This archived news story is available only for your personal, non-commercial use. Information in the story may be outdated or superseded by additional information. Reading or replaying the story in its archived form does not constitute a republication of the story.
SALT LAKE CITY — A new credit card technology designed to increase consumer convenience may put users at higher risk for identity theft.
Some credit and debit card issuers have implemented radio frequency identification — or RFID —chips into their cards that allow users to wave or tap the cards at vendors' checkout registers. It is supposed to make paying for purchases easier and faster.
The technology is in everything from credit and debit cards to passports.
The problem is, the high-tech chips may also give cyber thieves a new way to pick your pocket without ever laying a hand on you.
"Any kind of RFID read can energize (the chip in the card) and results in transmitting its data out," said Gary Glover, director of security assessment at Security Metrics — a payment security company based in Orem.
Using a netbook computer with a credit card reader that can be purchased online for about $100, a cyber thief can steal credit card information just by getting close enough to touch. In crowds or in close quarters, electronic pickpockets can scan personal information from dozens of unsuspecting consumers in just a few minutes.
The same can be done with passports, which have issued with RFID technology since 2006.
In Utah, while there have been no reports of RFID theft by the Utah Attorney General's Office, consumers should be diligent in protecting their personal information, Glover said.
If you could be assured that the information on the card would be encrypted, then it might be safe. But Glover said the only way to ensure total security would be to have "everywhere you use that card" also be on that same encryption infrastructure — a virtual impossibility.
"That's not going to happen for a long time," he said. "It's just too hard to (make infrastructure upgrades) through merchants that are barely staying alive right now."
Glover advises consumers who get an RFID card to disable it and use it in the more traditional manner of swiping it.
"Whenever I get one of those cards, I just take my fingernail and break the chip in the card," he said. "So it can never be (remotely accessed) and send out your (personal) data."
He said while the RFID card may seem like a "cool" convenience to have, the reality is that it actually exposes users potentially to electronic pickpockets who would like nothing better than to steal your personal information.
Currently, not all credit or debit cards have RFID chips and Glover strongly advises against them.
"If you get a choice (of getting a RFID card), choose not to get one," he said.
"It's a perceived convenience upgrade," Glover said. "(But) unless there is a whole lot of security behind that convenience upgrade, then it's really a potential downgrade in security."
E-mail: [ firstname.lastname@example.org](<mailto: email@example.com>)