SAN FRANCISCO (CBS 5) – The increasingly popular radio frequency identification (RFID) credit cards that allow consumers to pay by tapping may be making it easier for crooks to steal valuable information with their smartphones.
By tapping machines equipped with radio frequency readers, people can conveniently pay with RFID credit and debit cards without having to enter PIN numbers.
According to the owner of Identity Stronghold, Walt Augustinowicz, credit card skimmers made up of about $100 worth of parts easily obtained online can steal enough information to clone credit cards.
Similarly, tech-savvy scammers can also use their smartphones to steal information with just a simple tap.
As Augustinowicz demonstrated, a hacker can develop a smartphone app or game that looks harmless, but when it gets close enough to an RFID card, the app launches and scans the card’s information and sends the details off to the hacker’s email address.
Augustinowicz said that if hackers are talented enough, they can develop RFID information-stealing apps and games that many may mistake as something benign and download them.
“Hundreds of people start downloading it, and they just sit back and watch their email box fill up with credit card numbers they can use,” he said.
Not all smartphones are at risk for these virus-like apps and games, though. Only phones with near field communication like Google Wallet Android technology that allows for pay by tapping have the safety dangers.
However, as pay-by-tapping technology becomes more widely used, security expert, Eddie Schwartz, said RFID software will become an industry standard.
“It’s a good thing that people are pointing out these vulnerabilities. It forced us as an industry to be more vigilant and to take the necessary steps to protect our assets,” he said.
To protect your information, Augustinowicz recommends buying a protective case or wrapping cards in tin foil to block RFID signals.
(Copyright 2012 by CBS San Francisco. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.)