InfoSec Blog - What's in your Wallet?

Credit Cards

June 8, 2018

Most new credit and banking cards now allow you to quickly pay for small purchases by tapping your card on a payment terminal instead of inserting your card into the machine and entering your PIN.  This uses a technology called Radio Frequency Identification (RFID).  These RFID-enabled cards contain a small radio frequency antenna and a microchip inside to process the transaction. Simply tap the card over a compatible payment terminal and that's it - you don't need to enter your PIN for purchases under $100.

Should I be scared to use the tap feature?

In general, these transactions are very secure. They are encrypted and processed over the same networks used by all major credit card companies.  The card never leaves your hand and all transactions are uniquely numbered for additional protection, so the risk is very low. However, there have been reports of a threat against these cards - Electronic Pick Pocketing. Bad actors can use hand held card readers and scan your purse or wallet without physically touching your credit card and then use that scanned information to manufacture duplicates. 

How can I protect myself?

If this technology makes you nervous, there are a couple of things you can do to protect yourself:

  • Contact your bank and ask to disable the tap feature.
  • Buy an RFID blocking wallet or purse. A simple Google search will provide you with many options.

As well, you should:

  • Never share your card or PIN.
  • Choose a secure PIN that doesn't include something easily guessed or known about you.
  • Regularly check your bank statements to ensure all transactions are legitimate. If you suspect fraud, contact your bank immediately.
  • Report any lost or stolen cards as soon as possible.

 

Written by: Zahid Akhter (Cyber Security Analyst, Information Security)