Radio frequency identification (RFID) skimming is a type of electronic theft involving the unauthorized access and capture of information from RFID chips or tags.
RFID uses radio waves to identify and track objects, people, or animals wirelessly. It’s commonly used in various applications, such as access control systems, inventory management systems, payment cards, and even in some passport and identification cards.
RFID skimming typically involves a malicious individual using a handheld RFID reader or a specially designed RFID skimming device to intercept and capture the data transmitted by RFID tags. These devices can read the information stored on RFID tags at close range, sometimes without the victim’s knowledge.
Read More about RFID Skimming
While many may not believe RFID skimming is possible, it does happen. Read more about the threat below.
How Does RFID Skimming Work?
To perform RFID skimming, the cybercriminal needs to be close to the target, often just a few inches or feet away, depending on the specific RFID system he’s using and the target tag type. The skimming device sends out radio waves that activate the RFID tags. Once activated, the tags transmit data, including unique identifiers or sensitive information like credit card numbers, personal identification details, or access codes. The skimming device captures and records the transmitted data, which the attacker can later use for fraudulent activities.
What Are the Most Common RFID Skimming Targets?
The most common RFID skimming targets include contactless payment cards, key fobs for entry systems, and RFID-enabled passports. Cybercriminals can use the stolen information to make unauthorized purchases, gain unauthorized access, or engage in identity theft.
Here are more details on how attackers can exploit specific RFID-using cards and tags.
- Contactless payment cards: Criminals with RFID skimming devices can attempt to capture data from contactless credit and debit cards with RFID chips for quick and easy transactions. They may steal credit card numbers and other card details, enabling them to make fraudulent purchases or clone victims’ cards.
- Access control systems: Access cards, key fobs, or badges that use RFID technology to control entry to buildings or secure areas are vulnerable to skimming attacks. Attackers can clone these access cards to gain unauthorized access to restricted premises.
- Passports: Some passports, especially e-passports or biometric passports, have RFID chips containing the passport holder’s information. Skimmers can potentially access and steal this data, which they can use for identity theft or unauthorized travel.
- Driver’s licenses: In some regions, drivers’ licenses may incorporate RFID technology for identification and authentication. Skimming attacks on these licenses can lead to identity theft or other fraudulent activities.
- Public transportation cards: Skimmers can target RFID-based public transportation cards. They may clone these cards to ride for free or steal the balance stored on them.
- Employee IDs: Many organizations use RFID-enabled employee IDs for access to office buildings and facilities. Skimming attacks can lead to unauthorized entry or even the theft of sensitive information if the cards also store personal data.
- Hotel room keys: Some hotels issue RFID room keys for convenience. Attackers may attempt to skim these cards to gain unauthorized access to hotel rooms or other facilities.
- Retail loyalty cards: Loyalty cards and store membership cards with RFID technology may store cardholder information. Skimmers could capture this data for marketing or identity theft purposes.
- Library cards: Libraries may use RFID technology for book checkouts. Skimming attacks on library cards could reveal cardholders’ borrowing history or other personal information.
- Asset tracking systems: RFID is used for inventory and asset management in various industries. Unauthorized access to this data could be used for industrial espionage or theft.
How Can You Protect against RFID Skimming?
You can avoid becoming an RFID skimming victim by taking precautions, such as:
- Using RFID-blocking wallets or sleeves: These are designed to block radio signals and protect the contents of RFID cards from unauthorized scanning.
- Regularly checking financial statements: Monitoring your credit card and bank statements for unauthorized transactions can help identify suspicious activity.
- Minimizing RFID use: Consider disabling or removing RFID chips from cards or using alternative payment methods if you’re concerned about security.
- Employing strong access controls: Organizations should implement robust security measures for RFID-based access control systems. Individuals, meanwhile, should be cautious about where and how they use RFID-enabled devices.
While RFID skimming is a potential threat, it’s important to note that the risk varies depending on the specific RFID system in use and the security measures in place to protect them. Advances in RFID technology have led to improved security features, making it more challenging for skimmers to access sensitive data.
- RFID skimming is a type of electronic theft that involves the unauthorized access and capture of information from RFID chips or tags.
- RFID skimming typically involves a malicious individual using a handheld RFID reader or a specially designed device to intercept and capture the data transmitted by RFID tags.
- RFID skimmers can obtain data stored on contactless payment cards, access control systems, passports, driver’s licenses, public transportation cards, and more.