I'm looking for a new wallet. Some vendors claim their wallets can block someone with an RFID reader from snagging your credit card info.

There are some expensive wallets ($100) out there that do NOT have this capability, which makes me wonder if this is a gimmick.

What do you folks know about this?

Thank you!
Fred

Many years ago when this problem started coming to light I bought a bunch of the RFID blocking sleeves, put my credit cards in them and then put them in my wallet. When I needed a new wallet 3 years ago I bought one with the built in RFID blocking. Like most of us I'm fussy about the configuration of my wallet but I did find one on Amazon for about $20 that I liked. It was made in India and I still use it today.

Men's wallets, like lady's purses come in a wide range of prices. But RFID wallets are common place today and you can find a lot of them in the sub $50 price range. The only problem I have is do they truly do a good job of blocking. I have no way of testing this feature but perhaps others on the forum came shed some light on that.

I use the sleeves because cards didn't last long in my pocket without them. My wallet is really just a leather business card holder. It has my drivers license, Medicare card, a tiny tweezer, and a credit card in it. I don't like a lot of stuff in my pockets.

I have a hard enough time finding the kind of wallet I prefer and adding RFID shielding to that would likely be maddening. But it's certainly a good idea. (I don't carry much cash...it's all cards of some time. A limited number of them are actual payment methods but the rest are cards for things like healthcare, ID and some key afficiations with AAA as an example. The majority of mens' wallets still focus too much on green money rather than cards and are also physically larger than I prefer)

It's relatively simple: build a Faraday cage around the card, no EMF gets in, so no reading. In English this means that putting some sort of iron enclosure around the card should keep the electromagnetic waves from reading the card. As for which ones do this, I think it's more challenging in leather than the more rigid "anti-wallets". (https://ridge.com/collections/wallets) I don't think price really plays into it.

Is it a "gimmick"? IDK, I mean I would expect it to work fairly well, with the right design, but I don't think that people using RFID readers to steal your credit card info is all that likely to begin with. Maybe it's more an issue in crowded cities with lots of people walking around?

I have no way of testing this feature but perhaps others on the forum came shed some light on that.

Seems relatively simple: keep it in the wallet, see if one of the RFID credit card readers can read it. If not, I think you're good, assuming it works once removed from the wallet.

My vehicle comes with a fob that locks/unlocks the doors and must be present to start the vehicle.
My paranoia led me to purchase a "Faraday cage" holder. With the fob inside the holder it could still work the locks and other functions. Seemed like a bum deal to me.

jtk

In English this means that putting some sort of iron enclosure around the card should keep the electromagnetic waves from reading the card.
Need not be iron. Any electrically conductive material will work. Aluminum is often used since it is cheap and light weight. It can have small holes in it so a woven metal mesh will work. I do not know the allowable hole size off hand. In theory metal sequins would work but they are not electrically bonded to each other.
Bill D

In English this means that putting some sort of iron enclosure around the card should keep the electromagnetic waves from reading the card.
Need not be iron. Any electrically conductive material will work. Aluminum is often used since it is cheap and light weight. It can have small holes in it so a woven metal mesh will work. I do not know the allowable hole size off hand. In theory metal sequins would work but they are not electrically bonded to each other.
Bill D

It's been decades since I studied this kind of RF theory but I suspect the size of the hole has to do with the frequency of the RF signal being used to read the card.


I have a wallet with built-in RFID blocking. I bought it at Amazon a couple years ago for about $35 IIRC.

My vehicle comes with a fob that locks/unlocks the doors and must be present to start the vehicle.
My paranoia led me to purchase a "Faraday cage" holder. With the fob inside the holder it could still work the locks and other functions. Seemed like a bum deal to me.

jtk

I have a similar issue. My car and fob communicate if they are closer than about 15 feet from one another. I have to make sure when I store the fob it's farther than that from the car. If not it will wake the car up and the and two will jabber constantly and run the battery down over a few days.

I had to get an RFID-blocking sleeve for one of my cards—my employee ID. It used to be my badge access to secure buildings and areas where I work, but my employer went to a system that did not have our pictures and place of employment on the card (wise). So I was issued a new card. With both cards in my wallet, the badge scanners would not correctly read the new card. With the blocking sleeve on the old ID, the new card reads just fine. Strangely, none of my credit cards seem to interfere.

I have always heard (from credible sources) that this was an overblown threat and RFID protection was unnecessary.

I have always heard (from credible sources) that this was an overblown threat and RFID protection was unnecessary.

I can believe it, half the time the silly tap card readers don't work when they're supposed to. How is a covert reader supposed to do any better?

I think that the idea that criminals don't already have ready access to my credit card information without bothering to try to scan my pant's pocket is a fantasy. I've sent the information to many hundreds of vendors and handed my card to dozens and dozens of cashiers and waiters who could easily have collected my information, complete with the security code that is often required. Each of those vendors in turn keeps the information on computer systems that are subject to wholesale hacking and collecting CC information for thousands to millions of people at a time. If you are so inclined you can go to the "dark web" and buy as many valid credit card numbers as you want, any time, any day for pennies apiece without bothering to go out and collect them yourself.

So no, this is not something I would bother with.

What I do do is to check my bills carefully every month; sometimes there are bogus charges and I report them. So far they have always been reversed immediately and without any hassle other than having to make the call and get a new CC number. More often the credit card company flags the transaction for me as bogus.

For a real increase in security I think the best option is to use a service like ApplePay. They use a single-use number system so that the information passed to vendors is only good for one transaction, stealing the number is useless.

In the rest of the world system have been implemented in restaurants and such with mobile terminals so you never have to hand your card or phone to some unknown person and have them disappear into the back room with it to do who knows what with it. I hope the US will eventually catch up.

All good insights. Thanks folks!
Fred

My understanding is the only thing a contactless credit card transmits is a one time use number, not your actual credit card number. I suppose someone could set up a transaction on an actual card reader and then get close enough to process a legitimate transaction. I know that contactless cards have to be really close to the reader to work. Not something I really worry about.

I think that the idea that criminals don't already have ready access to my credit card information without bothering to try to scan my pant's pocket is a fantasy. I've sent the information to many hundreds of vendors and handed my card to dozens and dozens of cashiers and waiters who could easily have collected my information, complete with the security code that is often required. Each of those vendors in turn keeps the information on computer systems that are subject to wholesale hacking and collecting CC information for thousands to millions of people at a time. If you are so inclined you can go to the "dark web" and buy as many valid credit card numbers as you want, any time, any day for pennies apiece without bothering to go out and collect them yourself.

So no, this is not something I would bother with.

What I do do is to check my bills carefully every month; sometimes there are bogus charges and I report them. So far they have always been reversed immediately and without any hassle other than having to make the call and get a new CC number. More often the credit card company flags the transaction for me as bogus.

For a real increase in security I think the best option is to use a service like ApplePay. They use a single-use number system so that the information passed to vendors is only good for one transaction, stealing the number is useless.

In the rest of the world system have been implemented in restaurants and such with mobile terminals so you never have to hand your card or phone to some unknown person and have them disappear into the back room with it to do who knows what with it. I hope the US will eventually catch up.

Everything you said X2!

I think Brian is correct. My understanding of the card (the most recent specification) is that they exchange public keys with either the point of sale (POS) terminal or with the Visa/Mastercard system, and then encrypt everything after that. Not only that, but the transaction ID is unique for each transaction - the actual card number, expiration date, CVV, and holder's name is never transmitted.

I did a bit of research on this and there were no reports of card theft by skimming the RFID.

The people who design these systems are plenty smart. The specification is done in a standards meeting and when a proposal is made, many other people try to break it. It was considered a status symbol if you could break another company's submission. That doesn't mean that there can't be holes, but I haven't heard of any on RFID credit cards. If there were, the technique would spread very quickly and we'd all hear about it. And the credit card companies would replace all our credit cards.

[I participated in standards meetings when I was working - mostly communications. International standards are mostly done through the United Nations but there are a few other groups that develop standards that are adopted internationally. I think the credit cards are done in ISO (https://www.iso.org/about-us.html).]

Mike

[I believe the technique is essentially the same for contact cards and for contactless cards - and very similar for Apple Pay and Google Pay. The credit card people introduced the RFID technique to combat Apple Pay and Google Pay. People were not even carrying their cards any more - they just used their phone.]

[Credit card fraud for in-person transactions is essentially gone, except for stolen physical cards, as long as the chip is used in the transaction, not a swipe. The fraud now is on the Internet.]

It's not necessarily a scam - the wallets may well incorporate faraday shielding to prevent RFID and NFC communications with your cards. That's not particularly hard to do.

But it won't make your cards significantly more secure, for a couple of reasons. First, the RFID and NFC capabilities used in cards require a reader to be within a relatively shortly distance of the card. They can't be read across the room, or as you walk by on the street. This is by design, and fairly inherent, because one of the things the reader is doing is transmitting power to the chip on the card via an induction circuit (like wireless phone chargers), so the chip can operate. They are thus already hard to read inside a wallet that is in a pocket or purse. Second, someone who does detect them can't learn much, unless they are bank tech that manages the information exchange. The cards work by doing a cryptographic handshake using one-use keys, and don't transmit sensitive information to the reader. Rather, they validate sensitive information sent to them by the reader.

I don't know if the sleeves work or not for that, but they do protect the cards. The only time I've ever had cards last until they automatically send me replacements has been since I've been using the sleeves. Before, I don't think they lasted a year, or much more anyway if they were in my pocket.

Here's what my wallet looks like:

https://www.ebay.com/itm/165278820554?hash=item267b62a8ca:g:~TkAAOSwM6th3pR q&amdata=enc%3AAQAHAAAA4CCxqQLnGqbppw49XIw2gRnjBg8JF 9Cg5edzglPJHrxCc9HgERnsqE7dxLOyptouHhOJXsQ5iC9ADg3 Tu8cEK1yE%2Fu7agqLMPxmu96La4CMDD7qKLcCMGuAjdofZBCV 36zncg892NV7xao31YxXgCoZpaU9Jv7xG14AxjHSRLWKMRtrVd oejxQs6e%2BSgYz4sOJZyZK6txJZs3bjfFukje2eSZu9CA1ObJ xnfig4kGe6b2AfBckbg7qg%2BeyQlrvSW1THXKZxnWLfIDgPCX gMqnJLBgFAG5X9FDzubQi6wrThw%7Ctkp%3ABk9SR4SjlI-tYQ

I don't carry cash in it. I don't want anything bigger in my pockets, but the Pro Max iphone has to go in the other front pocket. Cash is just folded in my pocket with the little wallet. Any change goes in the floor of my truck if there are any quarters, or the cashier is told to keep it.

I don't know if the sleeves work or not for that, but they do protect the cards. The only time I've ever had cards last until they automatically send me replacements has been since I've been using the sleeves. Before, I don't think they lasted a year, or much more anyway if they were in my pocket.

That's been one of my complaints - the cards wind up cracking in my wallet. I have a card from Chase that has a metal interior and that card has held up fine. But when they sent me a new card, they included an envelope for me to send the old cards back to them. I guess that's because you can't cut up the old card (well, maybe not with a scissors).

But I'll take the metal interior card any day over cracked credit cards.

Mike

I recently moved to Michigan and when I got my new drivers license it came with an RFID sleeve which I immediately threw away not knowing what it was. My wife got hers a few days later and cleverly asked what the sleeve was for. I had to humbly go back and ask if they had spares. They are only for the super licenses that allow you to go anywhere.

Yes, they do. I use simple tyvek sleaves for the same reason. Have lots of them from a previous gig, so no need in my lifetime to buy replacements. But if you were buying sleaves, also no reason not to get the RFID shielding version. They are only about two bits each in reasonable quantities.

I've been through several different types of sleeves and like these the best right now. They also have the advantage of having color coded edges which makes it easier to keep up with which is what. They are ever so slightly thicker than most of the others I've used that didn't last.

https://www.amazon.com/Blocking-Prevention-Envelopes-Boxiki-Travel/dp/B07BN3ZD6C/ref=sr_1_2_sspa?crid=22HZHSE9R4IAF&keywords=rfid%2Bsleeves%2Bfor%2Bcredit%2Bcards&qid=1672504945&sprefix=rfid%2Bsleeves%2Caps%2C96&sr=8-2-spons&spLa=ZW5jcnlwdGVkUXVhbGlmaWVyPUEyTVNIOVkzVUpQNUxJJ mVuY3J5cHRlZElkPUEwNzAxMTg1VkNKU1pTTUkwUzExJmVuY3J 5cHRlZEFkSWQ9QTA1Mzc5Mzg1VlozT0RXM0tCWU8md2lkZ2V0T mFtZT1zcF9hdGYmYWN0aW9uPWNsaWNrUmVkaXJlY3QmZG9Ob3R Mb2dDbGljaz10cnVl&th=1

My vehicle comes with a fob that locks/unlocks the doors and must be present to start the vehicle.
My paranoia led me to purchase a "Faraday cage" holder. With the fob inside the holder it could still work the locks and other functions. Seemed like a bum deal to me.

jtk

Yes, in that case you were sold a bill of goods. Car fobs are profoundly different from RFID credit cards. They have their own on-board power source (the battery) and are designed to work from a distance. So, the signal you are trying attenuate is much, much stronger than in RFID, and the faraday "cage" (probably a bag) has to more reliably radiation tight. A lot of them aren't, and if you have a tear, hole, significant wear, or simply don't close them properly, even the good ones will fail.

Cars also have much poorer security in the handshake between the fob and the car, than do credit cards between the card, the reader, and the bank, although newer models are getting better. But fundamentally, they are not very secure and most are eminently hackable. You can find instructions on the interwebs for how to build a hacking device that works on most cars.

Also, it matters that hackers aren't after your fob, the way they are after your credit card. They want your car, and your fob protector does nothing to make it more secure.

The hackable car key fobs use a fairly simple technique. Both the car and the fob have a pseudo random number generator and both use the same seed - so both will generate the same sequence of "random" numbers. It's essentially impossible to know the next number if you don't know the seed. And it's almost impossible to determine the seed from a couple of the random numbers.

In older cars, you had to press an "unlock" button to unlock your doors (or a "lock" button to lock the doors). When you pressed the button, the fob generated the next random number and sent it to the car. The car would look at the next several random numbers that it generated (because you could have pressed the key away from the car, and generated a random number then). The number of numbers used to be 250 numbers. If the number from the fob matches any of those 250 random numbers, the car would open (or lock). (if you exceeded 250 button presses away from the car, the fob would have to be reprogrammed to the car.)

Those systems could be hacked but it was difficult. The way you'd hack it is to have a device that received the signal from the fob but blocked the ability of the car to receive it. The car would not respond because it didn't receive any signal. So the owner presses the key again and a new random number is generated. This number is also received and stored, and the first random number is sent to the car, which responds to it and opens the doors. This gives the hacker the second number to use to open your car in the future, assuming you don't press the key button again. Once a number in the sequence is used, only future numbers are valid. So if you get into your car and drive it off, then lock the car at some other site, the stolen number will not work. This would only be of use when you're locking your car and walking away.

To do this hack requires the hacker to be very close to your car WHEN you are attempting to open or lock the doors - ideally between you and the car.

But newer cars do things differently - you don't have to press a button. For this system to work, the car has to be transmitting the next "random" number (just one number, not running the sequence) over and over. When the fob gets close enough, it receives the signal, checks the number to see if it is in the allowed future sequence and, if so, it sends back a number in the sequence to the car.

To hack this system, the hacker depends on your fob being some distance from your car, maybe in another part of the house, or in your pocket as you walk away. The device they have will receive the number from the car, and send it to your fob. It will be valid and the fob will respond with the correct response. But the fob will be too far from the car for the car to receive it.

The hacker can then replay the fob's response to the car and the car will open. But if an additional number sequence is required to start the car they will not be able to start it. It's almost impossible to know what the next number in the sequence is without the seed. They can steal things from your car that way. If the system doesn't require another number to start the car, they can steal your car.

The question is whether there's enough value to the hacker to do this - can they steal enough from your car to make it worth while?

At least that's my understanding of how these things work.

Mike

Fred, if you end up looking for a conventional bi-fold wallet, the Hanks Leather Goods wallet is hard to beat.
My wife uses the RFID sleeves. I don't worry too much about it.

I bought one of the Ridge Carbide card wallets, as I was looking for a smaller form factor to carry my cards in my front pocket. I tried a no-name brand that cost less than $20 for a couple of months, to see if I liked the format, and I found I did, so I ordered the more expensive Ridge Carbide. It's advertised as RFID blocking, and I believe it. There are times when the wallet shifts to lay on top of my key fob when it is in my pocket. When this happens, my car will not detect the fob (the dreaded "Key not detected" when trying to start the car) and I have to shift the wallet over so it is not on top of the key fob. Other than that, I have no complaints. I don't know if the Ridge Carbide is worth that much more money than the knock-off, but it has held up for about a year now with no signs of wear.

It's relatively simple: build a Faraday cage around the card, no EMF gets in, so no reading. In English this means that putting some sort of iron enclosure around the card should keep the electromagnetic waves from reading the card. As for which ones do this, I think it's more challenging in leather than the more rigid "anti-wallets". (https://ridge.com/collections/wallets) I don't think price really plays into it.

Is it a "gimmick"? IDK, I mean I would expect it to work fairly well, with the right design, but I don't think that people using RFID readers to steal your credit card info is all that likely to begin with. Maybe it's more an issue in crowded cities with lots of people walking around?

In very crowded situations like boarding a commuter train would be the biggest risk IMO. It would be easier to get a rogue card reader in closer proximity to others wallets/card holders. 'Social distancing' may help with that. I don't know if an RFID reader could be modified to work from distances greater than factory spec and still be unobtrusive. Of course if it worked at too great a distance it might try to read multiple cards at once so wouldn't work. I don't think RFID theft is one of the top risks to cards.

Gimmick. (plus the extra characters)

For those of you who are interested in a Faraday bag, what are you afraid will be stolen from your credit card?

I searched the web and didn't find any reports of people getting scammed by someone scanning their card while it was in their pocket. I haven't researched the protocol used between a reader and a card, but I expect that the designers were well aware of the risk of cards being scanned and designed the protocol to protect against it.

Mike

The way RFID cards work is the reader sends a signal to the card to power the chip that then sends a code back. It's range limited. If you have just one card in your wallet and the reader was close enough I could see it working but with multiple cards, I figured all the cards would send information back to the reader. So I tried it at my local hardware store. I tried using to cards at once and the reader said "chip malfunction".

I think you are far more likely to have an employee take a photo of your CC (front and back) when you hand it to them to pay than any of this RFID nonsense.

My buddy makes leather goods including wallets. He uses good quality leather, runs the business with his wife and daughter, made in Texas - if you want a wallet that will last for the next 10 or 20 years.

https://www.etsy.com/shop/GritMercantile

I'm in search for a new wallet now, and all the ads I get for wallets brag about how they have RFID blocking. I haven't yet decided which wallet to get, but my favorites are Von Baer, Bosca, and Ekster. The Von Baer (https://vonbaer.com/) one looks like the most luxurious one. They make sure that every detail is perfect which is why they're number 1 for me. Bosca wallets have these cool hand-stitched details with a classic design. Ekster wallets feature a card-slider mechanism which should let you get to your cards easier. This might be a gimmick, but it would be cool to try it.

I'm in search for a new wallet now, and all the ads I get for wallets brag about how they have RFID blocking. I haven't yet decided which wallet to get, but my favorites are Von Baer, Bosca, and Ekster. The Von Baer (https://vonbaer.com/) one looks like the most luxurious one. They make sure that every detail is perfect which is why they're number 1 for me. Bosca wallets have these cool hand-stitched details with a classic design. Ekster wallets feature a card-slider mechanism which should let you get to your cards easier. This might be a gimmick, but it would be cool to try it.

Thank you!

There’s a big difference between rfid and NFC which is what’s in your wallet. Both use the same underlying idea. A powered device (the initiator) transmits some sort of challenge to your card (the target). Your card receives just enough power in that challenge to transmit its response.

RFID is fairly long range. I have an Easy Pass in my car to pay tolls up and down the eastern seaboard. It’s used by stores to thwart shoplifters.

NFC runs on a different frequency than RFID. It’s range is very limited, maybe 6”. The most common use these days is credit cards but there are all sorts of neat applications. You can move a lot of data if you want to. You just do it 16 bytes at a time. I proposed to a friend at harming that they partner with the state and national parks. You tap a spot on a map and the trail route is downloaded to your gps.

Im not too worried about someone getting my card, true, they could transmit a challenge from far away but they would need to be close to receive a response.

My vehicle comes with a fob that locks/unlocks the doors and must be present to start the vehicle.
My paranoia led me to purchase a "Faraday cage" holder. With the fob inside the holder it could still work the locks and other functions. Seemed like a bum deal to me.

jtk

Since this thread has been rejuvenated I've learned a little.

The "Faraday cage" holder came without instructions. There is a pocket on the top of the pouch that when opened appears to be where one would hold the fob. There is what is almost a secret compartment that wasn't found until much later when trying to decide what to do with this thing.

Now it is used all the time to hold my vehicle's fob.

jtk

Since this thread has been rejuvenated I've learned a little.

The "Faraday cage" holder came without instructions. There is a pocket on the top of the pouch that when opened appears to be where one would hold the fob. There is what is almost a secret compartment that wasn't found until much later when trying to decide what to do with this thing.

Now it is used all the time to hold my vehicle's fob.

jtk

WHY? No One can scan and duplicate the fob without access to your car. just can't be done.
And if you guys with CCs read your provider's info, you all have a way to LOCK and UNLOCK your CC with a smartphone. I've had my CC info scammed a while back for the 2nd time and I cut them on and off when I want to use them... 20 seconds. And nothing can go through while locked except what you already have approved (reoccuring like power bill)

I purchased some credit card sized RFID shields from Amazon that seem to work. If I hold one between my card and the store scanner, the scanner will not read the credit card. The idea is to place them on each side of your cards so they can't be scanned.