RFID blocking at the point-of-sale


Spotted by the cash-register at London Drugs, a giant discount pharmacy-cum-big-box-store in downtown Vancouver, these cheap RFID-blocking credit-card sleeves.

RFID-blocking wallet, point of sale, London Drugs, Vancouver, BC

43

  1. Very nice photograph. I like the artistic decisions used in framing the shot, the interaction between the lights and darks, the almost unearthly use of chiarascuro.

    A masterpiece.

    Now, can you perhaps spare two moments to write a fucking paragraph about it? Unfortunately we don’t all share your supreme “In-ness” with the subject matter.

    1. RFID (orRadio-frequency identification) has been something featured on here for a number of years as a potential tracking device. At one time the UK was wanting to have all Passports fitted with an RFID chip to enable “convenience” in processing travel. However it also meant that you could be tracked anywhere your passport went, just like geotracking on your mobile.

      Tests also showed that they were also easily hacked and, since the chip contained all the information on your passport, they made a handy target for identity thieves.

      http://en.wikipedia.org/wiki/Radio-frequency_identification

      1.  what do you mean “wanting”… it’s a fact… all UK passports currently being renewed or first issue now HAVE them…

    2.  “In-ness” is clearly difficult to judge; particularly among an eclectic crowd like the BoingBoing gallery.  I have felt like you do here at times (i think the last time was a sudden unexplained attack of “my little pony” posts).   I happen to know a bit about RFID so this post struck me as copacetic.  That is, your impatience here has shown me the narrowed error of my ways – thankee!

      1. Oh, and London Drugs, despite the name, is not based in London, Ontario or even that other London with chimney sweeps. They don’t even have stores east of Manitoba.

  2. Does it actually work? I carry a small case around lined in lead for all of my cards and portable electronics.

  3. I’ve never quite understood the obsession with RFIDs.  Security issues are there, you don’t want someone to be able to steal your credit card info with a machine, but that is hardly insurmountable (and I don’t know of any cases outside of a lab of it actually happening).  

    The range of those things is very low and they would make a terrible vector for surveillance especially given everyone carries a phone anyhow.The one thing they are super useful for is using cards without having to get them out of your wallet.  So do people block them, what from?  

    1. To put it bluntly, RFID cards can be copied. A copy may look like another RFID card, or it might look like a notebook, textbook, magazine, be embedded in the sleeve of a jacket or shirt. It might look to the casual observer like an old wind-up watch, perhaps not even functional. However if the copy is of your credit card, or your drivers license so you can go through border crossings easier, whomever has that copy can use your credit card, or can cross the border easier as a result.

      The other thing that happens, even if no-one is making copies of your card, every time that card is read, a record of that transaction is made. This may be nothing more than ‘card 900b1y900k read at [timestamp] by reader [serial number]’ or it may be a detailed record of every item that just passed by the cash register as part of your shopping purchase.  And what that record contains, where it’s kept, by whom, for what purpose (Target sending coupons to you or your partner 3-6 months after one of you becomes pregnant) is not something that you have control over.

      You may be OK with that. Or you may not. But consider that if you combine the two, it becomes trivially easy for someone to frame you as being at or near the scene of a crime, when in reality you’re sound asleep in bed, perhaps in a different city. Even if you are OK with the idea of keeping those records, and turning them over to the police if requested or with a court order, the fact that the evidence can be faked, really should worry you.

      1. The other thing that happens, even if no-one is making copies of your card, every time that card is read, a record of that transaction is made. This may be nothing more than ‘card 900b1y900k read at [timestamp] by reader [serial number]’ or it may be a detailed record of every item that just passed by the cash register as part of your shopping purchase.  And what that record contains, where it’s kept, by whom, for what purpose (Target sending coupons to you or your partner 3-6 months after one of you becomes pregnant) is not something that you have control over.

        But the exact same thing can be done with any credit card or debit card, RFID or not.

  4. Oh, cool — The local insurance company (Crown corporation at that) that you gotta get your drivers license through in this province actually hands these out along with the RFID-enabled drivers licenses which are supposed to get you through the border more smoothly. I brought the forbes article about the blackhat conference credit card reading thing up with my coworker and he showed me his. I’m not surprised that the credit card companies aren’t giving these out with their contactless credit cards though… Just sit and think how much profit they’d be out on if they actually tried stopping credit card fraud with a properly upgraded & engineered system :P

    1. Yeah I just got mine, but for the enhanced licenses I am not sure what it is worth. All that is on the chip is the unique identifier that is printed on the card. I guess someone could make a duplicate but there is not personal info itself so unless they had everything else not much, also if they have managed to get into the system that actually uses said information on the chip, well they can just go look anyone up at that point so the string of unique gobbledygook is moot at that point.

      If I have no choice about a credit card with RFID then I will definitely invest in  a blocking wallet or sleeves like in the picture.

    2. You are nice calling this “local insurance company”. I call that “provincial monopolistic racket”, a conflict of interest at that as they have no interest in prevention since the core of their business is to sell insurance as a prices that is 4 time the rate in other provinces private insurances.

      1.  Actually that’s not true. The scale is different – everybody has to earn their premium discount on a level playing field – your age and sex do not factor in to your base premium. This makes first year premiums significantly more expensive for some demographics, while substantially cheaper for others, compared to other systems. It all evens out depending on how careful you drive and how much you claim.

  5. I was expecting, in a bit of irony, that this would have a sale price only available if you used the drug store’s loyalty card.

  6. The range of those things is very low and they would make a terrible vector for surveillance 
    =============

    There are other issues.

    1.Think denial of service. They are low power, and they work on an ethernet like protocol. Just broadcast with higher power, and it doesn’t have to be that high, and you can deny all card readers in quite a range. Small 9 v battery, plus a bit of circuitry and you could stop a shop from working. Hidden on the premises, cash into an account and you will be told where it is (or it is removed). Cash then gets withdrawn via an ATM machine in other locations.

    2. Think fake responses. For example, how about adding in extra items to a shopping basket remotely, or hiding the expensive items? Think about this if you are innocent and shop security gets you with items you haven’t paid for.

    RFID is going to be the new black when it comes to crime and extortion. 

  7. I think it is supposed to be ironic that they’re selling RFID blocking sleves precisely where you are most likely to use RFID, the check out line.

  8. Do they even work? Or did someone figure out a way to sell useless plastic sleeves at a relatively huge markup?

    1. I am curious about this as well.  What is in the composition of the sleeve that would block a radio frequency signal?

  9. Um…I get Cory was going for “ironic” but doesn’t it make sense that they would have RFID covers for sale right where you were most likely to pull out your RFID enabled card?

    1. The irony is bank or government “selling” RFID card “for your security”. Note that banks also make sure they defer the liability to the customers with the “enhanced security” they claim it provides (*hint* it does not)

      1. The best one is when the Royal Bank sent me my RFID card. They sent it in the mail.

        Preactivated.

        Without informing me it was coming.

        With a paper explaining how I could use it for $200 of purchases before it would ask for a PIN.

        When I went in to complain and have the PINless stuff killed they said it wasn’t a security exploit because “No one uses that yet.” So not only security through obscurity, but security through obscurity that’s being destroyed by an ad campaign!

        I moved all but a small chequing account out of the Royal Bank over that one.  Should move the chequing, too, but with all the stuff tied to it it’ll take forever to do without disrupting something.

  10. Ladies and gentlemen, I think we can agree that the era of the tin-foil wallet has arrived. They will go so nicely with a new range of hats I have in mind.

Comments are closed.