According to the Federal Trade Commission, credit card fraud was among the most prevalent types of identity theft in 2023, with over 114,000 reported cases. Statista estimates that the U.S. economy lost about $1.59 billion in 2022 to this financial crime.
With the recent shift to contactless payment cards, more cybercriminals are turning to RFID credit card theft via scanning. This article will explain how this theft happens and provide tips on how to protect your RFID credit card from potential thefts and other common payment card frauds.
How Do RFID Credit Cards Work?
To understand how RFID credit card theft occurs, you must first learn how RFID credit cards work. RFID or contactless cards use Radio Frequency Identification—you’ll know yours is one if it has a sign that looks like the Wi-Fi sign turned sideways. This type of technology transmits information between tags attached to objects and scanners via electromagnetic waves.
A typical credit card tag or chip contains the following three details:
- Cardholder's name
- Card number
- Expiration date
When an RFID card is near a scanner or card reader, the scanner automatically emits radio waves to activate the card’s RFID chip. The chip can then respond by also emitting radio waves to send its stored information to the reader.
Most credit card issuers use near-field communication (NFC) technology to ensure their cards can only communicate with contactless readers 1–2 inches away. The risk associated with having these cards is that someone may try to use the contactless reading feature to steal your credit card information.
How Does an RFID Scanner Steal Credit Card Info?
Scanning is a type of credit card fraud in which cybercriminals use illegal card readers to activate RFID chips on unsuspecting victims’ credit cards and extract payment details.
For this to happen, the hackers must be within the card’s read range, which is typically 5–6 inches. As a result, most hackers who use credit card scanners operate in crowded places like gas stations, tourist attraction sites, buses, trains, and malls.
What Can Cybercriminals Do With Stolen Credit Card Data?
Once a hacker has stolen your credit card data and other personally identifiable information, they can use it to do the following:
- Make unauthorized purchases
- Create duplicate credit cards
- Access your bank accounts and make withdrawals
- Apply for loans in your name
- Sell this info to other cybercriminals on the dark web
- File fraudulent tax returns and claim tax returns
The good news is that you have some protection from the damages you might suffer in case of stolen credit card data. However, it might take some time to resolve the damages, especially if the theft causes your credit score to drop.
Are Debit Cards Also Susceptible to RFID Theft?
Yes, debit cards with RFID chips are also susceptible to unauthorized scanning. To prevent huge financial losses, you should regularly monitor your transactions and flag unauthorized payments as soon as possible.
Credit and debit cardholders are protected by different laws that limit liability based on the time users take to report disputed charges. Some banks also have $0 liability policies in place, so you wouldn’t be liable at all. Here’s a run-down:
| Card Type | Debit Card | Credit Card |
| Applicable Law | The Electronic Fund Transfer Act (EFTA) | The Fair Credit Billing Act (FCBA) |
| Time Restrictions and Maximum Liabilities |
| 60 days — $50 maximum liability |
What Should You Do in Case of an RFID Credit Card Theft?
People often discover their credit card numbers have been stolen by receiving a transaction notification or bank statement showing an unfamiliar transaction. If your card is still with you, it’s possible someone obtained your information while you were using the card or via an RFID reader.
When you discover suspicious activity on your credit card statements, you should:
- Inform your card issuer—Ask them to pause or close the card and stop any pending transactions.
- Report the case to law enforcement authorities—You can file an online identity theft report at the Federal Trade Commission’s IdentityTheft.gov website.
- Contact the three credit bureaus— Equifax, Experian, and TransUnion—to report or stop potential fraudulent applications with the stolen details.
How To Protect Your Cards Against RFID Theft
Besides the security measures put in place by your credit card issuer, you can also take personal initiatives to safeguard your card details from unauthorized access. Below are a few RFID credit card protection tips for preventing illegal scanning:
- Invest in specialized RFID-blocking sleeves or wallets designed to block electromagnetic signals from unauthorized scanners.
- Use RFID-blocking stickers or cards.
- Opt for cards from reputable financial service providers with industry-standard security measures.
- Enable payment notifications on your mobile devices to identify and flag unauthorized transactions on time.
- Regularly review your statements to scan for unrecognized activity.
- Leave your card at home when visiting high-risk, crowded areas like public beaches and tourist attraction sites.
You can also opt for a different type of contactless payment, like using your phone's NFC feature and an e-wallet or app. If you still don’t think your card is secure enough, you can always ask your bank to issue you one without an RFID tag.
How To Protect Chip Credit Cards From Theft
If you’re wondering, “Do credit cards with chips need RFID protection?” The answer is no. To communicate with a reader, a regular chipped card needs physical contact—but RFID chips don’t because they have an antenna.
That doesn’t mean you don’t have to protect chip credit cards. Criminals might try to steal your card information while you’re using it at an ATM or a POS device by installing a reader beforehand. To protect your cards from these devices, also known as skimmers and shimmers, you should be on the lookout for signs of tampering:
- Loose or damaged parts
- Keypads with moving edges or thicker buttons
- Card readers with awkward shapes or different colors than those you regularly use
- Gas pumps missing the security tapes that help indicate tampering
There’s also the chance someone will try to steal your credit card information when you’re using it online. It’s called e-skimming, and the more you use your card online, the more you’re exposed to the risk.
For protection, you can:
- Avoid clicking on links from unknown sources—Hackers often use malicious links to redirect users to fake checkout pages that phish payment details.
- Use secure, private Wi-Fi when making online payments—Cybercriminals can intercept transactions over public Wi-Fi and steal your card information.
- Use virtual cards—while some major banks issue them, choosing a card from an independent provider like Privacy means getting better security and convenience features.
Add an Extra Layer of Protection With Privacy Virtual Cards
By using Privacy Virtual Cards, you're adding another protective layer around any transaction that takes place online. Privacy Cards use a random 16-digit payment card number with a CVV and expiration date that hackers cannot backtrack to your actual accounts.
Privacy also offers the following security features:
- Payment Card Industry Data Security Standard (PCI-DSS) compliance
- Internet Protocol Security (IPsec) with AES-256 to safeguard inter-data center communication
- PBKDF2 with 100k iterations for password hashing and rainbow attack prevention
- Industry-standard Transport Layer Security (TLS) HSTS for all web traffic
Types of Privacy Virtual Cards and Features
Privacy users can create two types of credit cards—Single-Use and Merchant-Locked. Learn more about them below:
| Card Type | How It Works | When To Use |
| Single-Use Cards | It closes shortly after the first payment. If cybercriminals steal its details, they can't use them to fund another payment. |
|
| Merchant-Locked Cards | It's “locked” to the first merchant where you use it, making it impossible for hackers to use it elsewhere. |
|
Regardless of the type of Privacy Card you generate, you will get access to great tools to help you keep your safety and finances in check:
- You can set spending limits to prevent merchants from overcharging you.
- You may pause and close virtual cards to reduce the risk of fraud without affecting your bank account or payment card.
- You can set real-time alerts to monitor your transactions.
Privacy Cards are accessible via an Android and iOS app, enabling you to create and manage them on the go. You can also use these cards via the browser extension available for Safari, Chrome, Safari for iOS, Firefox, and Edge. The extension autofills card info at checkout, saving you time and the need to memorize card details.
Privacy Cards Setup and Pricing
To create a Privacy account, follow the steps below:
- Sign up
- Verify your identity
- Add a debit card or bank account
- Request Privacy Virtual Cards
Privacy offers three plans, and you can read all about them in the following table:
| Plan | Features |
| Personal—free for domestic purchases |
|
| Pro—$10 Per Month |
|
| Premium—$25 Per Month |
|
Privacy Virtual Cards are available to U.S. residents over the age of 18 with a checking account at a U.S. bank or credit union. They can be used at most merchants and websites that accept U.S. Visa® and Mastercard® payments.
