What's the harm in removing the RFID chip in credit cards?

If you're concerned that a credit card's RFID chip is putting your personal data at risk, why not just drill the darn thing out? Not so fast, says Joel Dubin. In this SearchSecurity.com Q&A, the identity management and access control expert explains some other options.

Why can't I simply cut out the chip in an RFID credit card? What is the harm? I only want to use the magnetic strip on the back. What would happen if I cut the chip out with a hole puncher?

If you want, you can just drill out the radio frequency identification (RFID) device chip on a credit card. There isn't any harm, and you wouldn't be the first person to have ever done it. The only thing to be careful of is to not damage either the magnetic stripe on the back or the numbers embossed on the front. Damaging these could make the card useless.

With that said, punching the chip out of the card still isn't a good idea. It should be your last choice. There are plenty of other options that are less drastic.

Let's take a quick look at the security issues associated with RFID credit cards.

An RFID is a tiny radio transmitter on a chip. Credit cards with an RFID chip transmit account information, like a name or account number, to a reader at a checkout counter. An RFID credit card is designed to be more convenient than swiping the card's magnetic strip through a reader; someone can easily wave his or her wallet over an RFID reader without even having to take the card out.

Major credit card issuers, like JPMorgan Chase and American Express, have offered RFID cards since 2005. But the chips made headlines last October when researchers at the University of Massachusetts built a machine that could use the card's radio signals to read account information.

The researchers claimed that the RFID chip transmitted account numbers and other sensitive information openly through the air, making them vulnerable to theft. The card companies, however, claimed the data was encrypted and that the researcher's sample -- only 20 cards -- was too small.

The future of RFID chips is uncertain

Either way, as of this writing, there haven't been any reported breaches caused by malicious users and roving RFID readers. Of course, that doesn't mean RFID-related identity theft won't be a problem in the future.

More information

Companies planning to use RFID technology must demand that privacy and security issues are addressed in their design, says leading privacy and identity expert Toby Stevens.

Find out what the future has in store for RFID tags.

An option, if you're concerned about RFID credit card safety, is to simply return the card to the issuer and get another card from a different company that doesn't implant its chips.

Another possibility is to purchase the DataSafe Wallet from Kena Kai. The wallet is lined with RF-shielding material, which blocks RFID signals until the card is taken out. The wallet acts like a portable Faraday cage, a common trap for radio signals that normally would be too bulky to carry around in your pocket.

Also, keep in mind that despite the security risks of credit cards, most issuers generally use fraud monitoring systems as another layer of protection; these mechanisms are often invisible to users. If a card is lost or stolen, whether through its radio signals or not, these systems develop a profile of your card usage, detect unusual transactions you normally wouldn't make and then block them.

Next Steps

Can you combine RFID tag technology with GPS to track stolen goods?

Unencrypted credit card data storage: Why 70% of merchants do it

How do RFID-blocking passport wallets work?

Dig Deeper on Network security

Enterprise Desktop
Cloud Computing