What's the harm in removing the RFID chip in credit cards?
If you're concerned that a credit card's RFID chip is putting your personal data at risk, why not just drill the darn thing out? Not so fast, says Joel Dubin. In this SearchSecurity.com Q&A, the identity management and access control expert explains some other options.
Why can't I simply cut out the chip in an RFID credit card? What is the harm? I only want to use the magnetic strip on the back. What would happen if I cut the chip out with a hole puncher?
If you want, you can just drill out the radio frequency identification (RFID) device chip on a credit card. There isn't any harm, and you wouldn't be the first person to have ever done it. The only thing to be careful of is to not damage either the magnetic stripe on the back or the numbers embossed on the front. Damaging these could make the card useless.
With that said, punching the chip out of the card still isn't a good idea. It should be your last choice. There are plenty of other options that are less drastic.
Let's take a quick look at the security issues associated with RFID credit cards.
An RFID is a tiny radio transmitter on a chip. Credit cards with an RFID chip transmit account information, like a name or account number, to a reader at a checkout counter. An RFID credit card is designed to be more convenient than swiping the card's magnetic strip through a reader; someone can easily wave his or her wallet over an RFID reader without even having to take the card out.
Major credit card issuers, like JPMorgan Chase and American Express, have offered RFID cards since 2005. But the chips made headlines last October when researchers at the University of Massachusetts built a machine that could use the card's radio signals to read account information.
The researchers claimed that the RFID chip transmitted account numbers and other sensitive information openly through the air, making them vulnerable to theft. The card companies, however, claimed the data was encrypted and that the researcher's sample -- only 20 cards -- was too small.
The future of RFID chips is uncertain
Either way, as of this writing, there haven't been any reported breaches caused by malicious users and roving RFID readers. Of course, that doesn't mean RFID-related identity theft won't be a problem in the future.
Companies planning to use RFID technology must demand that privacy and security issues are addressed in their design, says leading privacy and identity expert Toby Stevens.
Find out what the future has in store for RFID tags.
An option, if you're concerned about RFID credit card safety, is to simply return the card to the issuer and get another card from a different company that doesn't implant its chips.
Another possibility is to purchase the DataSafe Wallet from Kena Kai. The wallet is lined with RF-shielding material, which blocks RFID signals until the card is taken out. The wallet acts like a portable Faraday cage, a common trap for radio signals that normally would be too bulky to carry around in your pocket.
Also, keep in mind that despite the security risks of credit cards, most issuers generally use fraud monitoring systems as another layer of protection; these mechanisms are often invisible to users. If a card is lost or stolen, whether through its radio signals or not, these systems develop a profile of your card usage, detect unusual transactions you normally wouldn't make and then block them.
Can you combine RFID tag technology with GPS to track stolen goods?
Unencrypted credit card data storage: Why 70% of merchants do it
How do RFID-blocking passport wallets work?
Dig Deeper on Network security
Related Q&A from Joel Dubin
How to use a public key and private key in digital signatures
Ensuring authenticity of online communications is critical to conduct business. Learn how to use a public key and private key in digital signatures ... Continue Reading
What's the purpose of CAPTCHA technology and how does it work?
Learn about the purpose of CAPTCHA challenges that enable websites to differentiate bots from authentic users to stop spammers from hijacking forums ... Continue Reading
Single sign-on best practices: How can enterprises get SSO right?
Proper planning is at the top of the list for single sign-on best practices, but it's important to get enterprise SSO implementations off to a good ... Continue Reading