We got rid of RECAPTCHA. We're officially de-googled! Learn More

Is NFC/RFID Skimming a Real Threat... Yet?

With the increasing popularity of NFC and RFID technology being used in smartphones as a method for delivering "wallet" payments and more credit cards use RFID technology, security issues arise.

How secure are they? Can't they be skimmed? What's the likelihood of someone stealing my info?

What is NFC?

NFC stands for Near Field Communication. It is a subset of RFID, which is Radio Frequency IDentification. NFC is not considered Bluetooth.

NFC allows short-range communication between compatible devices.

It's a feature that's most commonly found on smartphones and tablets, versus laptops and desktops. Additionally, NFC is typically associated with Android phones versus iPhones, but just about all iPhones have NFC capability.

NFC functions on its own standard. NFC-enabled devices are typically separated into two groups: passive and active.

Active NFC devices can both send and receive data. Active devices require their own power source. Good examples of active devices include the iPhone 11.

Passive devices can only send data, but they don't require their own power source. Some IDs use the NFC standard to communicate with NFC readers. Other examples of passive devices can include billboards and signs.

How does NFC work?

NFC sends information by radio waves, like the general RFID standard. You can understand how NFC works by first understanding a bit about how RFID, the "parent technology" works.

How RFID works

RFID allows devices to communicate via radio waves. RFID uniquely identifies items through these radio waves.

At minimum, an RFID system is made up of a reader, a tag, and an atenna.

Tags hold data.

Readers "read" and decode the data held by tags.

Atennas transmit the data between readers and tags.

RFID can also be separated into passive and active. Additionally, it can be separated into differing frequencies, such as low frequency and high frequency.

black card rfid reader

Back to NFC: The NFC standard allows communication between devices to happen in three different ways: peer-to-peer, read/write, and emulation.

Peer-to-peer communication is what sets NFC apart from RFID the most. It's also the type most commonly found in smartphones and tablets.

Read/write is where information is only sent one-way.

Emulation is where a device can function the same as a physical card. A good example would be an Android phone using Android Pay at a store checkout.

What is NFC/RFID skimming?

NFC/RFID skimming is where hackers/skimmers/bad guys intercept the radio wave communication between devices or simply read the radio waves that a NFC or RFID enabled device puts out.

The bad guy's reader reads the data put out from your device or debit/credit card. They can then capture this information and use it for their own benefit.

How do the bad guys skim a card or a phone?

They buy devices that pretty much steal the code produced from your debit or credit card, or your smartphone.

Here's a short video:

Is NFC/RFID skimming a threat?

It certainly is. Is it a threat you're likely to face? Realistically, probably not.

As RFID technology becomes increasingly popular -- especially in the United States -- NFC/RFID skimming does remain a threat, but not necessarily a viable one.

I say this because for most criminals/hackers/whatever-you-want-to-call them, the risk versus reward is not the best. On the skimmer's end, there's a lot of effort to be put in... and the payoff really isn't there for them.

risk reward graph stocks

Generally, the bad guy(s) can get a bigger/better return-on-investment by trying to steal your credit card information via phishing or by hacking/cracking databases with already present security issues.

You know, like the big fat data breaches. They probably find that their time/money is way better spent doing stuff like that because the payoff is huge!

But you should know that the threat is always there, as with everything we do. Thankfully, it's pretty easy to protect yourself, even if to make you sleep better at night..

How can I protect myself from RFID skimming?

The obvious answer is to be aware of your surroundings.

So when using your NFC-enabled smartphone, make sure no weird stranger with an even weirder device in his or her hand is standing too close to you; the same goes for when you use your RFID-enabled debit or credit card.

Remember that the threat of NFC (or RFID, generally) skimming is primarily a physical one; it's unbelievably hard to skim (read: damn near impossible) a NFC device or an RFID enabled card solely over the internet.

Buy RFID-blocking technology

We don't necessarily believe you should go out and buy anti-RFID skimming pants or anything, but a simple wallet or sleeve that offers some protection is better than none.

Opting for an RFID-blocking wallet or sleeve is also pretty set-it-and-forget it.

Turn off NFC

For your phone, it's as easy as turning off NFC when you're not using it. Keep in mind that you'll need to re-renable NFC to use NFC-based apps.

Other measures

In addition to buying RFID-blocking technology, you can take my earlier advice of being aware of your surroundings when using your NFC-enabled phone or RFID enabled card and pair it with (1) putting the NFC/RFID device in your front pocket and/or (2) putting RFID cards together.

Putting the NFC/RFID device/card in your front pocket allows you to easily maintain watch over it with less effort. Overall, it's harder to secure anything in your back pocket over your front pocket.

That's pretty much why pickpockets of both the digital and physical variety go for the back pocket.

Look at it like this: it's a lot easier to run a skimmer by your back pocket without you noticing versus running it close to the front pocket.

By putting the devices or cards in your front pocket, you're taking away a low-hanging fruit opportunity with minimal effort on your end.

shakedown pickpocket

Also, putting the RFID cards together (if you have multiple) scrambles the signal, making it harder to skim.

There's also a 3rd option: (3) wrapping everything in aluminum foil.

This measure is drastic and can be pretty unsightly, but it is an option for those that are truly worried about being skimmed. Aluminum foil has been shown to decrease the range where the bad guys can successfully skim your device or card, making their job harder.

If you opt for this, you should keep in mind that the effectiveness of alumnium foil degrades quickly; you might run through aluminum foil quicker than you did before.

Recommendation

I recommend you use a combination of the above ways to protect yourself.

The easiest way to mitigate the risks of NFC or RFID skimming happenings to you is to be aware of your surroundings, put your RFID/NFC devices together, and to buy a simple RFID blocking wallet or sleeve to house everything.

As mentioned before, this method is almost set-it-and-forget it. Which makes sense, because as I have mentioned before, there are other more real threats you should pay more attention to!

As always, stay safe out there!

Next Post Previous Post