RFID

THE RFID MYTH

Before we released our new Money-Clip Wallet, we did thorough research into electronic-pickpocketing and RFID-blocking products. In our attempt to gain a better understanding of the industry, we discovered a lot of misleading information in the current industry narrative.

Our Awesome Wallet

To cut to the chase, we concluded the entire concept of RFID-skimming to be nonsense. Most of the industry seems to be based on an exaggerated fear and inaccurate understanding of personal security threats and risk. We have intentionally chosen not to be part of this industry as it does not align with our core values of honesty and transparency. Here’s an overview of some of the interesting things we found in our research.

 

Most Cards Aren't RFID Transmitting

The act of remotely stealing a credit card’s information with an RFID reader (RFID-skimming/RFID-hacking) only works on cards that are RFID transmitting1. It’s entirely likely you’ve never even owned one. If you have, it’s even more unlikely you still use it. RFID is a dying technology in credit cards. The magnetic strip on your card does not transmit RFID, and the little chip you got on your most recent credit card uses a technology called EMV2. It doesn’t transmit RFID either; an RFID-blocking wallet won’t do jack-diddly. However, just the idea someone would be standing around surreptitiously skimming credit card information person by person is a pretty hard pill to swallow.

 

A Large Pill to Swallow

Here’s why: Even if a thief were to somehow obtain your credit card number from an RFID reader, credit card manufacturers have taken precautionary measures that make it very difficult if not impossible for a thief to use it. Companies like Visa, MasterCard, American Express, and  Discover have a coded tag associated with each transaction -- a digital watermark so to speak -- to prevent duplicate transactions. There are a number of other confounding variables that would make this hypothetical situation very difficult such as RFID-interference, the distance a reader must be to the card, the orientation of the reader to the card, and the inability to collect information like:  name, address, PIN, or CVC code3. The Identity Theft Resource Center (ITRC) does not even consider RFID-hacking a viable threat4, while another source states the risk of electronic pickpocketing, “ ...is between highly, highly unlikely and impossible.”5 The bottom line is that there are much easier ways for a thief to get your credit card information. RFID-skimming just isn’t a viable means of shenaniganary.

 

 

A PROBLEM WITH EFFICACY

For many,  RFID-protection is about peace of mind; however, there is no standardized meaning of terms like  “RFID-blocking” that are frequently used in the industry. The implication is that products labeled as such will prohibit any RFID communication. But, research and anecdotal evidence justify a reason for skepticism.   According to a study done by Consumer Reports, RFID-blocking efficacy varied greatly between brands and none of the wallets they test blocked all RFID transmittion6.  Examples such as this Redditor/victim  -- who discovered a FedEx envelope was being used as the RFID shield in his wallet -- suggest that “RFID-blocking” is as much of a marketing term as it is a reference to function. At the very least, we can conclude that the performance of RFID-blocking products falls across a wide spectrum. So much for peace of mind. The ambiguity of terms like “RFID-blocking” grant the freedom for liberal, widespread use. So why wouldn’t a company market a wallet as RFID-blocking? It certainly wouldn’t hurt sales.

DOES NOT REFLECT OUR VALUES

The problem we see with the industry is that it thrives on a distorted reality and a demand created from false pretenses. After our research, it became clear that our customers had little to benefit from an RFID-blocking wallet. We felt that if we did market one, we would be perpetuating an unfounded narrative.   Besides, even if RFID-skimming was a threat, the best thing to do for protection would be to do the same thing you should already be doing to protect yourself against fraud -- monitor your banking activity.

A FINAL POINT...

Our intent for publishing this article is not to slight companies who do manufacture legitimate RFID-blocking products or suggest that anyone who does is disreputable. At NutSac, we have a framework and set of values by which to evaluate and make decisions. We’re uneasy about the implicit (sometimes explicit) narrative of the RFID-blocking industry and found it to be antithetical to our brand and purpose. Just keepin’ it real. NutSac out.

Resources and Additional Reading

  • 1. “Why you don’t need an RFID blocking wallet.” www.csoonline.com
  • 2. “The skimming scam.” www.slate.com
  • 3. “How secure are RFID credit cards.” www.consumeraffairs.com
  • 4. “Do I need RFID protection?” www.itrc.org
  • 5. “Card shields protect against low risk of RFID theft.” www.creditcards.com
  • 6. “Do rfid wallets work?” www.safesmartliving.com
  • 7. “Contactless payment is secure.” www.gemalto.com
  • 8. "Are RFID-blocking wallets really necessary?" www.wirecutter.com
  • 9. “Do you really need RFID blocking products?” www.npr.com
  • 10.“Why you don't need to worry about RFID Shielding” www.lifehacker.com