Experts say not to waste your money — but warn that thieves can swipe your data in other ways

 

It sounds like a sci-fi movie plot: A scammer uses a card reader to scan your credit card and steal your data from afar. For protection, a range of products — fanny packs, purses, card sleeves, wallets and more, some rather pricey — promise to shield your card from unauthorized access.       

But these scams, theoretically perpetrated through RFID (Radio Frequency Identification) technology, are largely unheard of, experts say, and protective accessories aren’t necessary. “We do not believe this topic addresses a real risk,” says Identity Theft Resource Center (ITRC) Chief Operating Officer James E. Lee. “Chip-enabled payment cards and digital wallets are the most secure forms of payment except for cash.”

How is RFID used in credit cards?

Modern credit and debit cards are embedded with tiny components that use radio waves to communicate with a card reader. This enables you to “tap to pay” or make a contactless purchase, where you briefly tap or hover your card at a checkout terminal —  no swiping or inserting the chip required.

“Simply put, it’s a short-range radio technology that transmits information between two objects,” says Claire Swedberg, the senior editor at RFID Journal, a leading industry publication. 

Digital wallets such as Apple Pay and Google Pay also rely on this technology, Swedberg says, and because of the way your data are encrypted during transactions (more on that below), tap-to-pay and contactless payments are in fact more secure than swiping your card. They’re also more hygienic, she notes, because you minimize contact with surfaces while paying. 

Figuring out if your card uses RFID is simple: Just look for a sideways Wi-Fi symbol (it’s the same symbol found on contactless card readers) printed on the front or back.

Should you be worried about RFID scams?

Technology experts and consumer protection advocates agree that RFID scams don’t pose a credible threat. “It’s just very theoretical fraud,” says Frank McKenna, chief strategist for Point Predictive, a San Diego-based fraud detection company.

Major credit card companies also stand behind the safety of RFID cards. “Fraud from skimming is very unlikely and limited in scope,” Visa’s website notes. Darius Kingsley, head of consumer banking practices at Chase, the largest card issuer in the United States as of 2023, says “I personally don’t worry about this,” when asked about the use of RFID-blocking purses and wallets. “I think more of a risk than anything else is people being careless with their card numbers — writing them down, or having their card sitting out so someone else can see it.” 

Nevertheless, misinformation about RFID persists, Swedberg says. She and other experts point to a few reasons why someone stealing their data remotely, through their wallet or purse, shouldn't be a big concern:

1. Proximity: Someone would have to get close — really close — to surreptitiously scan your card. That’s because credit and debit cards use a form of RFID called near field communication, or NFC. As the name implies, NFC only works at close range: usually a few centimeters, according to Swedberg. That means a scammer can’t read your card by simply standing nearby or walking past you.

2. Encryption: RFID cards generate a secure, one-time code for each transaction that masks your payment information. In addition, personal data such as your name and security number aren’t transmitted with that code — depriving would-be scammers of the information they need to make unauthorized purchases.

3. Consumer protections: Although highly unlikely, if a scammer managed to read and then use your card, such purchases would likely be intercepted or refunded according to your card issuer’s fraud policy.

Bottom line: RFID card scams are a high-effort, low-reward endeavor for criminals, who can more easily access personal and financial data through data breaches and other means.

Are RFID-blocking products legitimate?

While accessories featuring aluminum, carbon fiber and other specialized materials may indeed successfully block your card from communicating via RFID, many companies aren’t transparent about whether their products are truly protective — and so-called “RFID-blocking” accessories are often sold at premium prices without evidence that they live up to marketing claims.

There’s no downside to using RFID-blocking products for peace of mind, but McKenna and other experts note that they’re just not needed. “Don’t waste your money,” he says.

The threat of RFID fraud might be overblown, but McKenna emphasizes that other card-based scams such as skimmers, devices that steal data from your card’s magnetic strip, pose a real risk — as does having your personal data exposed in a data breach (which he says often leave older adults particularly vulnerable, as scammers assume they are high net-worth targets).

But there are key steps you can take to protect your financial data and personal information:

Regularly monitor your bank accounts and credit card statements. Sign up for transaction alerts. If you see any suspicious or unauthorized charges, report them promptly.

Monitor your credit rating. Request a free credit report from each of the three federal credit bureaus every 12 months. See www.annualcreditreport.com for more.

Use strong passwords, and don’t repeat them across accounts. A password manager can help you generate and securely store hard-to-crack passwords.

Avoid exposing your card longer than needed. “As soon as you get it back, put it back where’ it’s covered up,” says Kingsley, noting that rather than worry about someone stealing his card data remotely through RFID, he gets concerned about “having my card out at a restaurant and sitting on a little tray for ten minutes while I wait for the waiter to come and take it.”

Sarah Elizabeth Adler joined aarp.org as a writer in 2018. Her pieces on science, art and culture have appeared in The Atlantic, where she was previously an editorial fellow, California magazine and elsewhere.