Racking our brains, we all tried to figure out which store we’d been to that may have stolen our credit card details. My bank was not being at all helpful, just telling me that it was some time during my trip to Fiji the week prior.
Now fast forward to a travel expo I attended today and I meet Mike Casey of Travel Guard who is displaying an array of wallets, passport holders and document folios touting a big ‘digital security’ sign.
Yes, I knew about the RFID (Radio-frequency identification) technology being rapidly introduced into our bank cards, passports and even hotel keycards. Yes, I knew there were concerns about the security of this technology. And yes, I knew there were consumer countermeasures available for folks like me.
|Wallets full of cards and data|
“Watch this,” says Mike as he grabs an old bank card and his smartphone. “All I need to do is pass the phone next to your card and … voila … I have all your data, card number, expiry date, everything.”
The phone is equipped with a readily and legally available card reader downloaded from Google Play Store. Of course, to convert that data into something useful, some more kit is required but the ease of that was demonstrated to guests at a recent hacker conference in Washington. Security researcher, Kristin Paget, used about $350 in equipment to wirelessly read a volunteer’s RFID-enabled credit card and then encode its key data onto a blank card. Then, in the next minute, she used that newly encoded card to make a payment to herself.
When I related my Fiji experience to Mike, he was certain that we’d fallen victim to a skimming racket that likely captured data from all our cards and everyone else’s around us. In such an instance, Mike believes a hacker used simple, hobby store components to build an enhanced RFID scanner with sufficient range to capture data at a distance outside one’s normal ‘personal space.’
|Cards displaying the payWave logo contain RFID technology|
This disconcerting practice is supported by police reports.
"If I had one of those [devices] in my pocket, satchel or briefcase, and you were standing next to me on a train and your wallet was in your back pocket and I moved near enough to activate the signal on the RFID, well then I've got your details," said Detective Inspector Brian Hay, from Queensland Police's fraud and cybercrime squad.
|Travel Guard RFID blocking card|
There are other shortcomings and vulnerabilities in the whole RFID system that I will leave you, the reader, to determine for yourself with a few minutes of Google research.
So, having been (most likely) the victim of RFID data theft myself, I would advocate the purchase of what Mike was selling, namely a range of Travel Guard security wallets and blocking cards. I now have one in my pocket.
There are others who would argue that the risk of RFID data theft is so low that the fear is generated so that vendors of blocking technology can keep selling their stuff. The reader will need to make that decision for themselves, but after travelling for years through airports and hotels all around the world, they finally got me and I’m not taking the risk anymore.
For details and purchasing information, visit: www.travelguard.net.au