In our last article about wireless identity theft we covered wardriving: the practice of finding and exploiting open wireless connections. Identity fraud via wardriving is unnerving, to say the least, but RFID-enabled fraud is downright spooky. Security experts fear that this may allow fraudsters to steal personal information from your wallet at a distance. RFID Basics

To understand how this works you need to know what an RFID chip. RFID stands for Radio Frequency ID. An RFID tag is a very small device that sends information about itself to nearby receivers. There are two basic kinds of RFIDs (actually three, but the third semi-passive type requires an overlong discussion, outside the scope of this article). A Passive RFID responds to a radio transmission with backscatter, enabling people with the proper equipment to not only detect it, but retrieve data. An active RFID transmits its own low power signal. RFID chips are very, very small - so small they can be sewn into clothes and implanted in pets without leaving any noticeable sign. Department stores put tags in clothes to monitor stock and prevent theft. People put them in their pets so that anyone with a scanner can find the pet's owner and other vital information. Some people have even gotten implanted RFID chips to perform financial transactions or get hands-free security access into areas that recognize the chip.

How Wireless RFID Fraud Works

One of the newer uses of RFID technology is for banking. Tags are added to bank and credit cards, allowing them to transmit information at a short distance. This means you can make purchases with a wave of your card, without even entering your PIN. Unfortunately, it also means that someone with the right equipment can intercept the card's RFID transmission. While the transmitters are supposed to have strong encryption, several computer scientists have shown at least first generation cards can get cracked - and even without that, a fraudster could reproduce a "dumb" signal to replicate your last wireless credit transaction.

This is cutting-edge crime. Not long ago, there were doubts that it even happened but now, experts are increasingly convinced that personal, wireless ID data theft is not only happening, but is actually on the rise. This crime is called RFID Skimming. It requires a modest amount of homebuilt hardware to receive and send RFID signals and proximity (a few yards) to the victim, but when it's successfully executed it can act as a form of non-contact pick pocketing.

Protecting Yourself

One way to protect your RFID cards (and you may not know you have them, by the way) is by shielding them when they aren't in use. The easiest way to do this is with - and it sounds so crazy I'm not sure I want to mention it) - that conspiracy theorist's favorite,  tinfoil! If you surround the card completely it acts as a Faraday cage, preventing outgoing signals from being read. On the other hand, unwrapping your credit card like it's a baloney sandwich from your lunchbox is probably not a practical long term strategy. Failing that, keep detailed records of all of your transactions with an RFID-enabled card, always check with your bank for the presence of RFID chips in your cards and enlist an identity theft protection service like TrustedID for backup.