3: EPC Class1 Gen2 chip with 96—480bit EPC memory, 512bit user memory and 64bit UTID with memory read protection. Alien Higgs 4: EPC Class1 Gen2 chip with 128bit EPC memory, 128bit user memory and 64bit UTID with memory read protection and pre-encoded with unalterable enterprise-wide serialization scheme. NXP UCODE 7: EPC Class1 Gen2 chip with 128bit EPC memory and 96bit UTID. NXP UCODE 7m: EPC Class1 Gen2 chip with 128bit EPC memory, 32bit user memory and 96bit UTID. NXP UCODE I2C: EPC Class1 Gen2 chip with 160bit EPC memory, 3328bit user memory and 96bit UTID with two independent UHF interfaces and ability to link to I2C interface. NXP UCODE G2iM: EPC Class1 Gen2 chip with 128-448bit EPC memory, 640-320bit user memory and 96bit UTID with memory read protection and ability to segment memory into open, protected, and private modes. Also has ability to conditionally reduce read range based on activation condition defined by user. NXP UCODE G2iL: EPC Class1 Gen2 chip with 128bit EPC memory and 64bit UTID with memory read protection. NXP UCODE G2iL+: EPC Class1 Gen2 chip with 128bit EPC memory and 64bit UTID with memory read protection and tag tamper alarm and ability to conditionally reduce read range based on activation condition defined by user. Impinj Monza 4D: EPC Class1 Gen2 chip with 128bit EPC memory, 32bit user memory and 96bit UTID with support for omni-directional antennas. Impinj Monza 4E: EPC Class1 Gen2 chip with up to 496bit EPC memory, 128bit user memory and 96bit serialized TID with support for omni-directional antennas. Impinj Monza 4QT: EPC Class1 Gen2 chip with 128bit EPC memory, 512bit user memory and 96bit serialized TID with support for omni-directional antennas and ability to create a separate public and private (password protected) data profile on the same chip. Impinj Monza 5: EPC Class1 Gen2 chip with up to 128bit EPC memory, 32bit user memory and 48bit serialized TID.
Impinj Monza R6: EPC Class1 Gen2 chip with 96bit EPC memory and 48bit serialized TID. Impinj Monza R6-P: EPC Class1 Gen2 chip with up to 128bit EPC memory, 64bit user memory and 48bit serialized TID. Impinj Monza S6-C: EPC Class1 Gen2 chip with 96bit EPC memory, 32bit user memory and 48bit serialized TID with one way fail-safe counter for ticketing and metering applications.
High frequency is the most diverse category of contactless and RFID smart card and is used extensively for college / university ID cards, in access control and identification, as retail payments and loyalty cards, and in transport and ticketing. 13.56Mhz HF cards are covered by ISO/IEC 14443A/B or ISO/IEC 15693 standards and range from simple fixed memory to high security Java and PKI processor cards. With medium read range and high data communication speeds, HF cards – often referred to as “vicinity cards” – are the go to choice for applications that require secure communication and large amounts of data to be shared between card and reader. Common 13.56Mhz cards offered by OPRFID include: Mifare/Desfire: Click here for full Mifare / Desfire product list Icode SLI: ISO 15693 chip with 1024bit EEPROM and password protected read/write. Icode SLI-S: ISO 15693 chip with 1280bit EEPROM and password protected read/write. Icode SLI-X: ISO 15693 chip with 896bit EEPROM. Icode SLI-X2: ISO 15693 chip with 2528bit EEPROM and password
NFC chips use the same 13.56Mhz frequency as all other high frequency cards but follow the strict NFC Forum Compliance Standard to ensure that they are compatible with any NFC phone or device. The NFC standard is based on ISO 14443, Sony’s FeliCa, and ISO 18092 and was created to ensure a secure form of data exchange between card and reader. Common NFC cards offered by OPRFID include: NTAG203: Early NFC Forum Type 2 tag with 168byte memory. Cost effective and can encode up to 132 total characters. NTAG210: Limited availability NFC Forum Type 2 tag with 80byte memory. Cost effective and good read range, can encode up to 41 total characters. NTAG213: Replacement for NTAG203 – NFC Forum Type 2 tag with 180byte memory. Cost effective and excellent read range, can encode up to 132 total characters. NTAG215: Limited availability NFC Forum Type 2 tag with 540byte memory. Good read range and can encode up to 492 total characters. NTAG216: Higher priced NFC Forum Type 2 tag with 924byte memory. Good read range and can encode up to 854 total characters. Topaz 512: NFC Forum Type 2 tag with 512byte memory. Good read range and can encode up to 449 total characters. Mifare Ultralight: NFC Forum Type 2 tag with 64byte memory. Cost effective with good read range and can encode up to 41 total characters. Mifare Ultralight C: NFC Forum Type 2 tag with 192byte memory and encryption. High price with low read range and can encode up to 132 total characters.