RFID technology allows a chip on your credit/debit card to wirelessly communicate with a payment device at the supermarket, petrol station, McDonalds etc, and make a payment without you having to enter a PIN.
The point of this technology is supposed to be two-fold: on the one hand it’s supposed to fix security problems with cards that rely on a signature – because too many retailers don’t actually check the signature. RFID is also meant to make paying for smallish items more convenient for consumers – just wave the card in the air and hey presto, all done.
By smallish transactions, we’re talking about items up to $100. The idea here is that if your RFID card is stolen, there will be a limit on how much the thief can get away with. Unfortunately, there is no limit on how many times you [or the thief] can use the RFID card in a day.
So what are the ramifications? Well, let’s say your card is stolen in the morning and it has $500 on it. You realise it is stolen at lunch time when you try to pay for your sandwich. You ring the bank, but between breakfast and lunch, the thief has used your stolen card 5 times for a total of… you guessed it, $500.00.
Now the banks say they have algorithms in place to alert them to unusual transactions, and maybe they do, but it will still be up to you to go through the hassle of proving that you did not make any of those transactions. In the meantime, you’ve lost $500. If that was all you had for food etc for that week then you’re in trouble because your money will not be refunded straight away..
Now to be honest, you will have the same hassles any time your card is stolen, that’s just how modern life goes. But what if you don’t know your card has been stolen, because it’s still sitting right there in your wallet?
This is where things get sticky. The credit card companies say it’s not possible to steal your card information without stealing the actual card. The banks, [who have no say in what tech. goes on credit/debit cards] say the same thing, and people like me who don’t believe the assurances are labeled as wackos, dinosaurs or conspiracy theorists.
But seeing is believing. In this first video you will see how easy, and cheap, it is to steal card and account information. The truly scary part, however, is how easy it is to then clone that information.
The next video shows one of the presenters of the well-known Mythbusters TV show talking about how a proposed segment on RFID technology was gagged by the legal representatives of all the major players – i.e. Mastercard, Visa, etc.
If these two videos have made you concerned, you can find lots more information out on the net, some for, some against the technology, but one thing is consistent throughout – you can’t opt out of it.
I suspect the manufacturers did not put an opt out function on the RFID card technology because:
1) it would cost more to produce, or
2) they were worried too many people would opt out.
Either way, the banks have no say in the matter. If they want to offer their customers credit card facilities, they have to take what the credit card companies give them, and that is RFID technology..
This means no amount of complaints to the banks will do a speck of good. I know because I spent almost two, very frustrating hours on the phone to the Bendigo Bank yesterday. I was trying to work out what was going on, and why I couldn’t just say no. Then I tried to complain. Then I realised that even the Bendigo Bank didn’t give a shit because there was nothing they could do about it. I was told to get an ordinary cashcard if I was so worried.
Apparently these cashcards are debits cards issued by the banks themselves. They can be used at supermarkets, ATMs and all EFTPOS terminals, but they CANNOT be used for, say, online transactions. So if you buy stuff on Ebay you can’t use your cashcard. The same thing applies to PayPal. 😦
By this point I was grinding my teeth and yelling at the customer service representative. Think small, grey-haired terrier biting at the ankles of a giant. Yup.
But I would not be writing this post if I did not have a solution, of sorts.
Get a cashcard for all normal, local transactions and keep it in your wallet. Take all the money out of the RFID card and keep the card in a safe place at home. When you need to use it for an online transaction, transfer some money into the card via internet banking.
Doable? Yes. Convenient? Hah…
Use your MyKi card to disrupt the RFID card. I found this info. on the internet and haven’t had a chance to try it out yet, but apparently whatever is on the MyKi card messes with the RFID on the credit/debit cards. I’ve also read that you can buy a wallet that stops the wireless transmission. Or you can wrap your card in tin foil. Oh wait, maybe it’s your head that’s meant to be wrapped in tin foil.
If the MyKi solution works, you won’t have to worry about being scanned, and scammed, while you travel to work on a crowded train/tram/bus, or wait in line at a supermarket or airport. Of course you will still be a bit exposed when you actually take the card out to use it [via swipe or tap] but at least it would be safer.
The Daughter and I intend to order cashcards on Monday because we can’t afford to lose any money, period. We will also trial the MyKi card solution, and I’ll update you on the results.
In the meantime, if you love the convenience of Tap and Go then at least please be cautious enough not to keep too much money on the card at any one time. It’s just not worth the risk.