RFID technology… the good… and the bad.

Some people are still not aware that their new credit and debit cards may be at risk of a new type of identity theft. These new “smart cards” are now using Radio Frequency Identification (RFID) chips with a built-in antenna. They don’t need to be swiped through a card reader. You can just waive them in front of a smart card reader at some coffee shops, grocery stores or gas stations and the card reader automatically picks up your card’s information using radio waves.

These cards are typically identified with payWave, PayPass, or the radio wave symbol printed on them.  This RFID technology has the potential to make paying for things easier and to shorten line-ups at stores, but it also creates an easy way for savvy thieves to steal your credit card number along with the expiration date.

Credit card companies fail to appreciate the risk.

The official position of credit and debit card issuers is this: Even if a thief does manage to steal your card number, there’s not much risk that he can do anything with it.  That’s because RFID smart cards transmit an encrypted, one-time security code alongside the card number and expiration date to authenticate each transaction.  However, some hackers say it's easy to circumvent that system by deploying what's called a “replay attack”: A fraudster simply scans the RFID card dozens of times in a public place in a matter of seconds, capturing the security codes that the card transmits. A cloned card is then programmed to "replay" those codes at a store's payment terminal. The credit card company will only catch on to the fraud when the real cardholder tries to make a subsequent purchase with a security code that has already been used by the scammer.

In addition, I haven’t found a credit card company executive who is willing to give his or her credit card number and expiration date to me… and I can be trusted with this private information!  Regrettably, there are so many savvy thieves out there honing their skills in credit and debit card fraud and now RFID technology is just one more tool for them to exploit.  Electronic pick pocketing has been demonstrated quite well in various news reports.  At a minimum, these reports corroborate the vulnerability of RFID technology and how it allows thieves to steal private information from anyone in a crowd without even touching the victim’s wallet or purse.

There’s confusion at the banks!

Here is what happened at three of the top five banks in Canada during our research:

One bank’s customer service representative told me not to worry about my (RFID-enabled) debit card that I have already been using, saying to me that a thief can’t scan it, because the antenna hasn’t been activated yet.  That’s the answer I received after been put on hold for several minutes while he discussed this security concern with his supervisor.  That representative and his supervisor either did not know about RFID technology, or they intentionally gave me a false statement about the chip’s capabilities. Here’s why: The chip’s antenna does not have to be activated.  It is passive and it is always ready to give up its number and expiration date to any friendly or unfriendly RFID reader.

I specifically asked a customer service representative at another bank for a protective sleeve to prevent my credit card from being scanned by a thief.  She happily gave me not one, but two envelopes printed with “Bank Card Protector” and some cautionary text about protecting the card’s magnetic stripe.  What friendly service! Unfortunately there was no aluminium alloy (or any other metal) in the protective envelope to prevent RFID scanning.  I really don’t think she knew anything about RFID technology.

The third bank in my research took me by complete surprise!  They actually had the RFID-blocking envelopes that I was trying to find, but this particular bank didn’t print anything on them except their logo.  The employees had no knowledge of their RFID-blocking capability. They knew only that they are to be given to clients who ask for a protective sleeve for their credit or debit cards.

Here’s what CommuniMax is doing for your clients and you:

CommuniMax Direct is an authorized agent and distributor for RFID Shield Envelopes. The unique design of these envelopes includes a layer of polyvinyl for strength and a layer of aluminium alloy that protects against the detection of credit and debit card information…  in effect, protecting a consumer’s privacy.

Our RFID Shield Envelopes can be printed with your logo, telephone number and website address… a reminder that you are there for your clients every time they use their credit or debit cards. That’s the kind of frequency and exposure your advertising message needs!

Call us today for details!