Do you need RFID card blocking wallets? NO, but is RFID sniffing a threat? Maybe, but not really. Let’s dive into the specifics of RFID history, technology, scanning, skimming, shimming and blocking. In the end you might want to block RFID, but you won’t want to do it with a wallet. And RFID blocking wallets are still a scam.
(if you want to see all the features and how many cards and cash it can hold, please watch the video)
RFID blocking material built into wallets is a total scam. Yet, there is a little bit more to it. Two years ago I published a video about the absurdity of RFID blocking that is built into wallets. Many were confused with the message I gave and over that time it has created a lot of, I do not want to say controversy, but some conversation that deserves a follow-up.
But let me be clear that this is not about whether RFID is good, it is about wallets and whether or not you need to buy an RFID blocking wallet. RFID is great and I use it almost every day along with NFC, which is another mechanism for near field communication, and that is what its name stands for.
The question we will be answering is, is building RFID protection into a wallet necessary? Well, we will hold off on that and address first a few things that will provide context as we answer this question, because simply, we cannot answer the question properly until we know how credit cards operate and the types of theft that occur on them. If your card has a chip and a stripe on it, then its information can be stolen via several mechanisms, but it is due to the stripe and not the chip. Before jumping into that topic, we need to talk about cryptography and dive into the different types of stripe, chip, and pin cryptography. These are not all the same and it is relevant to know what you have in your wallet. A card can have a chip and pin with no stripe, a chip and signature, a swipe and pin, or just a swipe. The security is highest with a chip and pin with no stripe, and lowest with a card with just the stripe. Stripes are the biggest weakness and as long as we have them on our credit cards as backup for merchants and terminals that have not converted to a chip reader system, this will increase the chances for theft of our information. There exist edge cases non-related to credit cards, for example, transit cards, access cards, et cetera, where sniffing could pick up that information. You would be concerned about whether you need to block that as part of personal risk evaluation that likely relates to where you live, how you travel, and likely if you have anyone who may want to harm you for some strange reason. Now we are talking about blocking and whether it is needed in the wallet itself, or the other alternative is to add it, which is possible and we will talk about that. It is important to understand the technology a little bit. How did we get a chip anyway? Well, it all started by a consortium of companies, known as EMV, which stands for Europay, MasterCard and Visa. the consortium made this technology in the form of the pin, or the chip. The United States has been very slow in adopting EMV technology. This technology was only adopted in 2015 in the United States, while it has been around since 1994 in Europe. The positive progress is that as of 2021 the vast majority of merchants in the United States have EMV enabled terminals.
The theft we are talking about can be categorized as physical, digital, and the one that everyone is talking about, sniffing theft. Physical theft is easy to get our minds around, it happens when someone jots down your card information as you hand your card to, someone steals your wallet, or thieves install a skimmer onto equipment. A new method is seeing growth due to increasing complexity from chip and pin, it is an arms race type thing. The more protections we put into a card, the more creative thieves get to try and steal that information. Skimmers and shiver devices, installed on a machine such as an ATM or gas pump readers to pull all your info from the stripe as it reads the transaction, do not qualify as open-air sniffing. A physical reader scheme or shimmer will pick up your integrated communication of the card verification value, or the CVV, the three-digit number you are familiar with from the stripe on the back of your card along with your card number and expiration date, but the new integrated circuit card verification value, or iCVV, is not transferred and it is contained in the chip, not on the stripe. Let’s say you insert your card into a gas pump that has a skimmer on it. It will read all the information from the stripe of your card, including the CVV. However, if the thief clones the card and tries to use it in a card present transaction, meaning the thief is trying to purchase something at the local grocery store, the bank will check the submitted CVV against the iCVV to ensure the transaction is valid, and so there is no fraud risk. That is the crosscheck that occurs, but it can be bypassed with a swipe because the card is inserted without the chip, therefore no crosscheck, and there is a small percentage of banks that still do not check the CVV to the iCVV in their backing systems and as result, that transaction will be approved. If someone tries to use the card information for an online purchase, there is a number of hurdles that we know about when you try to purchase things, it asks for a zip code, and also requires shipping information, and gas pumps require zip codes as well. These are validations on the business rules and the artificial intelligence on the back end to ensure that the person making that transaction is the owner. It is hard to protect against physical card theft. If a server steals your credit card information at a restaurant, there is not much you can do about it. If a skimmer is installed on your ATM or your gas pump, there is not much you can do about it, except maybe try and recognize that something with it does not look right. But how often do we really do that? Probably we should do it more often.
That was a dive into the physical theft regarding the stripe on the back of the card. Can the information on the chip side be stolen? Well, I am sure it can somehow, but it would take equipment worth hundreds of thousands of dollars to break the crypto and frankly, to crack the key of the receiving systems or understand how you can marry an iCVV number to a CVV. It is not within reason and does not make any sense considering you can do better just for digital theft. With physical threats explained and taken care of, we move to the largest threat of someone stealing your credit card information, which is digital theft. This is most commonly seen when your credit card company contacts you asking if a recent charge or transaction was done by you or not, it could be a text or a phone call. I am sure many have received them. This is so common that my credit card, before I could even use it once, was charged from somewhere across the country and it was fraudulent. As a matter of fact, it happened last week. It was in Kentucky and I have not been to Kentucky in years, that was a digital theft. Nobody bumped up to me and did a sniffing, so how do the banks know? Well, with non-liability consumer protection laws in place, any theft and fraud is now the responsibility of the banks, not the cardholder, and this is in the United States and other countries where they have consumer protection laws. This is because theft means that the banks lose billions of dollars every year in fraud, so they built very sophisticated business rules and artificial intelligence to detect fraudulent card usage. They track the behavior, utilize cross-data relationships with travel providers, associated banking systems, and your purchase history to build a profile on each customer to know if they are using their card in the way that is expected of them. Back in the day, you would have to call your credit card provider to inform them if you are traveling so they would expect to receive charges from the country you are traveling to. Nowadays, they would already know, based on these data relationships, that you have scheduled air travel and hotels, therefore, you do not have to do that anymore. So whether your banking institution has suffered a hack or a number of hundreds of stores that you have made a transaction with, the information from my last video has not changed and continues to be the case. Digitally that is the largest percentage of potential theft of your credit card information.
Finally, the sniffing is this type of theft rampant, where people with sophisticated equipment do this so-called sniffing, and we are not talking about fresh, clean, and crisp mountain air, it is where people are standing around you and nefariously slide up next to you and via the RFID, NFC broadcasting that your card is giving off, they have a receiver that can take that information, and I am going to give you an emphatic, You might have some questions like, can it happen? Well, yes, it has been proven in the lab, but does it happen with the frequency that we have rampant RFID sniffing going on around us? No, not really. There is currently no data or report that I could find demonstrating that open air sniffing is happening in the wild. That is one of the biggest strikes against built-in RFID wallet protection. But whoa, are you sure mark? because my friend who had his card compromised on a business trip, and all my friends on Reddit have friends who know that they have had their card information stolen, and it just had to be through sniffing
Theft happens worldwide through two primary means, physical and digital. The last physical theft thing is you lose your wallet. That happens quite often and when that does, a quick call to your bank cancels your cards and gets them all that back to you. And even if your card is, assumingly compromised in some way or another, the biggest hassle you have is to reset all of your auto pays that you have ongoing because you will have a new card.
Back to the original question. Do you need RFID blocking material in your wallet? To answer that, we need to examine the cases one by one.
First, will RFID blocking material in your wallet protect you from online hacking? The answer is obviously no.
Second, do you need RFID blocking material built in to your wallet to protect you from someone stealing your wallet or copying your card information when you hand it to them? Well, that is an obvious no.
Third, will RFID blocking material in your wallet protect you from skimmers or shimmers? That is also a no.
Finally, are open air sniffers a reality in the world of chip and pin? Not really, not beyond people trying to prove they exist and making demonstrations in labs. Therefore, in the world of RFID blocking in wallets marketing, do you really need it? Well, I still say no. That is why RFID blocking in wallets remains a scam. However, if you are still unsure, please just get an RFID blocking card or a sleeve to put into your wallet, which they have been created seeing their need.
Sucuro Halo, Sucuro is Italian for safety, gives you a safety overhead halo, which is kind of nice. The sleeve is a 13.56 megahertz that takes care of credit cards. It does not work with access cards but you can put cards in the sleeve or you can use the card itself, which handles other credit cards on either side of it and blocks any kind of signals going out or in which is gray. I like to use the sleeves for archive cards, the ones that I need to have, but do not use very often. Besides, thanks to the sleeve you can transfer them from wallet to wallet and it works well with slim wallets. In the bi-fold, you can use a quick access card on the exterior, or add a blocking card on the interior as well, which are handled just fine. This solution provides the ultimate protection and eases your concern. If you want more information, you can look at the links below.
This way you can get the wallet you really want, without having to limit yourself to wallets with RFID protection, as that is not a necessity, and by doing so, a whole new world of amazing wallets opens up to you. I will keep tracking this technology and will update you if anything changes and if it turns out to be a bigger problem, I will be happy to tell you because I am not here to just stick in a position and die on that hill. But in the meantime, do not worry about it, and if you are not sure, just get an RFID blocking card or a sleeve.