The technology in the card, known as radio frequency identification (RFID), transmits bank details via its own radio signal. A RFID reader can pick up these details in a matter of second
A new breed of digital pickpocket has been discovered lurking in stations and shopping centres.
They come armed with technology that can effortlessly steal credit and debit card details without so much as touching your wallet.
Standing just six inches (15cm) away, these criminals use radio-frequency identification (RFID) readers or apps to harvest bank details in a practice known as ‘digital skimming’.
Scroll down for video
If a readers or RFID-app enabled smartphone is within range, it can pick up the wireless signals transmitted when that card is being used to buy a product (left). David Bryan (right), a security specialist at Chicago's Trustwave, stood by crowded shopping areas with a device stashed in his backpack to show how it works
ABC7 I-Team recently revealed just how easily thieves use mobile technology to steal personal details from cards that use ‘wave and pay’ radio technology.
David Bryan, a security specialist at Chicago's Trustwave, stood by crowded shopping areas with a device stashed in his backpack that could read card numbers.
‘This was then powered by a USB Battery, and stuck into a backpack.’ All of this, says Mr Bryan, can easily be purchased online.
As well as a device, digital pickpockets can download an RFID app onto their phone.
If a reader or RFID-app enabled smartphone is within range, it can pick up the wireless signals transmitted when that card is being used to buy a product within seconds.
The information can then be input into a machine that they can be purchased for $300-$400 that can recreate the card.
Security firm Norton says that this year 70 per cent of credit cards will be vulnerable to digital pick pocketing.
‘The device can read many different RFID tags- including MiFare Cards, EMV Cards, and many type of RFID tags,’ said Mr Bryan. ‘It works with many Near Field Communication tags and devices’
Because RFID is always switched on, some payment experts say it's more vulnerable to attack than NFC.
'This demonstration shows that contactless payment card reading technology is not a silver bullet for security,' said Mr Bryan.
RFID readers can be brought cheaply online. They can also be downloaded onto a smartphone from an app
'RFID payment cards need to be backed by a mobile device that generates one-time payment card numbers for that specific transaction- rather than having a static payment card that never expires.
'In a crowded train, if someone has an RFID payment card, I could easily pull that data if I get close enough - or have a large enough antenna'
As well as using it in his backpack, Mr Bryan successfully stole numbers by attaching the equipment to a laptop.
‘The three digit code on the back of the card could help,’ Marc Rotenberg is President of the Electronic Privacy Information Center (Epic) told DailyMail.com.
This code can’t be read by the device, but fake cards could be created without the three digit code and presented at shops.
‘We have some questions about the implementation [of the three digit code] because it wouldn’t make sense to implement it if you don’t require presentation of the product,’ said Mr Rotenberg.
Places to watch out for digital pickpockets include crowded shopping centres and busy stations where transactions are constantly being made
Special wallets that use foil can block these radio frequency signals, but the threat remains very real.
So much so, Apple Pay, meanwhile, is attempting to overcome the problem by not storing any numbers on an iPhone.
A Chase Bank spokesperson also told the ABC7 I-Team that they are discontinuing the use of that radio technology on their cards.
‘It’s not necessary wrong to pursue these techniques, but more needs to be done to safeguard people,’ said Mr Rotenberg.
A PURSE THAT FIGHTS CRIME: CLUTCH PROTECTS YOU FROM DIGITAL THEFT
Articulate's clutch (right) blocks RFID (Radio Frequency Identification) signals - the relatively new technology that allows us to simply wave our credit cards over a scanner to pay for goods (left)
A tech-savvy accessories label has launched a clutch purse with built-in capabilities to protect against identity theft.
Articulate's clutch costs $35 to pre-order and blocks RFID (Radio Frequency Identification) signals - the relatively new technology that allows us to simply wave our credit cards over a scanner to pay for goods.
According to the team behind the purse - entrepreneur Kevin and his sister Lindsay, based in San Diago, California - the clutch contains a 'special material' embedded into the design to help block these pesky RFID signals.
'Criminals with very minimal technical skills have created devices similar to the scanner which vendors such as grocery stores use,' the website description reads.
It comes in a range of colors and can also be worn over the shoulder thanks to the chain strap.
According to the United States Federal Trade Commission, identity theft had been holding steady for the last few years, having seen an increase of 21 per cent in 2008.