John appeared on Fox & Friends this morning to set the facts straight about the real and perceived risks posed by Electronic PickPocketing.
It is true that Identity Thieves are able to steal your credit card information without even touching your wallet. The technology exists, is readily available and can be assembled for under $1,000. But that doesn’t necessarily make it an efficient means of stealing credit card numbers.
RFID, or radio-frequency identity technology was introduced to make paying for items faster and easier. All major credit cards that have this technology have a symbol (pictured below). It means that your card can communicate via electromagnetic waves to exchange data (your credit card number) between a terminal and a chip installed inside of your card (or passport). Thus, by getting within a few inches of your credit card, a thief is able to obtain your credit card number, expiration date and maybe your name.
So we have established that stealing credit card numbers this way is possible, but is it feasible?
The Electronic Pickpocketing video circulating around YouTube makes it look that way. But the reality is a bit different. First, take into account that the news story in the video was focused around a gentleman and a company that makes money by raising your fear about this type of theft. The gentleman they interview runs a company that makes shields for your credit cards and passports to stop electronic pickpocketing. I’m not saying that the products don’t work or aren’t somewhat valid; I’m saying that you have to take the context of the story into consideration before buying the hype.
The reality is that electronic pickpocketing is extremely time and resource intensive. Most thieves are smart enough to know that they are better served hacking into a database with hundreds of thousands of records rather than collecting them one at a time.
Here are just a few reasons why this threat, though real, is overblown:
- While the RFID scanner itself can be purchased for under $100, you also need $500-$1,000 worth of additional equipment (laptop, blue tooth transmitter, cables, power supply, etc.) to make it a practical, mobile kit.
- Once the thief has the kit, they need to get within 2-3 inches of your purse or wallet for 3-5 seconds on as many victims as possible without getting caught. This might be easy on a subway, but it gets much more difficult as people spread out.
- When a thief steals this information from you, they generally get your credit card number, expiration date and quite possibly your name. They DO NOT get your 3-digit security code or address. This is the same amount of information that the average waiter or retail clerk gets simply by looking at your card.
- Because they don’t get your 3-digit security code or address, it is much more difficult for them to use the credit card number to make purchases on the internet, as most sites require some form of address verification or 3-digit security confirmation.
- Only a fraction of cards utilize the RFID/Contactless Swipe technology, lowering your chances significantly.
- As long as you catch your card being used fraudulently (see the protection suggestions below), you will not be held liable for the losses, the business that accepted the illegal card will. Even if your information is used to make a new card, if you are monitoring your identity properly, your out of pocket will be minimal.
- Fraud departments in credit card companies have come a long way. Most credit card companies are able to detect fraud on your card faster that you can. More secure credit card companies will call to confirm suspicious purchases or purchasing patterns.
But it can happen, and it’s worth preventing. Which is simple:
- First, check to see if you even have credit cards with the ability to beam your information to an RFID receiver (look for the circled symbol in the photo to the right). If not, stop worrying and just monitor any future cards you receive.
- Next, set up account alerts and monitor your statements to cover yourself in the small chance that it happens to you. That way if your credit card is compromised, you can detect it immediately and take the necessary steps to contact the bank, report the fraud, and cancel the card.
- If you are worried about having a credit card that can transmit your personal information, call your credit card company and ask them to send you a card that doesn’t transmit or have RFID capabilities (you know it transmits if it has the small broadcast or sonar icon circled to the left). Get rid of the source of the fraud!
- Never leave your purse or wallet in an easy-to-scan place. Get rid of all of the excess credit cards that you don’t use and lower the chances that one of them will be compromised.
- For added protection, especially for your Passport (which carries a much higher volume of very sensitive information), consider purchasing a sleeve or shield that makes RFID scanning less likely.
But whatever you do, don’t buy into the hype and paranoia just because a video has gone viral on YouTube.
John Sileo speaks professionally on identity theft, data breach, social networking exposure and fraud. His clients include the Department of Defense, FTC, FDIC and Pfizer; his recent media appearances include Fox and Friends. Learn more about having him deliver a high-content keynote speech at your next meeting or conference. Contact him on 800.258.8076.