Advertiser Disclosure

Can New Chip-Enabled Credit Cards Be Hacked Wirelessly? The Trick Radio Ploy

There are big problems with certain cards, but radio-frequency ID theft is not a problem with new chip cards.

EMV Chip credit card
Credit Card with a new EMV Chip

The new chip-enabled credit cards that banks are sending their customers are supposed to make it more difficult for thieves to steal consumers' account information when they're using their plastic at check-out aisles.

And now you're seeing a wave of ads -- television, radio, online -- about criminals exploiting a flaw in credit cards, a security hole that lets them remotely steal personal identity information in a casual walk-by taking advantage of escaping radio waves--while the card remains in wallet or purse.

Well, rest easy -- at least a bit more easily.

There are big problems with certain cards, but radio-frequency ID theft is not a problem with new EMV cards.

The marketers selling are instead taking advantage of confusion that often accompanies the introduction of new credit card technology.

The radio wave challenge

The truth? The computer chips in EMV cards don't send out radio frequency signals at all. 

The companies selling wireless-blocking sleeves are actually selling products that will protect consumers against an entirely different technology.

A few years back, credit-card companies were pushing credit cards that allowed users to make wireless payments.

You'd simply wave your card at a reader to make your purchase.

These cards, which are still being issued by some providers, rely on Radio Frequency IDentification, better known by the acronym RFID.

The cards send out an RFID signal that allow contactless transactions to happen.

Early versions of this technology, though, came with big security gaps.

Thieves armed with scanning devices could indeed read your card information by intercepting its RFID signal, stealing your information as long as they were close to you.

Thieves could steal information even if your RFID-emitting card was tucked into your wallet, purse or pocket.

The technology behind these cards has since improved, making them safer.

But more to the point, contactless credit-card payments never really caught on -- even as slick marketers developed special RFIF sleeves and cases to protect consumers.

In fact the Federal Reserve Board estimates there were only 700 million contactless card payment transactions in the United States in 2019, the most recent year in which the Fed keeps such statistics.

That's a tiny fraction of the billions of transactions conducted by non-RFID cards.

According to the Smart Card Alliance, contactless chip cards--a form of "smart cards"-- were first issued in the United States in 2004.

But the Smart Card Alliance does say that most consumers have ignored contactless credit cards.

The reasons are many, but include the fact that most retailers don't have terminals in place that accept such payments and that swiping -- or dipping, now -- a credit card doesn't take much more time than does waving a card at a reader.

The technology involved with EMV cards, though, is not the same. Simply put, the computer chip in your EMV card does not transmit an RFID signal.

That's because these cards don't offer contactless transactions. You can't close a transaction with an EMV card unless you actually dip it into a card reader.

If you want to determine whether any of your credit cards, though, do permit contactless transactions and do emit RFID signals, check for a symbol on its back that looks like radio waves.

It's true that some banks offering EMV cards do also equip these cards with contactless technology.

But EMV cards and RFID-emitting cards are not the same thing, and the vast majority of EMV cards, and credit cards in general, don’t emit RFID signals.

What if you have an RFID card?

If you do have RFID cards in your wallet, you can protect yourself by buying an RFID-blocking sleeve or special wallets or purses that are designed to block the signal from readers.

But even this might be a waste of money. Studies indicate the risk of having your information stolen by a thief armed with a scanner is low.

Most criminals haven't invested in the scanners necessary to pull off this hack, these reports say.

And thieves have to be awfully close to you to intercept your RFID signal.

Consumers shouldn’t really worry about buying card-blocking wallets or purses, even if they are using RFID-enabled credit cards.

According to a story by Slate's senior technology writer Will Oremus, the actual instances of criminals using special scanners to commit what is known as RFID skimming are extremely rare.

Again, it comes down to convenience. It's easier for criminals to use other means to steal your credit-card information.

Oremus points to skimmers that thieves can install on ATM or point-of-sale machines.

These skimmers allow criminals to steal more information from a larger number of cards in a quick amount of time.

Thieves sophisticated enough to be able to master RFID skimming are more likely to use their talents to operate more efficient scams, Oremus said.

Credit-card providers are also now doing a better job of protecting consumers that use RFID cards for contactless transactions, according to Oremus' story.

Today's contactless cards now send a one-time code for each transaction initiated by consumers, according to the story.

This means that a criminal might be able to skim information to make one fraudulent purchase.

But that would be it: The thief would have to intercept a new code the next time this consumer makes a transaction, Oremus said.

It's important to note, too that even if a criminal did intercept your card's RFID signal to make a single fraudulent purchase, you wouldn't be financially responsible for this fraud.

Most credit-card providers will erase the fraudulent transaction from your bill.

Instead, criminals prefer to go after easier targets when it comes to credit-card fraud. And that’s where online shopping comes in.

Legitimate security concerns

The new EMV cards -- that acronym stands for Europay, MasterCard and Visa, the three companies behind them -- work differently than do the traditional magnetic-strip credit cards with which most consumers are familiar.

Instead of swiping your EMV cards, you "dip" them into a special chip-reading device that retailers are supposed to have installed already, though many have fallen behind on that deadline.

That reader then confirms your information. You close the sale by signing your name, as usual.

The EMV technology is supposed to make it more challenging for criminals to steal your information during in-person point-of-sale transactions, data that these thieves can then use to create counterfeit credit cards to make fraudulent purchases in your name.

The EMV cards, though they are not vulnerable to RFID skimming, are not perfect, something that security experts have been quick to point out.

That's largely because the cards still require a signature instead of individual PINs that consumers create.

If you lose your card and a thief steals it, that criminal can still make purchases with it.

The thief just has to forge your signature, which isn't difficult to do.

Security experts say that a PIN system would be a better defense against criminals because thieves would actually have to know your secret PIN.

This has aggravated some security experts, including Hector Hoyos, chief executive officer at Hoyos Labs.

“We are spending all this money for a system that isn’t as secure as it could be,”

Hoyos has told MyBankTracker.

Randy Vanderhoof, executive director of the Smart Card Alliance, said that while the new EMV cards are an improvement over magnetic-strip cards, they are not foolproof when it comes to security.

"Consumers still have to always know where their cards are," Vanderhoof said in a previous interview. "They still have to check their credit-card statements to make sure there are no unauthorized purchases on there.

Chip cards are much more secure than the magnetic-stripe cards have been. But consumers still have to be smart with their credit cards."

"They still have to check their credit-card statements to make sure there are no unauthorized purchases on there.

Chip cards are much more secure than the magnetic-stripe cards have been. But consumers still have to be smart with their credit cards."

The chip cards also offer no extra protection when you use them to purchase items online.

That's a significant flaw because consumers today are making more purchases through online retailers such as Amazon and eBay.

Other online security worries

If you want to worry about the security of your EMV credit cards, don’t worry about thieves using scanners to remotely steal your credit-card information.

Instead, worry about them accessing your credit-card data from all those online purchases you make.

Jo Lintzen, vice president of business development with security manufacturer Ultimaco, said that most criminals want to work as little as possible when it comes to pulling off their crimes.

With computer-chip cards making it more difficult for thieves to steal card information at check-out counters, and with most card providers abandoning the idea of RFID-fueled contactless credit cards, it makes sense that criminals would focus their efforts on the online world, Lintzen said.

“There will be a shift in online fraud simply because it will now be more difficult to commit other types of credit-card fraud,” Lintzen said. “The bad guys are creative. They will look for other targets, and online credit-card transactions are an obvious target.”

You can protect yourself while shopping online, up to a point.

First, shop only with retailers you know and trust. Secondly, only use your credit cards at online retailers that run sites that are encrypted.

A retail site is encrypted if it features an icon at the top of your browser that looks like a padlock or an unbroken key.

You can also look at the Web address in your browser. If it starts with "https://" and not just "https://", you know that it is encrypted.

Also, only complete online transactions at sites that ask not only for your credit card's account numbers, but also the three- or four-digit security code on your card's back.

This extra bit of information provides another layer of security to online transactions. Don't do business with sites that don't ask for this code.

Compare Best Accounts Now

Ask a Question

Tuesday, 19 Nov 2019 12:03 AM
<p>A chip-&amp;-PIN would be a safer alternative than just using the chip alone, wouldn't it?</p>
Monday, 19 Aug 2019 12:59 AM
<p>Ah, your full of it. IFID cards contain passive tags and collect energy from a nearby RFID reader's interrogating radio waves The reader broadcasts a radio wave that reads the passive card. Not the other way around.</p>
Tuesday, 23 Jul 2019 10:23 PM
<p>My credit cards magnetic strip was altered somehow through some type of skimmer, I believe at a flea market? a different number is there, my emv chip still works though?</p>
markpanbecker
Saturday, 28 Jul 2018 7:11 PM
<p>If you use one time usage cards online there is zero chance for hackers.</p><p>I use Bank Am shopsafe but there are other companies like privacy(dot)com and ecopayz(dot)com.</p>
disqus_4SPkWvmJBv
Friday, 29 Dec 2017 6:30 PM
<p>Either way it doesn't matter....someone close enough with a reader can get your info....doesn't matter if it transmits or has a pulse which turns the card on.....put the info on a mag stripe card and go pump gas ....most likely you live in the zip code area they need to use it as a credit card from a gas station.</p>
Tuesday, 28 Nov 2017 4:12 PM
<p>That is incorrect. RFID (radio frequency identification). It does emit a radio frequency. This is the issue with RFID. EMV is much more difficult to hack. But, he is correct, using your number online is different.</p>
disqus_FlUH2P0Z2I
Sunday, 29 Oct 2017 10:49 PM
<p>so bottom line bitcoin vs the emv chip both can be scammed with a fake error in store or even online if personal chip readers are made for the public were an error is displayed please try again so you reinsert the card to try again 2 or 3 times allowing a con artist website to make online transactions with other 3rd parties with the so called one time use codes but with bit coin you can see that the transaction went through in real time and unlike the chip you can with hold a transaction you send the bitcoin it arrives vs a EMV chip number one could hold that for at least a short time or even post date it into the future if they are time stamped to start with allowing any records of the credit card company to be invalid no insult to the credit card its the nature of their tech but with bit coin send it look at the block chain you know they have it and they have no means to refuse a payment or delay a payment to make that scam work so if you want secure funds go with bitcoin but be smart about it as the tech is new want to keep a a hundred dollars on your computer on your desk top or laptop fine but do not keep 10 grand on a computer keep that on a good eletronic wallet and know how to use it and think about encrypting it so even if its stolen its still not readily usable and if you have backups stored in a safe place you get home transfer the funds to a new address and your funds are safe and accessible</p>
disqus_FlUH2P0Z2I
Sunday, 29 Oct 2017 10:38 PM
<p>how hard would it be to make a chip reader for the consumer computer that would allow for the one time use codes to be generated at home and sent over the net while a fraudulent website could still take more then they are claiming or take that code and spend it elseware and give back a phony error expecting you to try again after 2 or 3 tries gives you what you want this is not perfect it can be improved but as long as somebody wants to steel your data they will be trying to do so the bit coin method is much more secure against these types of hacks but still at risk if somebody steels your wallet so electronic wallets that work similar to the emv chip are ideal and a step above and beyond the wallet is not hackable info goes into the wallet from your computer to make a request you push some buttons on the wallet to accept or deny the request the wallet does the required data crunching to make the transaction and passes the finished data back to the computer its much the same concept as the chip yet still vulnerable to the lack of delivery scam but not gonna be able to do the fake error stunt on bitcoin as you can track that the transaction went through in real time and the sender is control no middle man that can decide to deny a transaction or allow if the correct data is sent then it will go through the bitcoin network is not controlled by any one server central point like a credit card so bottom line bitcoin is at least a bit more secure then the chip but when we go the extra mile every little gain counts for allot</p>
OldOllie
Wednesday, 31 May 2017 7:39 AM
<p>Pardon me if I'm skeptical but the author doesn't know what he's talking about. RFID chips don't emit signals. They only reflect energy that's beamed at them. Think of a printed page. It doesn't emit light like a monitor, but you can read it if you shine a light on it.</p>

Advertiser Disclosure: Many of the offers appearing on this site are from advertisers from which this website receives compensation for being listed here. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear). These offers do not represent all account options available.

Editorial Disclosure: This content is not provided or commissioned by the bank advertiser. Opinions expressed here are author’s alone, not those of the bank advertiser, and have not been reviewed, approved or otherwise endorsed by the bank advertiser. This site may be compensated through the bank advertiser Affiliate Program.

User Generated Content Disclosure: These responses are not provided or commissioned by the bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by the bank advertiser. It is not the bank advertiser's responsibility to ensure all posts and/or questions are answered.