Feature Article
Mark Pribish
Your 2011 Summer Vacation Threat: RFID Fraud
By Mark Pribish
Vice President and ID Theft Practice Leader

Last month I wrote about how you need to increase your awareness of credit/debit card skimming – especially when you are traveling away from home during summer vacation.

This month I am writing about Radio-Frequency-Identification (RFID) technology where criminals can steal your credit card, debit card, passport and other valuable information without even touching your wallet or purse.

In an article written by Liz Pulliam-Weston – a personal financial columnist for MSN (please see the article here), Ms. Pulliam-Weston writes about how RFID technology "looks cool and the card issuers assure us these transactions are encrypted and safe but privacy advocates aren't so sure."

That said, Ms. Pulliam-Weston reported on how "grad students from Johns Hopkins University hacked a Speedpass a few years ago to get free gas; how two researchers at the University of Massachusetts pulled unencrypted names, account numbers and expiration dates off contactless credit cards using a homemade scanning device; and how the New York Times reported that one of the UMass researchers, Tom Heydt-Benjamin, was able to buy electronic equipment online using information pulled off a contactless card sealed inside an envelope."

Ms. Pulliam-Weston also wrote about another news story by NBC's Today Show and how "Heydt-Benjamin concealed the scanner in a briefcase and "read" data from a contactless credit card in another person's back pocket."

Mr. Heydt-Benjamin's point is that radio-frequency tags are open to wireless access and anyone with the right equipment can steal your credit/debit card data and that ID Theft criminals are able to buy the equipment to steal your information.

This relatively new crime of RFID fraud is referred to as "electronic pickpocketing" and the Identity Theft Resource Center (ITRC) published a great article on what RFID is, how RFID works, and what RFID is for (please see the article here).

In the simplest of terms, an RFID credit/debit card is a standard credit/debit card embedded with a radio frequency microprocessor. This means that your credit/debit card has a read only chip which includes your personal credit/debit card information. This also means your credit/debit card can be read by an RFID enabled point of sale terminal like a pay-at-the-pump gas station or the point of sale terminal at your local grocery market.

Retailers use RFID technology because it eliminates employee contact with the credit/debit card with the idea of making your credit/debit card easier, quicker and safer to use. They also use RFID technology because it holds more data than magnetic strips and can be read quicker.

The general credit card company response (Visa, MasterCard, American Express and Discover) to RFID credit/debit cards is that RFID credit/debit cards are safe because there is a unique code being used for each individual transaction and that your credit/debit card is encrypted.

The RFID threat is that ID Theft criminals can steal you credit/debit card information by using a frequency reader (which are inexpensive and easy to obtain) by simply walking next to you to acquire your credit card number and expiration date without any physical contact.

So who are you to believe and what you can do?

  1. You can tell if your credit or debit card has the RFID chip by the four wavy lines on the front or back of your credit/debit card that indicates that it can transmit a wireless signal.
  2. If your credit/debit card has an RFID chip, you can ask your financial institution or issuer to exchange it for a card without the RFID chip.
  3. If you have credit/debit cards or a drivers' license with an RFID chip, you can contact the issuer to provide a secure sleeve to protect against ID Theft criminals and frequency readers.
  4. Protective sleeves can also be purchased online to prevent RFID cards from being read.

To conclude, and in my opinion, RFID fraud is still a low risk. While scanning your RFID credit/debit card can be done without your knowledge, the ID Theft criminal may still have a difficult time getting all the necessary information to commit financial fraud.

At the same time, we all need to keep up with changing technology (including RFID frequency readers) and ID Theft scams and trends so that we can be proactive in protecting ourselves for ID Theft criminals.

To learn more about these threats and how to protect yourself and your family from Identity Theft, you can read my past newsletters at the Merchants Identity Theft Educational Website at www.idtheftedu.com.


Scam Central

Phone Cramming Cost Consumers $2 Billion Annually

How many of you pay attention to each and every line item on your phone bill? According to a July 13, 2011 CNN news report, Senator Jay Rockefeller, D-West Virginia, said a one-year study by the Commerce, Science and Transportation Committee shows about $2 billion a year in "mystery fees" show up on the landline phone bills of Americans, a problem known as phone cramming (click here to see the article). According to Rockefeller, "it's illegal, it's wrong and it's scamming."

How It Works:

"Cramming" occurs when an organization places unauthorized, misleading or deceptive charges onto your phone bill without your consent. It can occur when your provider places charges for services a third party claims to have delivered to you on your bill. These charges may appear as vague references on your phone bill, such as "service fee", "service charge", "other fees", etc.

Phone companies such as AT&T, Verizon and Qwest receive a small fee -- often just a dollar or two -- for allowing charges from third-party vendors to appear on the phone bills from individual consumer and businesses who are unaware their phone numbers can be charged almost like a credit card without ever getting any type of service in return. While the third party vendors are implementing the scam – AT&T, Verizon and Qwest do not, cannot and/or ignore the phone cramming since they receive additional revenue and view the monitoring of third party vendors as an additional expense.

Your Defense:

Now, more than ever, it is time to be vigilant in reviewing your phone bill. When your phone bill arrives, be sure to examine it closely.

  • Are these extra charges from companies that you authorized to perform some service?
  • Was the charge in question for a service, and was that service ever rendered?
  • Should this be a recurring charge?
  • Do you recognize the companies named on your bill?

If you find such charges on your phone bill, contact the company in question and ask for an explanation of the charge, or a readjustment of the charge if needed. If this was for a service you did not receive, they should clear the charge. Call your telephone provider and complain about the charge. If the company in question or your phone provider refuse to remove the fraudulent charge(s), call the Federal Trade Commission (FTC) at 1-877-FTC-HELP or fill out their online complaint form here: https://www.ftccomplaintassistant.gov/.

In addition, you can also write your state and federal legislators to support laws banning third party billing practices. Finally, both consumers and business can set up blocks on accounts to prevent future phone cramming.

If you believe your identity has been stolen, call 866.SMART68 today.