What is the harm in removing a credit card's RFID chip?

BROWSE BY TAG Identity Management and Access Control,   Wireless Network Security: Setup and Tools,   Wireless Network Protocols and Standards,   Enterprise Network Security,   Expert Archive: Identity Management and Access Control,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Identity Management and Access Control Is Identity Management as a Service (IDaaS) a good idea? How to log in to multiple servers with federated single sign-on (SSO) How to confirm the receipt of an email with security protocols Learn about enterprise strategy for server virtualization single sign-on Employee information security awareness training for new IAM systems Can you combine RFID tag technology with GPS to track stolen goods? Is there a free enterprise-caliber password-management tool? Cryptosystem attacks that do not involve obtaining the decryption key Can any firm or organization get a digital signature certificate? Should the CTO have domain administrator access? Wireless Network Protocols and Standards Wireless network guidelines for PCI DSS compliance Best Wireless Security Products MMS messaging spoof hack could have global ramifications PCI group releases wireless security guide 802.1X Port Access Control: Which version is best for you? Wireless Security Lunchtime Learning An introduction to wireless security Lesson 1: How to counter wireless threats and vulnerabilities Risky Business: Understanding WiFi threats Lesson 1 quiz: Risky business Expert Archive: Identity Management and Access Control Enterprise password management policy: Finding the balance How to conduct a periodic user access review for account privileges Options for a mechanical door security system on a server room door Comparing access control mechanisms and identity management techniques User provisioning and SSO for PeopleSoft- and Unix-based products Could someone place a rootkit on an internal network through a router? Should a new user have to confirm an email address to gain access? Can home PCs provide a way for viruses and spyware to enter a corporate LAN? What should an enterprise look for in a password token and a vendor? Using batch files for temporary user access to the local admin group

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Wired Equivalent Privacy  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

If you want, you can just drill out the radio frequency identification (RFID) device chip on a credit card. There isn't any harm, and you wouldn't be the first person to have ever done it. The only thing to be careful of is to not damage either the magnetic stripe on the back or the numbers embossed on the front. Damaging these could make the card useless.

With that said, punching the chip out of the card still isn't a good idea. It should be your last choice. There are plenty of other options that are less drastic.

Let's take a quick look at the security issues associated with RFID credit cards.

An RFID is a tiny radio transmitter on a chip. Credit cards with an RFID chip transmit account information, like a name or account number, to a reader at a checkout counter. An RFID credit card is designed to be more convenient than swiping the card's magnetic strip through a reader; someone can easily wave his or her wallet over an RFID reader without even having to take the card out.

Major credit card issuers, like JPMorgan Chase and American Express, have offered RFID cards since 2005. But the chips made headlines last October when researchers at the University of Massachusetts built a machine that could use the card's radio signals to read account information.

The researchers claimed that the RFID chip transmitted account numbers and other sensitive information openly through the air, making them vulnerable to theft. The card companies, however, claimed the data was encrypted and that the researcher's sample -- only 20 cards -- was too small.

Either way, as of this writing, there haven't been any reported breaches caused by malicious users and roving RFID readers. Of course, that doesn't mean RFID-related identity theft won't be a problem in the future.

An option, if you're concerned about RFID credit card safety, is to simply return the card to the issuer and get another card from a different company that doesn't implant its chips.

Another possibility is to purchase the DataSafe Wallet from Kena Kai. The wallet is lined with RF-shielding material, which blocks RFID signals until the card is taken out. The wallet acts like a portable Faraday cage, a common trap for radio signals that normally would be too bulky to carry around in your pocket.

Also, keep in mind that despite the security risks of credit cards, most issuers generally use fraud monitoring systems as another layer of protection; these mechanisms are often invisible to users. If a card is lost or stolen, whether through its radio signals or not, these systems develop a profile of your card usage, detect unusual transactions you normally wouldn't make and then block them.

More information: