While checking out some security blogs the other day I came across a very good article over at the IT Security Expert blog about 15 tips to help reduce the risk of identity theft and fraud. One thing to add to that list is to use an RFID shield for your RFID enabled credit/debit cards.
RFID or “contactless” payment cards are being issued by more banks and are starting to be accepted at more merchants. I actually noticed recently that you can use your MasterCard Paypass RFID card at Sheets gas stations and also at the local movie theater.
One example I saw when I was at the Blackhat conference in Las Vegas this past year. I was walking by one of the entrances to the conference areas and noticed a gentleman sitting with a laptop and a long range wireless antenna (looks like a Pringles can). On the antenna was a sticker that said “Your RF is showing”. I observed that he would also smirk when conference attendees passed him and to me I took that he was getting at least “some” identifying information from RFID enabled cards people had on them. In addition, I saw a great (but scary) presentation at Blackhat from Adam Laurie entitled “RFIDIOts!!! Practical RFID Hacking (Without Soldering Irons or Patent Attorneys)“. These two examples made me think that I should probably use some sort of protection while carrying these cards around.
Yes, wrapping your cards in tin foil supposedly works but its not as sexy as a sleeve shield to put your cards in. A company called Identity Stronghold makes “Secure Sleeve” shields for ISO 14443/15693 and EPC Gen 1/Gen 2 contactless smart cards and RFID tags (which most cards issued by banks are). You can check them out here. Also there is a company that makes RFID blocking wallets which protect your entire wallet.
I highly recommend you check out Adam Laurie’s website which has really good technical information about different types of RFID tags as well as software (written in Python) to read them. You can even buy the hardware needed to read RFID tags directly from his site.
If you ever get a chance to see Adam speak..do so..he is one of the leading RFID security researchers and a great presenter as well.