My leather bifold wallet with coin holder is starting to come apart at the seams. I'm not real interested in looks or name, but I've seen enough of the warnings about being able to read credit cards through unprotected leather that I'm considering paying the extra for that added protection. The problem seems to be that when independently tested, many of the advertised "RFID protected" wallets don't block electronic snooping well, just partially. Has anyone investigated this, and got some good answers? What I've read is the present RFID wallet blocking technology is still in it's infancy and needs more work other than a metal case?

I keep my cards in little protective sleeves. Not only are they supposed to be protected from pocket pirates, but the cards last until the bank sends me another one. Before the sleeves, they might have lasted three months. I just ordered the sleeves from Amazon.

I use the sleeves also but find them an irritation with my fat fingers. An RFID protected wallet would be nice.

Have you asked your credit card issuer or your bank to see if any of any your cards actually have RFID? I have a number of cards and I am not aware of any of them having RFID capabilities.

I keep my cards in little protective sleeves. Not only are they supposed to be protected from pocket pirates, but the cards last until the bank sends me another one. Before the sleeves, they might have lasted three months. I just ordered the sleeves from Amazon.

Do you have to remove the sleeve from your wallet to take the card out of the sleeve? The sleeves seem like a hassle but protection is important. I carry my wallet in my shirt pocket because when I carried it my back pocket my credit cards usually get cracked before it was time for a new card to be issued.

I am considering one of the aluminum wallets for the RFID protection or these sleeves.

The card comes out with the sleeve on it. I've been using them for several years now, and hardly even think about pulling the card out of the sleeve, or putting it back in. I bought one of the aluminum ones, but it wasn't comfortable in my pocket. I use the smallest "wallet" possible.

I like the smallest wallet possible also that is why I have shied away from the aluminum ones.

Mine is a little single fold leather with two pockets that hold a few cards, and a cash clip on the outside. It's not much larger than a card overall.

Do you actually have RFID credit/debit cards? They are awfully scarce, other than the ones used for building or parking garage passes. I had one 7-8 years ago and never found a place that would let me scan it, when the bank replaced it it no longer had RFID. The new "chip" cards now being issued don't use RFID.

I only found one place, and that was 9 yrs ago, that had RFID. It was local gas station for pay at the pump. I do not travel past them any longer so I don't know if they still have it.

What technology does ApplyPay, SamsunPay and Google Wallet use? This technology sounds convenient but if you loose your phone you are in trouble if you don't have a password to open yoru phone.

Cell phones use Near Field Communications or NFC. You cannot enable Apple Pay without having a passcode or Touch ID enabled. If the phone is lost and you go to Apple.com and put it in lost mode then Apple Pay is disabled. I have an iPhone and haven't set up Apple Pay because a lot of places don't take and it is just as easy to take out a card as to grab your phone and unlock and whatever. I maybe should set up Apple Pay for the places that take Apple Pay, but still don't take chip cards.

I don't think there is a single documented case of a "real criminal" stealing information using an RFID reader on someone's wallet. Some security researchers have shown it can be done, but geez, I wouldn't spend a second worrying about it happening to me!

ApplePay uses NFC. SamsungPay uses a magnetic field (just like a regular swipe credit card, just stronger), but uses a one-time crypto key that makes it non-reusable, even if someone were to intercept the signal.

Dan, let's not let facts get in the way of a good old fashion scare.

Have you considered tin foil? Hear it makes good hats too.

It's unlikely that you have a single RFID card in your wallet. The chips in credit cards are contact cards.

Mike

I don't think there is a single documented case of a "real criminal" stealing information using an RFID reader on someone's wallet. Some security researchers have shown it can be done, but geez, I wouldn't spend a second worrying about it happening to me!
Plenty of documented cases, just few make it to the light of day for the mainstream media. There's a reason us security researchers continue to work in this field.


It's unlikely that you have a single RFID card in your wallet. The chips in credit cards are contact cards.

Quite a few PIN/chip cards out there are NFC. Technically, these should be considered NFC cards, not generic RFID.




To answer the main question about RFID blockers...the passive "packet" systems are "okay" in some cases, and completely useless in others. The shields almost always require the blocking plane to be directly against the card. One recent development, which I have been following closely since I saw the author present her research at ShmooCon last month, is called GuardBunny. She still has some shortcomings to work out (which reminds me, I promised to send some suggestions and haven't gotten around to it yet), but even now it's a pretty robust system (and quite inexpensive to manufacture, to boot).

Plenty of documented cases, just few make it to the light of day for the mainstream media. There's a reason us security researchers continue to work in this field.

Quite a few PIN/chip cards out there are NFC. Technically, these should be considered NFC cards, not generic RFID.

I'm genuinely curious about this, because I couldn't find a single news report of such a crime. Sure, I don't doubt that it has happened, but if it were a problem worth worrying about, you'd think there would be at least a few credible news reports of it happening? Buying a wallet specifically to avoid this "risk" seems squarely in the "tin foil hat" category (simply because the risk is extremely low). The type of sophisticated criminal who would be able to acquire and covertly operate a RFID/NFC reader is probably capable of some less-risky type of fraud (than following around people in the mall and trying to covertly sneak up to their back pockets with equipment hidden under a trench coat or something).

FWIW, I would NOT want an RFID blocking wallet. I have a single card with an RFID chip, for an access-controlled door, and I can just bump my back pocket against the reader as I walk by.

To me, the sleeves are not about blocking RFID, but about making the card last. I tried the Tyvek sleeves but they didn't improve the life of the card. Not only did our bank charge for a replacement card (I don't know if they still do or not), but it was extra time for me to have to go to the bank to order a replacement, and then wait for it to come. For whatever reason, the strip on it would only last about 3 months. They used to last longer before they started charging for them. I think they may only send out a replacement automatically every year or two, but haven't kept up with that either. Since I've been using the sleeves, the cards still work strong, and a replacement comes in the mail before I need it.

I'm genuinely curious about this, because I couldn't find a single news report of such a crime. Sure, I don't doubt that it has happened, but if it were a problem worth worrying about, you'd think there would be at least a few credible news reports of it happening? Buying a wallet specifically to avoid this "risk" seems squarely in the "tin foil hat" category (simply because the risk is extremely low). The type of sophisticated criminal who would be able to acquire and covertly operate a RFID/NFC reader is probably capable of some less-risky type of fraud (than following around people in the mall and trying to covertly sneak up to their back pockets with equipment hidden under a trench coat or something).

FWIW, I would NOT want an RFID blocking wallet. I have a single card with an RFID chip, for an access-controlled door, and I can just bump my back pocket against the reader as I walk by.

When a group can break into a system and steal millions of cards at once (ala TJ Maxx, et. al.), using NFC boxes to steal cards in onesies and twosies does seem pointless... but at that point, you have to realize they're targeting specific people (and not just credit cards, either... passports are a big deal). And look at it from a different angle... how does someone know their CC info was stolen via NFC? The card itself is never out of the owner's possession, and it's not like the card beeps and tells you someone accessed it.

Imagine this scenario: You're walking through your local mall, strolling from store to store, but never actually buying anything (CC stays tucked away in your wallet). But you just made a purchase while you were perusing store #3, unbeknownst to you, of course. Some guy had an e-cart order waiting for a credit card entry... his "swiper" stood next to you for a few seconds while you both stared in the display case at Sears, giving her the opportunity to connect to your card via NFC. Your card just provided the details for the transaction to go through. You didn't notice the unassuming woman, but you just bought the both of them a $2,000 Gucci bag, which their "casher" will sell on eBay for half of that.

It's not complicated technology, it can be purchased online for dirt cheap, and you're stuffed with the CC company discussion. It appears completely random to the CC company, of course, particularly if the "swiper" moves from area to area.

Appropriate GIF (https://gfycat.com/OldfashionedTightBedbug) for this topic.

Sure, I believe it's do-able. But if someone steals my credit card number (which has happened perhaps a half-dozen times in my life....and I've never had an RFID or NFC card), the issuer just takes care of it and overnights me a new card. Not my problem. If this were such a risk, the card issuers wouldn't be enabling the technology.

Anyhow, my point was that "RFID blocking wallets" are about 10 million times more popular than necessary, given the near zero risk of this actually happening to someone. Junk marketers have sold the public on the idea that they need this to be "safe", when in reality, the incidence of this happening is immeasurably low, and the impact of it happening is essentially zero. In terms of risk/reward, spending even a cent on some "protection" from this risk is not worth your money.

Both Chase and Capital One state that none of their credit cards have NFC or RFID capabilities. Cards that do have NFC or RFID capabilities usually will have Zip, Paywave, Paypass, or ExpressPay on the front of the card.

I do keep my cards in Tyvek sleeves, but that is stop wear, not for RFID blocking. Some Tyvek sleeves can block RFID, but no idea on mine.

Card issuers should improve their technology if its that easy. I'd say those who are the ones who will bear the initial cost of fraud (actual costs and lost opportunity due to the bad publicity) aren't too worried about it--most retailers haven't even enabled the chip readers on their terminals yet.

Smart phones sound like a pretty good approach. Not that its fool proof but when I pay with Apple Pay I need to hold the phone very close to the reader and then confirm the payment with my thumbprint. No one ever touches my card which is the most likely way for my info to get stolen, and I was told by an Apple employee that the information is useful only within the current transaction. They can't even identify me as a repeat customer in their own system to send me an e-receipt without me giving them my email address again.

I started carrying a thinner wallet in my front pocket. I have photos of quite a few of my non-essential, non-bank cards on my phone instead of carrying them and use a phone number or the retailer's app look up most loyalty cards . My cards are holding up a lot better since I stopped sitting on them.

Appropriate GIF (https://gfycat.com/OldfashionedTightBedbug) for this topic.

Sure, I believe it's do-able. But if someone steals my credit card number (which has happened perhaps a half-dozen times in my life....and I've never had an RFID or NFC card), the issuer just takes care of it and overnights me a new card. Not my problem. If this were such a risk, the card issuers wouldn't be enabling the technology.
Exactly. Let them get my card info. Happened once, and didn't cost me a dime. It got jacked at a gas pump.
My CCs don't have RFID. They have a chip. Blocking wallets are useless. With a smart phone, you can install RFID apps. Do that and try to read your cards.

I do keep my cards in Tyvek sleeves, but that is stop wear, not for RFID blocking. Some Tyvek sleeves can block RFID, but no idea on mine.

Tyvek alone will not block NFC (it's a non-conductive polymer)... if you have a Tyvek sleeve that is blocking it, there must be a heavy amount of carbon embedded in it (and is likely sold as an NFC-blocking device).

Mike,
I would narrow your comment to:
"It's unlikely that you have a single RFID credit/debit card in your wallet"
Other than that, you are exactly right. The chips in the credit cards are contact cards.

I work for a sniffer company and wrote their NFC protocol decoders. I carry a DC Metro Smart card that uses NFC and I can see the MiFair data but it's encrypted. If someone passes by me and rubs up against my card and reads it, they would still have to get past the encryption to get any personal information.

There is a difference between RFID and NFC. RFID generally refers to those tags that they put on stuff in stores. You walk between the store pylons and the tag sets off the alarm that everyone ignores. NFC is the same basic tech but runs on different frequencies.

I have an RFID wallet. "Allett" brand...

https://www.all-ett.com/

Looks like your average gentleman's black leather wallet on the outside but the inside is a nylon type fabric. Apparently, it has metal mesh or whatever they use to block skimmers. I like it, no complaints. Couldn't tell you if it works or not. It is American made and I will say say that it has lasted a lot longer than $15-$20 leather wallets I used to buy at the mall. We also have RFID blocking wallets for our passports.

Erik

OK, I'm curious. I didn't go to Evil Medical School when I had the chance, so I have no idea what someone can do if they get the information off your passport. It has:

Your name
Your birthdate
Your address
Your gender
Place of issue
Date of issue
Date of expiration
Passport number

The first four items are readily available from many different public record sources. What nefarious plot is possible given the added information of the last four items? My imagination is failing me. I've shown my passport to random officials, airline people, and hotel clerks in countries all around the world and never given it a second thought even though the guy I'm giving it to could well be a Nigerian Prince on the internet at night.

OK, I'm curious. I didn't go to Evil Medical School when I had the chance, so I have no idea what someone can do if they get the information off your passport. It has:

Your name
Your birthdate
Your address
Your gender
Place of issue
Date of issue
Date of expiration
Passport number

The first four items are readily available from many different public record sources. What nefarious plot is possible given the added information of the last four items? My imagination is failing me. I've shown my passport to random officials, airline people, and hotel clerks in countries all around the world and never given it a second thought even though the guy I'm giving it to could well be a Nigerian Prince on the internet at night.

I'm no expert on any of this but my understanding is that a bad guy could conceivably skim your info and create a bogus passport with it, which could be a national security risk. Though, I just read that apparently, US passports already have some type of metal layer built into the RFID chip to help prevent this. My feeling was that the RFID passport wallet was not much more than the regular passport wallet, so why not? Maybe they got one over on me.

Erik

Check out this TED talk. The whole thing is great but the portion relevant to this conversation starts at around the 10 minute mark.

https://www.youtube.com/watch?v=hqKafI7Amd8

It seems Europe has started adopting some form of embedded chip type of card. From Rick Steve's Europe: "My readers tell me their American-style cards have been rejected by some automated payment machines in Great Britain, Ireland, Scandinavia, France, Switzerland, Belgium, Austria, Germany, and the Netherlands. This is especially common with machines at train and subway stations, toll roads, parking garages, luggage lockers, bike-rental kiosks, and self-serve gas pumps. For example, after a long flight into Charles de Gaulle Airport, you find you can't use your credit card at the ticket machine for the train into Paris. Or, while driving in rural Switzerland on a Sunday afternoon, you discover that the automated gas station only accepts chip-and-PIN cards.In most of these situations, a cashier is nearby who can process your magnetic-stripe card manually by swiping it and having you sign the receipt the old-fashioned way. Many payment machines take cash; remember you can always use an ATM to withdraw cash with your magnetic-stripe debit card. Other machines might take your US credit card if you also know the card's PIN — every card has one (request the number from your bank before you leave, and allow time to receive it by mail). In a pinch, you could ask a local if you can pay them cash to run the transaction on their card."

Cell phones use Near Field Communications or NFC. You cannot enable Apple Pay without having a passcode or Touch ID enabled. If the phone is lost and you go to Apple.com and put it in lost mode then Apple Pay is disabled. I have an iPhone and haven't set up Apple Pay because a lot of places don't take and it is just as easy to take out a card as to grab your phone and unlock and whatever. I maybe should set up Apple Pay for the places that take Apple Pay, but still don't take chip cards.

It’s my understanding that when the Apple Pay application on your iPhone communicates with the transaction terminal via NFC, a unique transaction number is generated that expires in one minute. Also, no personal information of any kind is shared. These features combined with a fingerprint acknowledgement supposedly make the transaction more secure.

You can also have your credit card company notify you immediately via email and text messaging after your credit card has been charged. For example, when dining out, the email / text arrives before the server returns to your table. Bank account balances can be updated daily too.

Don’t wait for your monthly statement to find out that someone has been ripping you off!