NEW YORK (MainStreet) — Christmas isn’t a holiday for the paranoid, with Santa spying on you when you’re sleeping, awake, and worse, knowing when “you’ve been bad or good.” But retailers are hawking convenient last-minute stocking stuffers to shield information kept on radio transmitting microchips implanted into many credit cards, passports, licenses and worker IDs.
Tiny radio frequency identification (RFID) chips are used to carry and transmit information about everything from patient identities to card numbers. Reasonably or not, the fear is that thieves with readily available RFID readers hidden in bags and briefcases will sweep up credit card and identification data from others crowded with them on airport lines, at automatic teller machines, on subways and in crowded department stores. Despite industry assurances that this information is limited and encrypted, many consumers are unnerved. Major retailers like Walmart, Best Buy, Macy’s, Nordstrom, REI and Sears sell wallets, purses, backpacks, bags, fanny packs, laptop cases, passholders and sleeves that they claim will block the “near field” frequencies used to read the ubiquitous chips.
Online retailers have cultivated this niche market of anxious shoppers and travelers.
“We started selling them around six years ago, but they had a slow adoption rate at first," said Bill Van Ess, divisional merchandising manager with eBags.com. "They have picked up steam over the past two years as credit card theft as skyrocketed.”
Sales now increase about 15% for travel security goods as a whole. Other companies for whom distress over RFID and other wireless snooping is their bread and butter have names like IDStronghold and SilentPocket.
The odd thing is, of course, that none of the mammoth credit card security lapses making the news, such as the Target and Home Depot cases, have had anything to do with RFID chips. A broad malaise about privacy and security is floating this cottage industry. The Smart Card Alliance is quick to note that in the near-decade since RFID cards entered circulation, not one financial loss has been verifiably traced to a wireless hack of them. Consumers, however, have gotten mixed messages.
TD Bank and PNC Bank both contacted Ann Toback, executive director of the Jewish philanthropy Workman’s Circle, in quick succession this autumn to warn her about “some questionable activity” on her cards. Her cards had to be “shut down,” she said, and a TD Bank employee suggested that she might be the victim of an RFID hack.
“I hadn’t heard of it before," she said. "I bought the Travelon Safe ID Color Black Clutch Wallet.”
Even state governments mail RFID chipped “enhanced” drivers licenses inside shielded sleeves. The Michigan Department of Motor vehicles advises on its website:
"Each enhanced license and state ID will be mailed with a special sleeve that can be used to store the card. The sleeve shields your enhanced driver's license or state ID card from unauthorized Radio Frequency Identification (RFID) readers. When you need to access your enhanced driver's license or state ID card, remove it from its protective sleeve. Keep the card in its sleeve when not in use."
Top security consultants have given public demonstrations of hacks, even partially cloning a cards. Recently hired Tesla Motors Hacker Princess Kristin Paget (her actual title) did so at the Shmoocon security engineering gathering in 2012 when working for the Recursion Ventures cyber security firm. Recursion Ventures markets its own GuardBunny credit card-sized RFID shield.
WATCH: More personal finance videos on MainStreet | More videos from Ross Kenneth Urken
TD Bank spokesperson Judith Schmidt notes that in the U.S. “we have not offered RFID cards in debit or credit at TD Bank.” But the company does in Canada, where the company is based. TD Canada Trust Senior Vice President of Technology Risk Management and Information Security Paul Milkman wrote to the Bank Nerd site in 2012 that, while the company has taken a number of measures, “We have not dismissed sleeves as an additional device.” He noted to MainStreet that the company “continually monitors the environment to mitigate against new threats.”
All of these products promoted as RFID defenses employ what engineers call a “Faraday cage,” which is a wall or mesh of conductive material that channels external electricity throughout itself in a constant voltage. Radio frequencies trigger this cancelling force, rendering chips within the cage difficult or impossible to read.
For those aiming for more innovation, Kickstartr and other crowdfunders are awash with proposals for RFID-blocking goods. But for those who are thrifty and willing to fly their freak flag proudly, Consumer Reports and the online DIY (“do it yourself”) crowd advise that these weak radio waves can be blocked with homemade contraptions of foil and duct tape or aluminum tape.
--Written by Erik Baard for MainStreet