Protecting yourself, Research, regulation, industry reports

Experts say RFID hacking easy

Daniel Ray

Recommended viewing: Seattle KIRO-TV consumer reporter Amy Clancy’s disturbing report on how easy it is to steal data from credit cards that have the “tap and go” technology built in.

Radio frequency identification (RFID) technology is increasingly used in everything from library books to keyfobs that let office workers in their buildings (I have two in my pocket now) — and many credit cards. They transmit very short range radio signals that a receiving device reads before it decides whether to let you check out a book, get to your cubicle or pay for that vente Cinnamon Dolce Frappuccino with your credit card.

Clancy’s report focused on credit cards. She interviewed self-described hackers and experts, such as Karsten Nohl, who make a convincing case that the devices can easily be hacked. Anyone can buy an RFID reader — they’re pretty cheap on e-Bay — that can be plugged into a USB port of a laptop. Put a credit card within a few inches of the reader and the laptop displays the card owner’s name, credit card number and expiration date.

You may ask, “Who, pray tell, would be dumb enough to hand their credit card to some guy with a card reader?” It wouldn’t happen that way. A thief would power up that laptop, stick it in a briefcase, stand at a crowded intersection or bus stop, and the card reader would gather enough data to go on a shopping spree.

See related: Cell phone plus contactless credit card: Yak, wave and buy, Contactless credit cards “floundering”


Off to the Fiesta I go: The Finance Fiesta, a blog carnival that is “A celebration of the blogosphere’s best personal finance articles,” has kindly seen fit to include one of my blog items in Fiesta No. 3, The Spanish Money Proverbs Edition, hosted by Our Fourpence Worth. The blog item was on how credit card lenders are sharply tightening their standards.

Join the Discussion

We encourage an active and insightful conversation among our users. Please help us keep our community civil and respectful. For your safety, we ask that you do not disclose confidential or personal information such as your bank account numbers, social security numbers, etc. Keep in mind that anything you post may be disclosed, published, transmitted or reused.

The editorial content on is not sponsored by any bank or credit card issuer. The journalists in the editorial department are separate from the company's business operations. The comments posted below are not provided, reviewed or approved by any company mentioned in our editorial content. Additionally, any companies mentioned in the content do not assume responsibility to ensure that all posts and/or questions are answered.