What is RFID blocking and do you need it?

RFID blocking products promise a solution to these problems, with wallets and passport covers that limit RFID scanning, but it’s worth taking a closer look at how effective the technology really is. What is RFID blocking, and do you need it to stay safe?

What is RFID?

RFID stands for ‘radio frequency identification’. Credit cards and passports use RFID technology to allow machines to scan them from a short distance. It's this system that facilitates contactless payment and that some worry could be vulnerable to criminal manipulation.

Some users worry that a bad actor standing nearby could surreptitiously access their card's RFID function. In so-called “skimming” attacks, a thief can theoretically withdraw money from the victim’s account as they walk by in the street or wait in a store line.

Another risk is that of identity theft, a crime that can haunt victims for years after their details are initially stolen. Could a silent attacker scan your passport or credit card for sensitive information and then impersonate you online? Companies selling RFID products claim to have the solution.

Does RFID blocking really work?

RFID blocking materials can effectively prevent the scanning function on a card or passport, and the range of products that boast this feature is steadily growing.

Everything from wallets to waterproof fanny packs now support RFID blocking capabilities. A layer of carbon fibre or aluminium can protect you from contactless attacks, and that’s a key selling point for some items.

You don't have to invest in a designer handbag with integrated aluminium sheeting, of course. Studies suggest that a thick layer of tinfoil from your kitchen will be effective too. But whether you’re buying an RFID blocker or making your own, the question remains: do you actually need it?

Do you need RFID blocking?

You might have seen reports claiming that “contactless crime” can result in huge financial losses, and that's absolutely true. The problem is, the studies used to support these claims don't make a compelling case for RFID blocking specifically.

If a victim loses money in a “contactless-related” event, it's almost always because their card was physically stolen from them. Even if that happens, the damage rarely escalates because purchases made with contactless cards are capped at a relatively low sum.

Data from both Action Fraud and UK Finance suggests that the threat currently posed by skimming attacks is minimal. In a 2018 report, UK Finance found no record of any contactless theft occurring that year while a card was still in the possession of its owner.

The technology and techniques used by criminals are always evolving, but for now there’s little evidence that skimming is an imminent threat.

Does RFID blocking prevent identity theft?

Anxiety around identity theft is understandable. The idea that an attacker could scan nearby credit cards for sensitive information seems plausible. If your card numbers or passport details get into the wrong hands, it can be impossible to undo the damage.

That's a valid concern, but in most cases it's not one that RFID blocking will help with, at least for the time being. While it’s worth regularly reassessing threat levels, neither your passport nor your credit card are particularly vulnerable to contactless interference.

For card users, there are four key reasons why this kind of attack is unlikely:

• When scanned, credit cards use a one-time transaction code to complete the process and that code is heavily encrypted.
• The scannable information on a card doesn’t include the sensitive data that thieves are actually looking for (the security code on the back of the card, for example).
• To steal their data, an identity thief would have to get physically close to the victim. The risk of being caught in the act and captured on CCTV, with no guarantee that the target’s card will even be accessible, is a strong deterrent.
• Criminals no longer need to risk getting close to a victim to steal their information, because huge lists of compromised credit card details are readily available on the dark web.

It's a similar story for passports. The information available via RFID is completely encrypted; manufacturers know how sensitive it is. In the majority of cases, the data is accessible only to the kind of verified scanners you'll encounter at airports and other official checkpoints.

If you still have any doubts, there's one more thing you should know. Most passports issued in the last decade already contain layers of RFID blocking material. Adding further physical protection won’t do much for security; the real threats are online.

Genuine security begins with encryption

Today's criminals know that if they want to extract money and sensitive data from their victims, they don't need to do it in person. From the social engineering of a phishing email to the insidious probing of an extortion kit, there are plenty of reasons to be concerned.

You need a different kind of protection, one that actually responds to the challenges you face. NordVPN provides powerful encryption, strengthening security and enhancing personal privacy.

Instead of covering your credit card in tinfoil, NordVPN can wrap your browsing activity in layers of secure encryption.