RFID Blocking in your Wallet?

[Frederick Skelly]

I'm looking for a new wallet. Some vendors claim their wallets can block someone with an RFID reader from snagging your credit card info.

There are some expensive wallets ($100) out there that do NOT have this capability, which makes me wonder if this is a gimmick.

What do you folks know about this?

Thank you!
Fred

[John Ziebron]

Many years ago when this problem started coming to light I bought a bunch of the RFID blocking sleeves, put my credit cards in them and then put them in my wallet. When I needed a new wallet 3 years ago I bought one with the built in RFID blocking. Like most of us I'm fussy about the configuration of my wallet but I did find one on Amazon for about $20 that I liked. It was made in India and I still use it today.

Men's wallets, like lady's purses come in a wide range of prices. But RFID wallets are common place today and you can find a lot of them in the sub $50 price range. The only problem I have is do they truly do a good job of blocking. I have no way of testing this feature but perhaps others on the forum came shed some light on that.

[Tom M King]

I use the sleeves because cards didn't last long in my pocket without them. My wallet is really just a leather business card holder. It has my drivers license, Medicare card, a tiny tweezer, and a credit card in it. I don't like a lot of stuff in my pockets.

[Jim Becker]

I have a hard enough time finding the kind of wallet I prefer and adding RFID shielding to that would likely be maddening. But it's certainly a good idea. (I don't carry much cash...it's all cards of some time. A limited number of them are actual payment methods but the rest are cards for things like healthcare, ID and some key afficiations with AAA as an example. The majority of mens' wallets still focus too much on green money rather than cards and are also physically larger than I prefer)

[Andrew More]

I have no way of testing this feature but perhaps others on the forum came shed some light on that.

Seems relatively simple: keep it in the wallet, see if one of the RFID credit card readers can read it. If not, I think you're good, assuming it works once removed from the wallet.

[Jim Koepke]

My vehicle comes with a fob that locks/unlocks the doors and must be present to start the vehicle.
My paranoia led me to purchase a "Faraday cage" holder. With the fob inside the holder it could still work the locks and other functions. Seemed like a bum deal to me.

jtk

[Rob Luter]

My vehicle comes with a fob that locks/unlocks the doors and must be present to start the vehicle.
My paranoia led me to purchase a "Faraday cage" holder. With the fob inside the holder it could still work the locks and other functions. Seemed like a bum deal to me.

jtk

I have a similar issue. My car and fob communicate if they are closer than about 15 feet from one another. I have to make sure when I store the fob it's farther than that from the car. If not it will wake the car up and the and two will jabber constantly and run the battery down over a few days.

[Jason Roehl]

I had to get an RFID-blocking sleeve for one of my cards—my employee ID. It used to be my badge access to secure buildings and areas where I work, but my employer went to a system that did not have our pictures and place of employment on the card (wise). So I was issued a new card. With both cards in my wallet, the badge scanners would not correctly read the new card. With the blocking sleeve on the old ID, the new card reads just fine. Strangely, none of my credit cards seem to interfere.

[Stan Calow]

I have always heard (from credible sources) that this was an overblown threat and RFID protection was unnecessary.

[Andrew More]

I have always heard (from credible sources) that this was an overblown threat and RFID protection was unnecessary.

I can believe it, half the time the silly tap card readers don't work when they're supposed to. How is a covert reader supposed to do any better?

[roger wiegand]

I think that the idea that criminals don't already have ready access to my credit card information without bothering to try to scan my pant's pocket is a fantasy. I've sent the information to many hundreds of vendors and handed my card to dozens and dozens of cashiers and waiters who could easily have collected my information, complete with the security code that is often required. Each of those vendors in turn keeps the information on computer systems that are subject to wholesale hacking and collecting CC information for thousands to millions of people at a time. If you are so inclined you can go to the "dark web" and buy as many valid credit card numbers as you want, any time, any day for pennies apiece without bothering to go out and collect them yourself.

So no, this is not something I would bother with.

What I do do is to check my bills carefully every month; sometimes there are bogus charges and I report them. So far they have always been reversed immediately and without any hassle other than having to make the call and get a new CC number. More often the credit card company flags the transaction for me as bogus.

For a real increase in security I think the best option is to use a service like ApplePay. They use a single-use number system so that the information passed to vendors is only good for one transaction, stealing the number is useless.

In the rest of the world system have been implemented in restaurants and such with mobile terminals so you never have to hand your card or phone to some unknown person and have them disappear into the back room with it to do who knows what with it. I hope the US will eventually catch up.

[Frederick Skelly]

All good insights. Thanks folks!
Fred

[Brian Elfert]

My understanding is the only thing a contactless credit card transmits is a one time use number, not your actual credit card number. I suppose someone could set up a transaction on an actual card reader and then get close enough to process a legitimate transaction. I know that contactless cards have to be really close to the reader to work. Not something I really worry about.

[Mike Henderson]

I think Brian is correct. My understanding of the card (the most recent specification) is that they exchange public keys with either the point of sale (POS) terminal or with the Visa/Mastercard system, and then encrypt everything after that. Not only that, but the transaction ID is unique for each transaction - the actual card number, expiration date, CVV, and holder's name is never transmitted.

I did a bit of research on this and there were no reports of card theft by skimming the RFID.

The people who design these systems are plenty smart. The specification is done in a standards meeting and when a proposal is made, many other people try to break it. It was considered a status symbol if you could break another company's submission. That doesn't mean that there can't be holes, but I haven't heard of any on RFID credit cards. If there were, the technique would spread very quickly and we'd all hear about it. And the credit card companies would replace all our credit cards.

[I participated in standards meetings when I was working - mostly communications. International standards are mostly done through the United Nations but there are a few other groups that develop standards that are adopted internationally. I think the credit cards are done in ISO.]

Mike

[I believe the technique is essentially the same for contact cards and for contactless cards - and very similar for Apple Pay and Google Pay. The credit card people introduced the RFID technique to combat Apple Pay and Google Pay. People were not even carrying their cards any more - they just used their phone.]

[Credit card fraud for in-person transactions is essentially gone, except for stolen physical cards, as long as the chip is used in the transaction, not a swipe. The fraud now is on the Internet.]

[Steve Demuth]

My vehicle comes with a fob that locks/unlocks the doors and must be present to start the vehicle.
My paranoia led me to purchase a "Faraday cage" holder. With the fob inside the holder it could still work the locks and other functions. Seemed like a bum deal to me.

jtk

Yes, in that case you were sold a bill of goods. Car fobs are profoundly different from RFID credit cards. They have their own on-board power source (the battery) and are designed to work from a distance. So, the signal you are trying attenuate is much, much stronger than in RFID, and the faraday "cage" (probably a bag) has to more reliably radiation tight. A lot of them aren't, and if you have a tear, hole, significant wear, or simply don't close them properly, even the good ones will fail.

Cars also have much poorer security in the handshake between the fob and the car, than do credit cards between the card, the reader, and the bank, although newer models are getting better. But fundamentally, they are not very secure and most are eminently hackable. You can find instructions on the interwebs for how to build a hacking device that works on most cars.

Also, it matters that hackers aren't after your fob, the way they are after your credit card. They want your car, and your fob protector does nothing to make it more secure.