Q: Do I need to get a special wallet or sleeve to protect my new chipped credit card from wireless hacking?
A: During this holiday season, you’re likely going to see lots of companies promoting wallets that protect your ‘new’ credit card from hackers.
They’re likely trying to take advantage of the hype surrounding the new ‘chipped’ credit cards and confuse consumers, but one has nothing to do with the other.
What they are offering to protect you from is an older type of technology that focuses on ‘contactless payments’, which has little to do with the new EMV chips you’re seeing on credit cards.
The push towards RFID (Radio Frequency IDentification) enabled cards started many years ago and has since fallen out of favor with many credit card issuers.
Some companies, like American Express, still offer cards with contact-less capability along with the new EMV chip and the traditional magnetic strip so they can be used all three ways.
If you have a credit card that has contact-less capabilities, you will see a symbol on the back that looks like radio waves.
The new chip in your credit card is not a wireless transmitter and requires physical contact with the credit card reader in order to work (which is why you must insert the card into the reader).
The early versions of the contact-less technology could actually allow someone with a special device to read the card information just by getting near you, which led to an explosion in companies offering these ‘protective wallets’.
These ‘proof of concept’ hacks were very popular with security researchers, but cyber-thieves have never bothered to adopt this less than desirable method of hacking.
Hackers are smart and don’t waste time on anything that doesn’t provide a substantial return on their investment.
The fact that no widespread hacking of contact-less credit cards has ever occurred in the real world can be attributed to many things.
One is that the technology is designed to be very short range (2-4 inches) so it’s not like a hacker can be sitting across the room and grab your digits.
Another is that the information generated through a contact-less transaction does not reveal any useful information. It’s not the same as the information provided when you use the magnetic strip.
Real credit card thieves focus on magnetic skimming devices which are much more lucrative, because they can steal the information necessary to create duplicate cards that can be used anywhere.
Contact-less transactions are simple one-time use encrypted tokens, which are of little use to a thief.
To top it all off, depending upon the card issuer and the country that it’s being used in, there are very low maximum charges ($25-$40) that can be generated via contact-less transactions, which really makes it an undesirable target of hackers.
If you do have a contact-less payment card and you’re still concerned despite all of the evidence that it’s a non-issue, studies have shown that wrapping a card in tin-foil is just as effective as using a special wallet, so spend your cash elsewhere!
Ken Colburn is founder and CEO of Data Doctors Computer Services.