RFID blocking at the point-of-sale

Discuss

43 Responses to “RFID blocking at the point-of-sale”

  1. Very nice photograph. I like the artistic decisions used in framing the shot, the interaction between the lights and darks, the almost unearthly use of chiarascuro.

    A masterpiece.

    Now, can you perhaps spare two moments to write a fucking paragraph about it? Unfortunately we don’t all share your supreme “In-ness” with the subject matter.

  2. lavardera says:

    I block mine with a hammer and awl through the chip.

  3. Joe Larkin says:

    http://www.wired.com/threatlevel/2009/08/fed-rfid/
    RFID chips can be read remotely and data can potentially be obtained for malicious purposes. RFID chips are in some Government ID cards, passports, and potentially some credit cards. It’s another possible way to steal information that can be used to track people, perform ID theft and possibly steal credit card numbers. 

  4. Mister44 says:

    Does it actually work? I carry a small case around lined in lead for all of my cards and portable electronics.

  5. PJDK says:

    I’ve never quite understood the obsession with RFIDs.  Security issues are there, you don’t want someone to be able to steal your credit card info with a machine, but that is hardly insurmountable (and I don’t know of any cases outside of a lab of it actually happening).  

    The range of those things is very low and they would make a terrible vector for surveillance especially given everyone carries a phone anyhow.The one thing they are super useful for is using cards without having to get them out of your wallet.  So do people block them, what from?  

    • jay curry says:

      To put it bluntly, RFID cards can be copied. A copy may look like another RFID card, or it might look like a notebook, textbook, magazine, be embedded in the sleeve of a jacket or shirt. It might look to the casual observer like an old wind-up watch, perhaps not even functional. However if the copy is of your credit card, or your drivers license so you can go through border crossings easier, whomever has that copy can use your credit card, or can cross the border easier as a result.

      The other thing that happens, even if no-one is making copies of your card, every time that card is read, a record of that transaction is made. This may be nothing more than ‘card 900b1y900k read at [timestamp] by reader [serial number]‘ or it may be a detailed record of every item that just passed by the cash register as part of your shopping purchase.  And what that record contains, where it’s kept, by whom, for what purpose (Target sending coupons to you or your partner 3-6 months after one of you becomes pregnant) is not something that you have control over.

      You may be OK with that. Or you may not. But consider that if you combine the two, it becomes trivially easy for someone to frame you as being at or near the scene of a crime, when in reality you’re sound asleep in bed, perhaps in a different city. Even if you are OK with the idea of keeping those records, and turning them over to the police if requested or with a court order, the fact that the evidence can be faked, really should worry you.

      • Jorpho says:

        The other thing that happens, even if no-one is making copies of your card, every time that card is read, a record of that transaction is made. This may be nothing more than ‘card 900b1y900k read at [timestamp] by reader [serial number]‘ or it may be a detailed record of every item that just passed by the cash register as part of your shopping purchase.  And what that record contains, where it’s kept, by whom, for what purpose (Target sending coupons to you or your partner 3-6 months after one of you becomes pregnant) is not something that you have control over.

        But the exact same thing can be done with any credit card or debit card, RFID or not.

  6. Dmitri DB says:

    Oh, cool — The local insurance company (Crown corporation at that) that you gotta get your drivers license through in this province actually hands these out along with the RFID-enabled drivers licenses which are supposed to get you through the border more smoothly. I brought the forbes article about the blackhat conference credit card reading thing up with my coworker and he showed me his. I’m not surprised that the credit card companies aren’t giving these out with their contactless credit cards though… Just sit and think how much profit they’d be out on if they actually tried stopping credit card fraud with a properly upgraded & engineered system :P

    • TombKing says:

      Yeah I just got mine, but for the enhanced licenses I am not sure what it is worth. All that is on the chip is the unique identifier that is printed on the card. I guess someone could make a duplicate but there is not personal info itself so unless they had everything else not much, also if they have managed to get into the system that actually uses said information on the chip, well they can just go look anyone up at that point so the string of unique gobbledygook is moot at that point.

      If I have no choice about a credit card with RFID then I will definitely invest in  a blocking wallet or sleeves like in the picture.

    • hub says:

      You are nice calling this “local insurance company”. I call that “provincial monopolistic racket”, a conflict of interest at that as they have no interest in prevention since the core of their business is to sell insurance as a prices that is 4 time the rate in other provinces private insurances.

      • iserlohn says:

         Actually that’s not true. The scale is different – everybody has to earn their premium discount on a level playing field – your age and sex do not factor in to your base premium. This makes first year premiums significantly more expensive for some demographics, while substantially cheaper for others, compared to other systems. It all evens out depending on how careful you drive and how much you claim.

  7. jkonrath says:

    I was expecting, in a bit of irony, that this would have a sale price only available if you used the drug store’s loyalty card.

  8. LordBlagger says:

    The range of those things is very low and they would make a terrible vector for surveillance 
    =============

    There are other issues.

    1.Think denial of service. They are low power, and they work on an ethernet like protocol. Just broadcast with higher power, and it doesn’t have to be that high, and you can deny all card readers in quite a range. Small 9 v battery, plus a bit of circuitry and you could stop a shop from working. Hidden on the premises, cash into an account and you will be told where it is (or it is removed). Cash then gets withdrawn via an ATM machine in other locations.

    2. Think fake responses. For example, how about adding in extra items to a shopping basket remotely, or hiding the expensive items? Think about this if you are innocent and shop security gets you with items you haven’t paid for.

    RFID is going to be the new black when it comes to crime and extortion. 

  9. DewiMorgan says:

    My green card came with a metal-lined envelope that I have to keep it in :) 

  10. gaiapunk says:

    I think it is supposed to be ironic that they’re selling RFID blocking sleves precisely where you are most likely to use RFID, the check out line.

  11. ponzicar says:

    Do they even work? Or did someone figure out a way to sell useless plastic sleeves at a relatively huge markup?

  12. BBNinja says:

    Um…I get Cory was going for “ironic” but doesn’t it make sense that they would have RFID covers for sale right where you were most likely to pull out your RFID enabled card?

    • hub says:

      The irony is bank or government “selling” RFID card “for your security”. Note that banks also make sure they defer the liability to the customers with the “enhanced security” they claim it provides (*hint* it does not)

      • iwanttowatchyoutubeyoubastards says:

        The best one is when the Royal Bank sent me my RFID card. They sent it in the mail.

        Preactivated.

        Without informing me it was coming.

        With a paper explaining how I could use it for $200 of purchases before it would ask for a PIN.

        When I went in to complain and have the PINless stuff killed they said it wasn’t a security exploit because “No one uses that yet.” So not only security through obscurity, but security through obscurity that’s being destroyed by an ad campaign!

        I moved all but a small chequing account out of the Royal Bank over that one.  Should move the chequing, too, but with all the stuff tied to it it’ll take forever to do without disrupting something.

  13. cstatman says:

    help,  my brain hurts,  I am so confused.

  14. Rick Davies says:

    Consumer’s Advice: those are not cheap. At that price, these over here are 3-for-2: http://difrwear.com/products/rfid-blocking-card-sleeve-set-set-of-3-lb103

  15. I know that those TV-ad aluminum wallets are supposed to block RFIDs, but wasn’t aware of any plastics that did so..anyone know about this?

  16. Peter Yard says:

    Ladies and gentlemen, I think we can agree that the era of the tin-foil wallet has arrived. They will go so nicely with a new range of hats I have in mind.

  17. Ken Williams says:

    So the clever bit here is that you can buy these things *AT THE VERY KIND OF PLACE WHERE YOU CAN BUY THINGS*?

  18. hub says:

    But does it really work?

Leave a Reply