Digital Pickpocketing on the go

Once you’ve noticed it, it's already too late. Digital pickpocketing refers to the unauthorized capture of personal data from cards and IDs with RFID chips. The most dangerous is the skimming of credit cards. Passports and digital access cards are also at risk. These electronic thefts are easy to execute and can cause a lot of damage.

Mark's been there. One day the young man receives a credit card bill with high charges that he didn’t remember at all. The walk to the ATM confirms his fears: His account is empty. Together with the bank, he gets to the bottom of it. It turns out that his credit card was scanned and the thief then made purchases using his identity. Mark didn’t notice anything for a long time, because initially only small amounts were debited. Later, the thief got bolder and bolder. The ultimate damage amounts to around 10,000 euros. Mark demanded his money back from the bank, but the bank claimed that he had violated his duty of care. He should have protected his card better and should have checked his bank statements regularly.

How RFID Skimming works

RFID stands for Radio Frequency Identification, a wireless technology for receiving and transmitting data. RFID chips are in your bank cards, credit cards, access cards or passport.  New smartphones are now delivered as standard with the RFID tool NFC ("Near Field Communication"). The problem is the same.

RFID Skimming is nothing more than an electronic version of pickpocketing.  In contrast, it is no longer necessary to reach into your pockets. With RFID hacking, important information stored on your card (personal data, numbers, transactions) is picked up wirelessly via a radio link. All you need is an Android app available on the Google Store or a wireless card reader.  Of course, there are also more professional tools in the Darknet that can read data over longer distances – almost while passing by, leaving no chance for the victims.

What happens to the stolen data?

If you have a bank or credit card, the stolen data may already be sufficient to access your account or make purchases over the Internet. Only your next bank statement will shed light on this.

Skimming an access card is about creating an identical clone. The access to your hotel room or your business premises is the target here.

For passports there are other motives, including access to your personal data or biometric data. There are many possibilities for abuse here as well. Ultimately, it is always about obtaining money or services under the victim’s identity.

A billion-dollar business

There's a lot of trade with stolen data on the Darknet. Today, stolen credit card data costs less than 50 cents each, including a money-back guarantee. These prices show how easy it is to get access to the data. The necessary hardware and software for skimming credit cards are already available for less than 50 dollars, of course with detailed instructions and webinars.

The largest known thefts comprise up to 100 million data records and affect such well-known companies as Sony, Target or Home Depot. For credit card fraud and identity theft, the press is quoting damages of between 50 billion and 100 billion per year.

How can I protect myself against digital theft?

You can craft an RFID blocker yourself. All you have to do is wrap your credit cards in aluminium foil. If this is too cumbersome or too hand-knitted, you can buy an RFID protective cover for little money. These are available for both credit cards and passports. One RFID strip even protects an entire wallet. You simply place the strip into your wallet together with the banknotes. It is important that the credit cards are shielded from both sides when the wallet is closed.

Apart from these simple but effective measures, it is advisable to check your bank and card statements regularly and report any discrepancies immediately to the bank. Companies that have used card-based access systems (batches) up to now, increasingly rely on biometrics for higher security.