I am a hobby leather crafter. I made passport cases for my wife and me. Tandy Leather sells sheets (8 1/2 x11) of RFID "paper" I used it in the lining of the cases and I put a piece in my carry wallet. At the time I had read about the points raised in your video and I thought these flimsy pieces of paper could not possibly provide any protection but for $8.00 I did anyway.
Excellent content - I only have two nitpicks! 1. 4:10 The CVV on the magstripe and the CVV on the back of your card are actually different; that's why you see the one on the back of your card is usually referred to as CVV2, though different providers have different names for the same thing. Banks can use this to distinguish transactions that are made via magstripe, allowing features like disabling magstripe transactions. In the UK, modern banks like Starling and Monzo disallow magstripe payments by default. You have to enable them using your banking app (Starling even disables it again automatically after some inactivity). 2. 8:53 Mark mentions that it's theoretically possible (although very unlikely) for a skimmer to "read" a card. This is a bit misleading as, unlike magstripes (which are just data blocks that can be read), RFID/NFC chips found in modern cards are actually tiny computers working as black-box systems. You tap your card to make a request like "approve this $10 transaction", where the card responds, "here's an authorisation code signed by my private key, give this to my bank to get your $10". Abusing this feature is incredibly hard because it can't be used to "clone" a card - those chips use private keys to sign their responses, so the bank can verify that it was your card that authorised the transaction. But a private key never leaves the chip. That means the worst an attacker can do would be to get your card to approve a contactless transaction. Contactless transactions tend to have pretty low limits anyway; and to cash such a transaction, the attacker would need an actual POS device (i.e. be registered with a bank), which will be blocked by their bank as soon as someone reports them. The profits are not worth the risk. Some very old passports (pre-2007) had chips that would provide all the personal data you requested. But then BAC (Basic Access Control) was introduced in 2005 to counter that, followed by PACE (Password Authenticated Connection Establishment) in 2007. Though, as Mark said, the States may have been a bit late to catch up on these standards as well. But also as Mark said, it's extremely unlikely for anyone to be able to remotely contact your passport with all the distance and interference. So you're probably good even if you have the oldest, most insecure chip on your passport - don't find me if you get your birth date stolen somehow, though. I accept no responsibility! 🙂
April, 2023: Card readers at stores may have changed, to be too sensitive or too powerful, as some folks are finding their cards charged from up to 2 feet away, automatically, while the cards are still in their wallets. One woman found 3 of her cards were automatically charged at once, while still in her purse. So RFID protection does seem to have a place at the moment. It needn't be expensive, as metallic heat duct tape (with clear tape to back it) are relatively cheap. You can make your own RFID protection to fit in each side of your wallet for around $1.
Hapening right now in Sydney. My wife often sees charges on the credit card statement for typically 6 to 7 dollars nominated as a Tap Payment, taken off by the Transport Department, when when can travel all day on our seniors Opal Card for $2.50. The situation seems to have changed when you started to be able to put your standard Opal Card in a phone app. The detectors must pick it up on your phone when you are checking in with the other card, in spite of our never registering for a phone app payment, and I am pretty sure as a senior, you can't get the app. We have been able to get refunds, but it is a tedious process and takes months.
Farthest read I have ever gotten was around 3 inches, I mess with this on every tap transaction. For most readers if I don't have the card directly over the tap here area it won't read the card.
One of the best ways of protecting your credit cards is using the feature a lot of banks have where you can lock and unlock your card. Unlock it make your transaction and lock it afterwards. Oh wow what a hassle I use it to pay bills and have deposits made. Nope, this is still allowed even with your card locked. And believe when I tell you I forgot to unlock my card for a purchase and it declined several times and referred me to my bank to reactivate my card after explaining what happened.
I haven't seen any price different between built in RFID blocking and just a regular wallet so I see no reason to ignore the added protection. But I wasn't here to find out if it was a concern. I wanted to know if the wallets actually block the scanners. Unfortunately I wasted my time.
Scanners have never been a serious concern. But skimmers, waiters and hackers are and an RFID wallet won’t protect you. What you lose in an RFID wallet versus not is good material, and variety.
@@walletopiaAnd that would have been fine, but you titled it like the Wallet market is scamming people and this is just as ignorant. Scanners do exist and if anything will only get cheaper and more mainstream as time goes on. Sure it will still be rare but when the cost is negligible to get peace of mind, you would be dumb not to do it. Arguing these other modes of attack exist or happen more is not how you win the debate or inform people, especially by downplaying the type of attack that the wallet blocks, sure rare but does happen.
@@Bound4Earthscanning is so inefficient when you’re numbers all exist on the internet already from all the data breaches. Seems like a dime holding up a dollar issue
@@Fhshaoaksbd I bought a new wallet because I needed a new wallet. I didn't have to factor in the difference in price because there wasn't one. Think before you interject. ;)
I've had 2 friends charged at a retail POS before they pulled their cards out of their wallets. I didn't believe it at first until it happened to me at a CVS. I rung up 3 things at the self checkout then hit the payment button and it spit out a receipt charged to my BofA debit card. The card has the RFID tag on it. Now i just keep my card loaded in my Apple Pay wallet. I still carry at least 1 credit card in case I need a backup but i have it sleeved in a Ridge.
Im not a huge shopper but yesterday and Saturday and went to several different stores. I actually walked out of Costco with my wallet in my hand. Last night someone tried to use two of my cards. When one card didn’t work they immediately tried to use the other. One card, I haven’t used in 3-4 months. The other I use daily. Naturally I checked my wallet and both cards were there. An authorization went through but I was able to call the bank and get the card canceled before it was charged. Now searching for a video to see if there are any good RFID blockers and came across your video. Thanks for sharing.
RFID blocking is actually a detrimental in my wallet shopping. I keep my building access card, transit card in my wallet and the RFID blocking feature forces me to take the card out to tap. i"m looking for a lay flat currency bifold wallet and almost all of them have RFID protection built in.
Another advantage of RFID blocking is to block unwanted contactless transactions: nowadays there are mini card readers that a bad actor could own and just tap on a wallet in the back pocket of someone else on the bus, and just steal 25€ a pop. Now, if that someone's wallet had RFID blocking, it would have to be unfolded for the card reader to be able to read the cards
What is the probability of that happening? Because if we are talking like that, we can easily say, there are people with guns on the street that can point it to you and steal your wallet. If you are so scared add a slive or rfid blocking card in your wallet, where your card is. You don't have to limit yourself in using only rfid blocking wallets. That's the point of the video.
@@dlatua RFID blocking doesn't promise to protect you from mugging or hacking. The video should focus just on RFID. And it doesn't take a sophisticated, dedicated machine to skim NFC cards. You can scan a card with a Samsung phone with Samsung Pay.
@@guitarmetaldemon I am not super knowledgeable in the subject, but don't mobile phones need to be really close and more or less motionless for several seconds for the transaction to work? When I started using my watch to pay, I had a hard time learning to keep the watch almost physically on the reader for long enough to get the transaction done. I mean, to get the transaction done with a "bump - Oh I'm sorry" style it actually would require special equipment with a longer range. As I mentioned, I'm not 100% on this but with my interest/professional background in electronics and watching 1000s of videos from pros, I think it's a fair assessment. On the "video should focus on just RFID.." I say that he showed that the RFID-blocking is a very very small percentage of all the ways to get "mugged", and without the other security risks mentioned, it wouldn't make as much sense to say "RFID-blockers aren't needed". That's my take on it anyway.
@@dlatua The probability of the risk is just one factor, the other factor is the cost of the protection. RFID blocking is easy and cheap so there's very little cost to cutting down some risk. The example with mugging isn't comparable because if you were to be hypothetically mugged, it would take a lot more effort to build precautions that would effectively prevent it. The difference in cost is like... constant vigilance, self-defense mental and physical training, etc etc, vs a $2 piece of RFID blocker.... lol no brainer. If it only took a $2 piece of material to protect people from getting mugged, people would buy it too, despite mugging being "unlikely".
I get any wallet I want, if it has RFID in it then so be it. I have friends who talk about wallets and RFID, and when I explain the non-risk of not having RFID, they don't tend to believe me, so I don't push the point. The bottom line is can stuff be scanned, but as you said, it rarely happens in real life, but it still can. I use a Secrid leather-covered wallet and a Flipside 4 wallet. Both have RFID, but I bought them cause I love the design. RFID was not even a consideration.
While your completely right about everything you said,I believe the RFID blocking wallets are a comfort blanket for some people rather than a necessity..for example if someone went to buy a wallet nowadays and there was two wallets that looked identical but one came with the RFID technology and the other didn't I'm thinking most people would buy the RFID one just to feel safe...even though they most likely not need it ..you know,like the old condom saying! Better to have it and not need it!
exactly, as I have said in another comment it is nowadays more important to FEEL safe than actually bother to get the proper information to be TRULY safe. Very often I hear people around me trusting what they read on Social media rather than what professionals on the subject say. It's like getting more likes makes it true. Yes I'm a grumpy old science-believing sod who thrives on (nowadays rare) true facts 😂😂
@@ailurusfulgens1849 we're all different, I just use my watch or phone. I have two debet cards so I think the machine would be confused if I used my wallet.
09:00 Incorrect. The FBI, Secret Service and NSA have all admitted to using sniffers during protests in order to identify protesters. They do the same sort of thing with phones using Stingrays interceptors/relays, which is why "Faraday cage bags" are becoming more common among professional protesters. In large cities like NYC and Chicago, as well as during sporting events, there have been dozens of court cases of criminal sniffers being caught. Criminals pick specific locations and times, like Downtown NYC during New Years celebrations to scan as many people as possible. The statistics are hard to find because of how Courts, Police, etc... classify these devices and what offenders are changed with. So, yeah, if you're a nobody living outside of cities, you're probably not going to run into any problems, but if you're like over 50% of the population and live in a city and maintain an active livestyle? There's a very good chance you're going to run into someone at least trying to scan someone on some city block, downtown or at a sporting event. New demonstrations at Defcon and the HOPE conference also show people can now snipe cards from a longer distance than originally thought; there are even "wide net mesh systems" that can be pre-setup to catch cards of a crowd gathering/passing through an area. I could create a list of places where scanning would be a target; I probably should.
Yes, if you're a paranoid professional, be careful. In the specific situations you mention, you're opening yourself up for surveillance anyway. I wouldn't carry any identification, cards or my phone if I were protesting as that makes you a target. Even with a faraday, if you got picked up, you'll be searched, so go clean. If someone is triangulating you with Stingrays, then you've been targeted in bigger things to worry about than a credit card number, and there's been no evidence that any degree (or distance) of sniffing credit cards produces the cycling iCVC which is needed to decrypt the POS communication, so it's still not an issue if you have a chip on your card, except that your name and CC number will be visible. All that said, if you're operating in questionable environments, all cautions should be pursued, no argument.
Glad I found this video. But I still have concerns because if we actually used zip codes or pins to verify physical purchases then the skimming or sniffing would be useless. But for me, all the gas stations in my area stopped requiring typing your zip code and no credit card I have been issued requires a pin. I had a new card and in the first week it was issued before I ever took it out of my wallet for a single transaction it had been sniffed and purchases were being made. In talking to the bank they had seen an increase in sniffing in my area and were advising customers to get RFID blocking sleeves or wallets. I have since used the sleeves with no issue. I now have 3 tap to pay cards and find the sleeves frustrating to use and the idea of adding more thickness to my wallet with RFID blocking cards sounds a lot more frustrating that having a smaller selection of wallets. Is there a downside to an RFID blocking wallet other than selection?
You weren’t likely sniffed, probably skimmed if it was truly a local problem being experienced by the bank. Due to chip and pin, secondary checks like zip codes aren’t usually requested if you patronize the same stations, the card companies know your purchase patterns and realize it’s likely you. If you travel and use your card at a station, you’ll likely be asked for your zip code for secondary verification. There’s no issue with using blocking cards or sleeves. My issue is with RFID blocking wallets. You’re limited in your selection so skip them, get a wallet you want and use a card or sleeve instead.
So what is the down side to having the blocking? I don't see any but maybe I missed it. It sure beats having to mess with sleeves. My current wallet has three blocked slots on one side of a tri fold wallet and I love it. The price was very reasonable when I bought it. So what am I missing?
I do think RFID protection has a valid place, and that is avoiding card clash. I have a wallet which is RFID protected, except for one slot which I put my oyster card in, which avoids card clash and charging the wrong card (which has happened to me before). Living in London means public transport very regularly and not having to remove an oyster card from a wallet to tap is a must really. This is a valid use of RFID protection, but I do agree in terms of fraud it serves no purpose.
Excellent use case. When I lived in Japan I would keep my Suica card (Oyster-equivalent) in the outside slot of my leather wallet (no RFID) and despite that it never had a problem. If I had them stacked together the frequency clash wouldn't allow it to work, so having that separation solves that.
I completely agree with this use case. The problem is that no one seems to put blocks between cards to cover that scenario - so we either get wallets with no RFID blocks, or we get wallets where the entire thing is "protected". I'd like to know what wallet you're using.
I used to live in South Africa where sniffing was and is still is very prevalent, yet where I live know I never really hear of people getting scammed this way. I suppose it really depends where you live, but for me RFID is worth it, even if it is just to give me peace of mind.
Outside the US, credit card issuers don’t always provide the same tech protections, which means card cloning can be a potential problem. If have a card that doesn’t have a chip in it, and only a stripe, then your level of security is decreased dramatically. Getting an RFID card or blocking sleeve is a good idea.
Great info. I personally had my checking account hacked more than 6x in two months. The bank recommended getting an RFID wallet (first time I’d heard of it). The hacking stopped immediately, no change in my behavior or routines, etc. Previously I had been riding the free trolley/train downtown a lot. Bank suspected they were sniffing my wallet.
I came here because my local grocery store (san francisco bay area) has made the news this week by having their registers accidentally reading customers' chip cards while still in their wallets a couple feet away from the card readers.
Additional things to point here, even the RFID mechanism get more complex. There is protection in some rfid card (usually bank or metro card). They are usually much protected compared to cheap building access card, which can be cloned much easier. Also if nothing else, simplest protection you can even have is card clash by having multiple card publishing in same frequency stacked, you can often see if your cards stacked, it is hard to tap in and out. Do beware those card need ro be same frequency, and would not stop more advanced sniffer/reader. This is also the reason why you probably want sleeve for non daily card, for stopping non frequent card interfere your metro card for example.
Yes, thank you for pointing that out. Access cards don't even come close to credit card crypto and combining cards in a stack (not separated by anything else) will create that frequency noise.
@@walletopia have you heard of the device called a flipper zero? It can read and duplicate Credit Cards no problem and many other things too like a tesla.
Yes, I own one and have done extensive testing with it. It can get the CVC or even the iCVC numbers. It can pull the name and card number, but without the crypto key it’s useless.
Thank you, I make cardholders and wallets. I watched this to get insight as to how to make an RFID-proof wallet... Now I don't have to. In the end my customers will get a better slimmer product.
I dont know about this. I've seen store rfid scanners charge someone else in line by mistake. Clearly this setup was too powerful reading other people cards. All charges got fixed, but to say no risk of this exist today, just isn't true either and should be diminished in the future. Even if very slight right now.
It’s all based on your acceptable level of risk. POS systems being misconfigured is one thing. I’ve only heard of it happening in one SF store. Sniffing just doesn’t exist. Skimming is there, but RFID protection won’t help. Bottom line for me has been don’t waste your money on RFID wallets, buy an RFID blocking card or sleeve instead if you’re concerned.
I caught someone trying to sniff my info this weekend. He was walking up against people and while leaving the store he pointed his phone at my purse. I contacted security and he was walked out. I do live in NYC so I’m hyper aware of everything around me. This is happening everywhere. So I purchased a Rdif wallet. However what sleeves do you recommend instead?
So while RFID blocking for credit/debit cards isnt necessary, what about for the US Enhanced Driver's Licenses? I hate having to put my ID in that stupid paper sleeve
I have a Secrid cardprotector which is RFID blocking. I want my Oyster card on the outside so I don't have to get it out or risk cardclash, so I have an elastic band holding the oyster on the outside, yet it doesn't seem to work - is it possible that it is too close to the metal of the cardprotector? Any ideas?
These rfid blocking material also blocks my access card in the wallet to be tapped. And I have to physically take out my card to access my building. In other words, it is a negative for me. I so want to find a ridge wallet that doesn't have rfid blocking in it.
Unfortunately, it's inherent in the material used, not anything Ridge puts in the wallet specifically for RFID. Until they make an alternative material version or allow for an external card holder, it will be a problem)
I suspect RFID protection in wallet adds virtually no cost to the wallet and virtually no inconvenience - apart from perhaps opening doors. So why not buy an RFID protected wallet.
It adds no cost but removes use of better material and makers charge more due to the panic everyone seems to be in about the perceived treat. If someone is concerned then they can buy an RFID wallet which limits selection or just get an RFID card or sleeve and get any wallet you want.
Punchmade dev. So, a couple days ago we caught someone with an exact reader used in his interview video, concealed with paper towels in one of our stores. So, as much as I'd like to say it's still not rampant, expect people who attempt to copycat these types of videos. If someone attempts this on a hundred people, they only need to get it right once. They can drain a bank account if they want to. If you could test RFID blocking tech vs the card readers in Punchmade dev's videos, that would be helpful and new. :)
I have an RFID blocking wallet. I KNOW it WORKS because I take the Bus and and MTA Card is read by the an RFID on the Bus. When I had the wallet without RFID. I would just put my wallet on the bus reader sensor and it would READ IT. The Bus Reader could NOT read it when I had an RFID Blocking wallet.
Correct, it does work, I’m not saying that they don’t work. I’m saying that with the availability of blocking cards and sleeves you’re not forced to choose what is more often than not, a poorly built wallet.
Okay it's April 23rd 2023 and how do you explain the recent story I saw on ABC 7 San Francisco from April 12th 2023 that says people we're not even using their credit cards and the RFID scanner on the credit card machine scanned and charge the cards that wasi n their pocket or their purse.
Single store’s POS system was misconfigured and is the only device that can decrypt a chip and pin credit card. It was an inconvenience to those affected, all the money was credited back from the business. But, if that’s a concern to people then an RFID blocking card or sleeve would take care of it
Why do restaurants in the US still have servers take your card and then bring a receipt that you have to then add the tip and sign? This seems like a major security hole that could easily be fixed by stopping this practice. This hasn't been a thing in Canada for over a decade now at least. When chip and pin came out restaurants quickly switched to having the customer pay up front with a chip and pin machine and then when wireless card terminals came out years ago they started bringing the terminal to your table. I know a lot of places in the US use the card terminals for payment, but a lot of places still take your card and bring back a receipt. Why is this practice still allowed?
I’m an American and have been dining out my entire life and I’ve never been scammed from a waiter. It’s probably that way for 98% of people.. if not 99.4%… that’s probably why it hasn’t shifted away. It’s a non problem for basically every single person
I my country, the cards approve any transaction below 20$ with contactless payment automatically, which is a pain, since many just take payment devices a go in busses or trains and start stealing people 20$ at a time, and stealing money
That assumes a lot of things, like anyone can get a merchant card account with the hardware, and that the hardware is constantly hooked up to a data channel to validate charge requests that come though . The biggest gotcha is that major vetting goes into merchant accounts and the business rules used to get a transaction when requested are very sophisticated and will flag something like what you’re describing quickly. Shutting it down.
@@walletopia That may be true in a developed country, but in third world countries government and many industries are technology illiterates, add corruption to that and anyone with enough cash to bribe the right person can get the device and the vetting solved faster that any law abiding citizen can. Al the end of the day, IT security weakest link is people
I had the same thing happen, but it never left my home. 9/10 it's online hacking fraud. Nothing is safe, which is why we have consumer fraud laws and CC companies who have very strong business rules to sniff out anything that's out of the ordinary.
60 minutes did a story on store readers capturing customers' card info from their purse and wallets. I think its just better to be safe and have blocking materials.
You didn't mention paywave, cards have a range of nearly 10 metres wireless, retail machines are turned down to have a range of about half an inch. Thieves don't turn their machines down. Have you heard of paywave ?
Paywave cards are another name for NFC/RFID, initially launched in 2009 or so where the cards had both the NFC and stripe functionality. At that time, chips weren't a thing and sniffing cards was also a successful thing due to the lack of security. Transport to today, while sellers can get merchant accounts and obtain the terminals, the seller's can actually mess with the setup on the encryption interface between the terminal and the bank. Thieves don't have access to these machines, so their ability to use them is really nil. Paywave, today, like the majority of cards these days use the chip and some version of pin which requires the terminal it's mating with to wake it up, exchange crypto keys with the merchant bank (all real-time) to determine approval or not. The key is the card is "woken up" via the antenna of the receiving terminal when it gets close enough. The card is not broadcasting and by default NFC only works within 1-2" unless the terminal reaches out further, which is what happened in a SF store. Which, again, requires a legitimate terminal to even successfully conclude a transaction.
The video should be titled all of the ways you can better protect yourself because you don't even make a good arguement against RFID blocking, you just argue these other avenues also exist and I haven't seen it in the wild on the streets. Charging cards from people pocket is rare but does happen and arguing I haven't seen it outside of a lab is how you lose an argument. If the wallets were an intrusive system or costly then you might have a point, but you just buy the one you like and it works. It is about peace of mind and doesn't inflate the cost. So there is no real downside to getting an RFID blocking wallet that does work. Especially as technology gets even more portable with devices like flipper being cheap and easy to use. I don't understand the point of the video except to garner click bait views
Thanks for making these video. But after watching this one, I did not get an understanding or explanation on how people are stealing your card information digitally. This is something that I really would like to understand, because it has happened to me twice in the last 6 weeks on two different cards. Thank you in advance.
Data breaches. Have you ever bought anything online? Thousands of companies have had their data stolen and pretty much everyone who’s ever bought anything online at any point has their information stolen in one of these breaches. Thieves go online and buy these numbers en masse and go about trying to steal from people
Good video, I still (probably) will get an RFID-blocking card holder. It's not for the blocking thingy, but I only need a holder for a few cards/IDs, and almost all of them out there have the RFID as an unneeded bonus. I have no need for physical money since many shops and stores don't accept them anymore for security reasons (I live in Sweden). My main need is to have the thinnest possible holder. I like this video very much, my opinion is that nowadays, the FEEL of security has taken over actually being safe. I guess it is too much effort to sift through the massive information flow to decide what actually is most true. Stay (truly) safe, happy, and healthy... and use the tin foil for the baked potatoes on the barbie😁
I am in europe, and if I make an online purchase I have to approve it in the phone app or it won't go though. I also don't have my card with me, as I am using my phones NFC for paying. I never had a fraudulent charge so far nor issues using my card abroad.
The thing about credit card companies knowing your habits such that you don't have to notify them of overseas travels seems to assume you have one card for travel purchases (airfare, etc) and using that same card in overseas purchases. I think so anyway.
You're correct. Used to be you'd need to contact your card company or risk having your card declined if you went out of your normal purchase patterns or geography. Now, with access to all kinds of data, they correlate millions of data points and know whether what you're doing is expected or not. If not, then you're contacted about the purchase or it's declined.
My understanding is there should be a crypto key on items that contain more than static data. RFID tags for example generally don't have a crypto key, they can be read by any reader. When crypto is involved a token is passed between the ring/implant and the reader which has the primary key and can decrypt the information. That's what prevents random readers (sniffers) from pulling that information. That said, unless the receiving technology with the primary key is ubiquitous, then the lowest common denominator is a non-protected reader. An example would be an access card which is keyed specifically to the readers on doors, etc. Many are non-protected, but many are. In the case of protected cards, they can't be read by just any reader.
Saw a video where several people had their cards charged while they parked to shop at Costco's - cards read 200-300 feet from a register inside the store. These were chip and stripe
Mine was stolen somehow because I was getting transactions from North Carolina and that's over a thousand miles away from me. It wound up being about $300 The good news is I called my credit card company and they stopped the card and refunded my money within a week.
another issue is you usually have more than one card in the wallet, so when someone tries to scan your wallet the scanner will get error cause too much NFC tags are close to the sensor
isn't there a danger that people can scan your cards just to pay something? then I don't mean to steal your information, just to pay for something there and then, because when I pay for something in the store I just tapp the card on the payment device without entering a code, and it will be charged.
They aren't a scam, but they are overhyped. A scam implies that they don't serve their inteded purpose, they do. The marketing for them is just over the top as the general risk is low. For those shopping for a wallet though, the peace of mind is a factor in purchasing decision. I rather have the feature and not need it vs the less than 1% chance probably of someone sniffing and dealing with that headache. I also worked as a SIGINT operator for awhile so maybe I'm more paranoid than most.
The opposite happened to me for years using just normal folding wallets and having lost my last one after having it for eight years and hearing a lot about the new minimal wallets that are smaller in size than the traditional leather or nylon wallet became interested in getting one then finding out that Anazon did affordable knockoffs of the major Makes I checked them out as so far in the UK no store retailer sells these minimal wallets you can only get them from online websites and I think because most of them use aluminium in their construction they also happen to be rfid blocking even if it is not nessesary it is used by the manufacturers as a convenient marketing tool so in my case the reason I got a new wallet with rfid blocking was because I was looking for a minimal wallet and most of them have that feature because of the materials used in their construction which I see as purely coincidental.
Sniffers are quite common. They're just usually done by corporations instead of hackers or guys in ski masks. If you think a business won't figure out a way to make an "accidental" charge likely, by minimal-failsafe process design, you're nuts. Also, many people simply don't want to be ID'd and have various automated promoted personalized adds thrown at them in a store. Or just not want to be tracked 24/7.
I don't disagree with these points, but I think it's hyperbolic to call it a scam. First, lack of data on sniffing risk doesn't tell us that there is a low risk. It only tells us we need more and better quality data on risk. Even if we assume for argument that there are no issues of underreporting, aggregate data obscuring variations in risk between communities and demographics, and the inherent limitations of observational data, low risk still doesn't equal zero risk. And as you and others have noted, there is a higher risk for physical access RFID compared to a credit card RFID. Sure, don't let a vague sense of fear convince you to spend a lot of money and time to buy an RFID wallet when you have a perfectly fine regular wallet. But RFID wallets are so ubiquitous and inexpensive these days that it is equally silly to exclude RFID wallet from consideration just to prove a point if you need a wallet anyway. The larger perspective here is that they don't hurt your security and don't cost any extra money or time to get one vs a regular wallet. And there are uses for them that have nothing to do with security like card clash. Finally, why would I bother buying separate shielding cards/sleeves when I can just buy a wallet with RFID that costs me nothing extra and be done with it?
Excellent observations, thanks for taking the time. I don't disagree. For those who collect wallets and tend to avoid the cheaper RFID one's, the shielding you can move from one wallet to another provides the coverage, but if a wallet is a one and done until it falls apart, then yes, any inexpensive RFID wallet takes care of it. My beef is how companies stoke the FUD on this to push sales, so disingenuous.
Trends in products tend to evolve into short-lived stupidity, and it happens often. The market tends to be really good at introducing features that do nothing, but artificially add value and demand for those products. Fear mongering in the wallet industry. Bonkers. Wallets probably don't get that level of stupidity often.
Reminded me of the mostly peaceful riot. The guy got roughed up by the police. Turns out he was a pro at digital world. He was trying to get close enough to officers to capture there radio frequencies. Wonder how that case turned out?
Very little and only situations where you mail them, you rarely see them in an in-person transactions. While they're still accepted, you'll only see them used by older boomers at a checkout counter these days.
I have a flipper and have tested it extensively. Unmodified you have to be on top of the card or within mm’s. And even then it only gives you the card number, not the CVC or the iCVC. That said, yes, if that’s a concern then get an RFID blocking card.
My debit card was comprised 3 different times and I'm in a homeless shelter and they have metal detectors and I think that they can see my card numbers
you can't tell what the future will bring and RFID protection in wallet is super cheap unless you fall for marketing pitches, which then that is your real problem.
Theres a video on youtube called "How Hackers Steal Card Info, Just by Standing Nearby" Watch it. They have a more poweful antenna for scanning cards. I think you need to do a lot more research inti scanners and modifying scanners to scan further distance. This scanner is about 1-1.5m scanning distance.
Yes, I've seen all the videos on RUclips about this, I've research the crytography and technology used in the cards and readers and these hacker videos all still miss the points I outline. The threat is very low, BUT, if you're still uncomfortable, then get an RFID blocking card, you don't need the wallet.
John was show a vision, and John interpreted as best as possible with limited vocabulary. The words microchip or technology wasn’t anything he knew in 60AD. But I find it chilling that rfid makes a mark. And John did say the Mark was “IN” the hand or head. Not “ON” It will not be evil until we are forced under new laws and new religion.
I keep thinking about the usability perspective. If a card holder has layers of leather, 1 pocket on each side and a layer in between... If this middle layer is RFID protected, can this cardholder work with 2 cards (1 in each pocket) to payment by NFC ? Without one card interfering on the other ? So this way depending on what side of the cardholder you tap on the machines will be that card that will be activated... Don't know if I explained well, English it's not my language... Thanks
Great observation and you expressed it well. Leather doesn't block RFID, but I use tap pay with a card on the outside slot of my wallet and it has never accidentally used a card in my interior slot. That said, when you have cards stacked the frequencies conflict which prevents that from happening. There are also wallets that have RFID protection on the interior and don't on the outside slots to make it easier. The Blackinkk wallets we reviewed do that very well.
MOST IF NOT ALL RFID blocking technology (mostly just aluminum shell around your cards like scammy ridgewallet) ONLY BLOCK 35Mhz and not anything above that like 120mhz and NFC is not even talked about.
I had a $600 charge on my card that I did not make. It was at a grocery store a 2 hour drive from me that I had never been to. When I reported it, I was told the card was swiped, but I had the card in my possession. All I could think of was a week before, I was standing outside in line to get into a concert venue, and someone around me must’ve captured my card info and cloned it. Thankfully the bank refunded the charge. I’ve been pro rfid blocking ever since.
My rant ...After 8 minutes of wasting my time, I still did not get the answer to 'is RFID wallets a scam". Regardless of all the information that is thrown at you in this video, the only piece of information that in important is... Fact, since it is possible that information from a card in your wallet can definitely be transferred to a device using just a tap, then of course having something in your wallet to prevent that is necessary. End iof story. You might as well buy a wallet that has that protection built in or, add a card blocking card to your existing wallet. Adding a piece of aluminum foil has been shown to block some types of cards and having more that one rfid card in your wallet has also been shown to stop some scanners.
@@walletopia you did a very good job making me save those $$$ for purchasing rfid wallet, but some people here in the comment section could not understand, guess they were skipping lot of parts
Someone came out with FlipperZero and since we kindly did the field testing for them, they will now be making the improved FlipperOne version...seems RFtech (wi-fi and bluetooth might be in the mix too) and tech-cavemen lawmakers...did not see this coming this fast (:D)...it's all mayhem and mischief until it becomes and actual crime with victims (>.
I have one and it can’t read the encryption on the chip as it doesn’t have the key pair. It can read the name of the person, the card number and the expiration date but those don’t get you a usable card.
WE should know our personal and financial digital info can be stolen (our gov and big tech companies are already doing so daily and legally w/o messing with us too much)...what we want to prevent is making it too easy for gadrden variety knuckleheads and bad guys to do so with impunity for laughs and giggles for them but headaches for us...make them work for it at least. - (:D).
This video is a PERFECT example of why you NEVER ask an American ANYTHING related to technology, especially BANKING technology. The USA is like 15 years behind EVERYONE. The rest of the world has had tap for like a decade now. If you don't want people to steal money from your card by walking near you, you need protection.
@@walletopia anyone can get tap to pay terminals to use for their "business", attach it to their phone, set up a fake transaction and then walk near unprotected cards to siphon money.
Anything? Europe is asking for all our tech to crush Putin. But maybe we are behind in the luxury shopping experience domain. I think we made the right choice.
Update your information as now the chip readers in different institutions can and are reading and charging people's credit cards sometimes more than once too.
Wow, this dude sure likes to hear himself talk. He talks about everything under the sun then at 8 minutes and 24 seconds into the 11 minute video he says "Finally, we're to what everybody wanted to hear about".
I am a hobby leather crafter. I made passport cases for my wife and me. Tandy Leather sells sheets (8 1/2 x11) of RFID "paper" I used it in the lining of the cases and I put a piece in my carry wallet. At the time I had read about the points raised in your video and I thought these flimsy pieces of paper could not possibly provide any protection but for $8.00 I did anyway.
Excellent content - I only have two nitpicks!
1. 4:10 The CVV on the magstripe and the CVV on the back of your card are actually different; that's why you see the one on the back of your card is usually referred to as CVV2, though different providers have different names for the same thing.
Banks can use this to distinguish transactions that are made via magstripe, allowing features like disabling magstripe transactions. In the UK, modern banks like Starling and Monzo disallow magstripe payments by default. You have to enable them using your banking app (Starling even disables it again automatically after some inactivity).
2. 8:53 Mark mentions that it's theoretically possible (although very unlikely) for a skimmer to "read" a card. This is a bit misleading as, unlike magstripes (which are just data blocks that can be read), RFID/NFC chips found in modern cards are actually tiny computers working as black-box systems. You tap your card to make a request like "approve this $10 transaction", where the card responds, "here's an authorisation code signed by my private key, give this to my bank to get your $10".
Abusing this feature is incredibly hard because it can't be used to "clone" a card - those chips use private keys to sign their responses, so the bank can verify that it was your card that authorised the transaction. But a private key never leaves the chip. That means the worst an attacker can do would be to get your card to approve a contactless transaction. Contactless transactions tend to have pretty low limits anyway; and to cash such a transaction, the attacker would need an actual POS device (i.e. be registered with a bank), which will be blocked by their bank as soon as someone reports them. The profits are not worth the risk.
Some very old passports (pre-2007) had chips that would provide all the personal data you requested. But then BAC (Basic Access Control) was introduced in 2005 to counter that, followed by PACE (Password Authenticated Connection Establishment) in 2007. Though, as Mark said, the States may have been a bit late to catch up on these standards as well. But also as Mark said, it's extremely unlikely for anyone to be able to remotely contact your passport with all the distance and interference. So you're probably good even if you have the oldest, most insecure chip on your passport - don't find me if you get your birth date stolen somehow, though. I accept no responsibility! 🙂
You mean unsecured chip, not insecure chip ...
@@BlueBeeMCMLXIhe accidentally made a mistake…
Say that to the dudes making millions carding people. It isn't hypothetical. It definitely actually happens.
@@armyofninjas9055 Of course, Army of Ninjas 9055! I will go and let the Dudes Making Millions Carding People™ know about this right away.
April, 2023: Card readers at stores may have changed, to be too sensitive or too powerful, as some folks are finding their cards charged from up to 2 feet away, automatically, while the cards are still in their wallets. One woman found 3 of her cards were automatically charged at once, while still in her purse. So RFID protection does seem to have a place at the moment. It needn't be expensive, as metallic heat duct tape (with clear tape to back it) are relatively cheap. You can make your own RFID protection to fit in each side of your wallet for around $1.
Hapening right now in Sydney. My wife often sees charges on the credit card statement for typically 6 to 7 dollars nominated as a Tap Payment, taken off by the Transport Department, when when can travel all day on our seniors Opal Card for $2.50. The situation seems to have changed when you started to be able to put your standard Opal Card in a phone app. The detectors must pick it up on your phone when you are checking in with the other card, in spite of our never registering for a phone app payment, and I am pretty sure as a senior, you can't get the app. We have been able to get refunds, but it is a tedious process and takes months.
Bruh no one is getting their card read from 2ft away
Farthest read I have ever gotten was around 3 inches, I mess with this on every tap transaction. For most readers if I don't have the card directly over the tap here area it won't read the card.
One of the best ways of protecting your credit cards is using the feature a lot of banks have where you can lock and unlock your card. Unlock it make your transaction and lock it afterwards. Oh wow what a hassle I use it to pay bills and have deposits made. Nope, this is still allowed even with your card locked. And believe when I tell you I forgot to unlock my card for a purchase and it declined several times and referred me to my bank to reactivate my card after explaining what happened.
I haven't seen any price different between built in RFID blocking and just a regular wallet so I see no reason to ignore the added protection. But I wasn't here to find out if it was a concern. I wanted to know if the wallets actually block the scanners.
Unfortunately I wasted my time.
Scanners have never been a serious concern. But skimmers, waiters and hackers are and an RFID wallet won’t protect you. What you lose in an RFID wallet versus not is good material, and variety.
@@walletopiaAnd that would have been fine, but you titled it like the Wallet market is scamming people and this is just as ignorant. Scanners do exist and if anything will only get cheaper and more mainstream as time goes on. Sure it will still be rare but when the cost is negligible to get peace of mind, you would be dumb not to do it.
Arguing these other modes of attack exist or happen more is not how you win the debate or inform people, especially by downplaying the type of attack that the wallet blocks, sure rare but does happen.
You bought a new wallet.. that’s the added price. In 5 years a new fear will be created and you’ll buy a new wallet again etc.. etc.
@@Bound4Earthscanning is so inefficient when you’re numbers all exist on the internet already from all the data breaches. Seems like a dime holding up a dollar issue
@@Fhshaoaksbd I bought a new wallet because I needed a new wallet. I didn't have to factor in the difference in price because there wasn't one.
Think before you interject. ;)
I've had 2 friends charged at a retail POS before they pulled their cards out of their wallets. I didn't believe it at first until it happened to me at a CVS. I rung up 3 things at the self checkout then hit the payment button and it spit out a receipt charged to my BofA debit card. The card has the RFID tag on it. Now i just keep my card loaded in my Apple Pay wallet. I still carry at least 1 credit card in case I need a backup but i have it sleeved in a Ridge.
BofA these nuts
Im not a huge shopper but yesterday and Saturday and went to several different stores. I actually walked out of Costco with my wallet in my hand. Last night someone tried to use two of my cards. When one card didn’t work they immediately tried to use the other. One card, I haven’t used in 3-4 months. The other I use daily. Naturally I checked my wallet and both cards were there. An authorization went through but I was able to call the bank and get the card canceled before it was charged. Now searching for a video to see if there are any good RFID blockers and came across your video. Thanks for sharing.
Same here... but what to do? A wallet or card sleeve? How about I just put tinfoil in my wallet?
RFID blocking is actually a detrimental in my wallet shopping. I keep my building access card, transit card in my wallet and the RFID blocking feature forces me to take the card out to tap. i"m looking for a lay flat currency bifold wallet and almost all of them have RFID protection built in.
Another advantage of RFID blocking is to block unwanted contactless transactions: nowadays there are mini card readers that a bad actor could own and just tap on a wallet in the back pocket of someone else on the bus, and just steal 25€ a pop. Now, if that someone's wallet had RFID blocking, it would have to be unfolded for the card reader to be able to read the cards
What is the probability of that happening? Because if we are talking like that, we can easily say, there are people with guns on the street that can point it to you and steal your wallet. If you are so scared add a slive or rfid blocking card in your wallet, where your card is. You don't have to limit yourself in using only rfid blocking wallets. That's the point of the video.
@@dlatua RFID blocking doesn't promise to protect you from mugging or hacking. The video should focus just on RFID.
And it doesn't take a sophisticated, dedicated machine to skim NFC cards. You can scan a card with a Samsung phone with Samsung Pay.
@@dlatua agree, it is about probability. As he says in the video, Is it possible, Yes. Is it probable? A big NO!
@@guitarmetaldemon I am not super knowledgeable in the subject, but don't mobile phones need to be really close and more or less motionless for several seconds for the transaction to work? When I started using my watch to pay, I had a hard time learning to keep the watch almost physically on the reader for long enough to get the transaction done. I mean, to get the transaction done with a "bump - Oh I'm sorry" style it actually would require special equipment with a longer range. As I mentioned, I'm not 100% on this but with my interest/professional background in electronics and watching 1000s of videos from pros, I think it's a fair assessment.
On the "video should focus on just RFID.." I say that he showed that the RFID-blocking is a very very small percentage of all the ways to get "mugged", and without the other security risks mentioned, it wouldn't make as much sense to say "RFID-blockers aren't needed". That's my take on it anyway.
@@dlatua The probability of the risk is just one factor, the other factor is the cost of the protection. RFID blocking is easy and cheap so there's very little cost to cutting down some risk. The example with mugging isn't comparable because if you were to be hypothetically mugged, it would take a lot more effort to build precautions that would effectively prevent it. The difference in cost is like... constant vigilance, self-defense mental and physical training, etc etc, vs a $2 piece of RFID blocker.... lol no brainer. If it only took a $2 piece of material to protect people from getting mugged, people would buy it too, despite mugging being "unlikely".
I get any wallet I want, if it has RFID in it then so be it. I have friends who talk about wallets and RFID, and when I explain the non-risk of not having RFID, they don't tend to believe me, so I don't push the point. The bottom line is can stuff be scanned, but as you said, it rarely happens in real life, but it still can. I use a Secrid leather-covered wallet and a Flipside 4 wallet. Both have RFID, but I bought them cause I love the design. RFID was not even a consideration.
Yep, nothing wrong with that, it's a personal choice.
Turn on text notifications for any transactions on your cards.
While your completely right about everything you said,I believe the RFID blocking wallets are a comfort blanket for some people rather than a necessity..for example if someone went to buy a wallet nowadays and there was two wallets that looked identical but one came with the RFID technology and the other didn't I'm thinking most people would buy the RFID one just to feel safe...even though they most likely not need it ..you know,like the old condom saying! Better to have it and not need it!
exactly, as I have said in another comment it is nowadays more important to FEEL safe than actually bother to get the proper information to be TRULY safe. Very often I hear people around me trusting what they read on Social media rather than what professionals on the subject say. It's like getting more likes makes it true. Yes I'm a grumpy old science-believing sod who thrives on (nowadays rare) true facts 😂😂
I'd buy the non-RFID 100% because tapping. So many wallets I passed on because they wouldn't allow me to tap without pulling cards.
@@ailurusfulgens1849 we're all different, I just use my watch or phone. I have two debet cards so I think the machine would be confused if I used my wallet.
09:00 Incorrect. The FBI, Secret Service and NSA have all admitted to using sniffers during protests in order to identify protesters.
They do the same sort of thing with phones using Stingrays interceptors/relays, which is why "Faraday cage bags" are becoming more common among professional protesters.
In large cities like NYC and Chicago, as well as during sporting events, there have been dozens of court cases of criminal sniffers being caught.
Criminals pick specific locations and times, like Downtown NYC during New Years celebrations to scan as many people as possible.
The statistics are hard to find because of how Courts, Police, etc... classify these devices and what offenders are changed with.
So, yeah, if you're a nobody living outside of cities, you're probably not going to run into any problems, but if you're like over 50% of the population and live in a city and maintain an active livestyle? There's a very good chance you're going to run into someone at least trying to scan someone on some city block, downtown or at a sporting event.
New demonstrations at Defcon and the HOPE conference also show people can now snipe cards from a longer distance than originally thought; there are even "wide net mesh systems" that can be pre-setup to catch cards of a crowd gathering/passing through an area.
I could create a list of places where scanning would be a target; I probably should.
Yes, if you're a paranoid professional, be careful. In the specific situations you mention, you're opening yourself up for surveillance anyway. I wouldn't carry any identification, cards or my phone if I were protesting as that makes you a target. Even with a faraday, if you got picked up, you'll be searched, so go clean. If someone is triangulating you with Stingrays, then you've been targeted in bigger things to worry about than a credit card number, and there's been no evidence that any degree (or distance) of sniffing credit cards produces the cycling iCVC which is needed to decrypt the POS communication, so it's still not an issue if you have a chip on your card, except that your name and CC number will be visible. All that said, if you're operating in questionable environments, all cautions should be pursued, no argument.
Glad I found this video. But I still have concerns because if we actually used zip codes or pins to verify physical purchases then the skimming or sniffing would be useless. But for me, all the gas stations in my area stopped requiring typing your zip code and no credit card I have been issued requires a pin.
I had a new card and in the first week it was issued before I ever took it out of my wallet for a single transaction it had been sniffed and purchases were being made. In talking to the bank they had seen an increase in sniffing in my area and were advising customers to get RFID blocking sleeves or wallets. I have since used the sleeves with no issue. I now have 3 tap to pay cards and find the sleeves frustrating to use and the idea of adding more thickness to my wallet with RFID blocking cards sounds a lot more frustrating that having a smaller selection of wallets.
Is there a downside to an RFID blocking wallet other than selection?
You weren’t likely sniffed, probably skimmed if it was truly a local problem being experienced by the bank. Due to chip and pin, secondary checks like zip codes aren’t usually requested if you patronize the same stations, the card companies know your purchase patterns and realize it’s likely you. If you travel and use your card at a station, you’ll likely be asked for your zip code for secondary verification.
There’s no issue with using blocking cards or sleeves. My issue is with RFID blocking wallets. You’re limited in your selection so skip them, get a wallet you want and use a card or sleeve instead.
So what is the down side to having the blocking? I don't see any but maybe I missed it. It sure beats having to mess with sleeves. My current wallet has three blocked slots on one side of a tri fold wallet and I love it. The price was very reasonable when I bought it. So what am I missing?
The largest issue is that it just not needed and when wallet companies “build it in” they do so at the expense of leather and better materials.
I do think RFID protection has a valid place, and that is avoiding card clash. I have a wallet which is RFID protected, except for one slot which I put my oyster card in, which avoids card clash and charging the wrong card (which has happened to me before). Living in London means public transport very regularly and not having to remove an oyster card from a wallet to tap is a must really.
This is a valid use of RFID protection, but I do agree in terms of fraud it serves no purpose.
That’s a good idea actually yeh 👍🏻
Excellent use case. When I lived in Japan I would keep my Suica card (Oyster-equivalent) in the outside slot of my leather wallet (no RFID) and despite that it never had a problem. If I had them stacked together the frequency clash wouldn't allow it to work, so having that separation solves that.
I completely agree with this use case. The problem is that no one seems to put blocks between cards to cover that scenario - so we either get wallets with no RFID blocks, or we get wallets where the entire thing is "protected". I'd like to know what wallet you're using.
Which wallets offer RFID blocking AND an outer unshielded slot?
@@sroirr a-slim chikara
I used to live in South Africa where sniffing was and is still is very prevalent, yet where I live know I never really hear of people getting scammed this way. I suppose it really depends where you live, but for me RFID is worth it, even if it is just to give me peace of mind.
Outside the US, credit card issuers don’t always provide the same tech protections, which means card cloning can be a potential problem. If have a card that doesn’t have a chip in it, and only a stripe, then your level of security is decreased dramatically. Getting an RFID card or blocking sleeve is a good idea.
@@walletopiaSouth African bank cards typically have equal or better security than US cards, and all have chips
Great info. I personally had my checking account hacked more than 6x in two months. The bank recommended getting an RFID wallet (first time I’d heard of it). The hacking stopped immediately, no change in my behavior or routines, etc. Previously I had been riding the free trolley/train downtown a lot. Bank suspected they were sniffing my wallet.
Correlation is not causation.
I came here because my local grocery store (san francisco bay area) has made the news this week by having their registers accidentally reading customers' chip cards while still in their wallets a couple feet away from the card readers.
Additional things to point here, even the RFID mechanism get more complex. There is protection in some rfid card (usually bank or metro card). They are usually much protected compared to cheap building access card, which can be cloned much easier.
Also if nothing else, simplest protection you can even have is card clash by having multiple card publishing in same frequency stacked, you can often see if your cards stacked, it is hard to tap in and out. Do beware those card need ro be same frequency, and would not stop more advanced sniffer/reader. This is also the reason why you probably want sleeve for non daily card, for stopping non frequent card interfere your metro card for example.
Yes, thank you for pointing that out. Access cards don't even come close to credit card crypto and combining cards in a stack (not separated by anything else) will create that frequency noise.
@@walletopia have you heard of the device called a flipper zero? It can read and duplicate Credit Cards no problem and many other things too like a tesla.
Yes, I own one and have done extensive testing with it. It can get the CVC or even the iCVC numbers. It can pull the name and card number, but without the crypto key it’s useless.
Sniffing is used sometimes for replication of building access cards, but that is a different problem.
Yes, access cards are not at the same level of encryption of credit cards and it could be a problem which a blocking sleeve could solve.
Thank you, I make cardholders and wallets. I watched this to get insight as to how to make an RFID-proof wallet... Now I don't have to. In the end my customers will get a better slimmer product.
I dont know about this. I've seen store rfid scanners charge someone else in line by mistake. Clearly this setup was too powerful reading other people cards. All charges got fixed, but to say no risk of this exist today, just isn't true either and should be diminished in the future. Even if very slight right now.
It’s all based on your acceptable level of risk. POS systems being misconfigured is one thing. I’ve only heard of it happening in one SF store. Sniffing just doesn’t exist. Skimming is there, but RFID protection won’t help. Bottom line for me has been don’t waste your money on RFID wallets, buy an RFID blocking card or sleeve instead if you’re concerned.
@@walletopia why do you recommend this instead? Mixed reviews also seem to indicate that those are also ineffective and not practical.
I caught someone trying to sniff my info this weekend. He was walking up against people and while leaving the store he pointed his phone at my purse. I contacted security and he was walked out. I do live in NYC so I’m hyper aware of everything around me. This is happening everywhere. So I purchased a Rdif wallet. However what sleeves do you recommend instead?
My heart sank when I saw "crypto" in the chapter list, then rose to the heavens when it turned out you mean cryptography.
OMG get to the point. stop packing the video. we are all here for the RFID part
So while RFID blocking for credit/debit cards isnt necessary, what about for the US Enhanced Driver's Licenses? I hate having to put my ID in that stupid paper sleeve
Ive always wondered why you need a whole rfid blocking wallet instead of just a card that you can put into any wallet that will disrupt the signal.
I have a Secrid cardprotector which is RFID blocking. I want my Oyster card on the outside so I don't have to get it out or risk cardclash, so I have an elastic band holding the oyster on the outside, yet it doesn't seem to work - is it possible that it is too close to the metal of the cardprotector? Any ideas?
These rfid blocking material also blocks my access card in the wallet to be tapped. And I have to physically take out my card to access my building. In other words, it is a negative for me. I so want to find a ridge wallet that doesn't have rfid blocking in it.
Unfortunately, it's inherent in the material used, not anything Ridge puts in the wallet specifically for RFID. Until they make an alternative material version or allow for an external card holder, it will be a problem)
I suspect RFID protection in wallet adds virtually no cost to the wallet and virtually no inconvenience - apart from perhaps opening doors. So why not buy an RFID protected wallet.
It adds no cost but removes use of better material and makers charge more due to the panic everyone seems to be in about the perceived treat. If someone is concerned then they can buy an RFID wallet which limits selection or just get an RFID card or sleeve and get any wallet you want.
No cost doesn't necessarily mean no charge.
Punchmade dev.
So, a couple days ago we caught someone with an exact reader used in his interview video, concealed with paper towels in one of our stores.
So, as much as I'd like to say it's still not rampant, expect people who attempt to copycat these types of videos. If someone attempts this on a hundred people, they only need to get it right once. They can drain a bank account if they want to.
If you could test RFID blocking tech vs the card readers in Punchmade dev's videos, that would be helpful and new. :)
I have an RFID blocking wallet. I KNOW it WORKS because I take the Bus and and MTA Card is read by the an RFID on the Bus. When I had the wallet without RFID. I would just put my wallet on the bus reader sensor and it would READ IT. The Bus Reader could NOT read it when I had an RFID Blocking wallet.
Correct, it does work, I’m not saying that they don’t work. I’m saying that with the availability of blocking cards and sleeves you’re not forced to choose what is more often than not, a poorly built wallet.
Okay it's April 23rd 2023 and how do you explain the recent story I saw on ABC 7 San Francisco from April 12th 2023 that says people we're not even using their credit cards and the RFID scanner on the credit card machine scanned and charge the cards that wasi n their pocket or their purse.
Single store’s POS system was misconfigured and is the only device that can decrypt a chip and pin credit card. It was an inconvenience to those affected, all the money was credited back from the business. But, if that’s a concern to people then an RFID blocking card or sleeve would take care of it
This explanation was a technical masterpiece, THANKS !
Why do restaurants in the US still have servers take your card and then bring a receipt that you have to then add the tip and sign? This seems like a major security hole that could easily be fixed by stopping this practice. This hasn't been a thing in Canada for over a decade now at least. When chip and pin came out restaurants quickly switched to having the customer pay up front with a chip and pin machine and then when wireless card terminals came out years ago they started bringing the terminal to your table. I know a lot of places in the US use the card terminals for payment, but a lot of places still take your card and bring back a receipt. Why is this practice still allowed?
I wouldn't let it happen personally.
I’m an American and have been dining out my entire life and I’ve never been scammed from a waiter. It’s probably that way for 98% of people.. if not 99.4%… that’s probably why it hasn’t shifted away. It’s a non problem for basically every single person
@@Fhshaoaksbdyeah just seemed us custom
I my country, the cards approve any transaction below 20$ with contactless payment automatically, which is a pain, since many just take payment devices a go in busses or trains and start stealing people 20$ at a time, and stealing money
That assumes a lot of things, like anyone can get a merchant card account with the hardware, and that the hardware is constantly hooked up to a data channel to validate charge requests that come though . The biggest gotcha is that major vetting goes into merchant accounts and the business rules used to get a transaction when requested are very sophisticated and will flag something like what you’re describing quickly. Shutting it down.
@@walletopia That may be true in a developed country, but in third world countries government and many industries are technology illiterates, add corruption to that and anyone with enough cash to bribe the right person can get the device and the vetting solved faster that any law abiding citizen can. Al the end of the day, IT security weakest link is people
I had fraudulent charges on a credit card August 2022 that I never used a single time. I carried it in my wallet.
I had the same thing happen, but it never left my home. 9/10 it's online hacking fraud. Nothing is safe, which is why we have consumer fraud laws and CC companies who have very strong business rules to sniff out anything that's out of the ordinary.
60 minutes did a story on store readers capturing customers' card info from their purse and wallets. I think its just better to be safe and have blocking materials.
You didn't mention paywave, cards have a range of nearly 10 metres wireless, retail machines are turned down to have a range of about half an inch. Thieves don't turn their machines down. Have you heard of paywave ?
Paywave cards are another name for NFC/RFID, initially launched in 2009 or so where the cards had both the NFC and stripe functionality. At that time, chips weren't a thing and sniffing cards was also a successful thing due to the lack of security. Transport to today, while sellers can get merchant accounts and obtain the terminals, the seller's can actually mess with the setup on the encryption interface between the terminal and the bank. Thieves don't have access to these machines, so their ability to use them is really nil. Paywave, today, like the majority of cards these days use the chip and some version of pin which requires the terminal it's mating with to wake it up, exchange crypto keys with the merchant bank (all real-time) to determine approval or not. The key is the card is "woken up" via the antenna of the receiving terminal when it gets close enough. The card is not broadcasting and by default NFC only works within 1-2" unless the terminal reaches out further, which is what happened in a SF store. Which, again, requires a legitimate terminal to even successfully conclude a transaction.
The video should be titled all of the ways you can better protect yourself because you don't even make a good arguement against RFID blocking, you just argue these other avenues also exist and I haven't seen it in the wild on the streets.
Charging cards from people pocket is rare but does happen and arguing I haven't seen it outside of a lab is how you lose an argument. If the wallets were an intrusive system or costly then you might have a point, but you just buy the one you like and it works.
It is about peace of mind and doesn't inflate the cost. So there is no real downside to getting an RFID blocking wallet that does work. Especially as technology gets even more portable with devices like flipper being cheap and easy to use.
I don't understand the point of the video except to garner click bait views
Thanks for making these video. But after watching this one, I did not get an understanding or explanation on how people are stealing your card information digitally. This is something that I really would like to understand, because it has happened to me twice in the last 6 weeks on two different cards. Thank you in advance.
Phishing scams possibly?
Data breaches. Have you ever bought anything online? Thousands of companies have had their data stolen and pretty much everyone who’s ever bought anything online at any point has their information stolen in one of these breaches.
Thieves go online and buy these numbers en masse and go about trying to steal from people
Should have just taken 30 seconds to answer the primary question, up-front.
Good video, I still (probably) will get an RFID-blocking card holder. It's not for the blocking thingy, but I only need a holder for a few cards/IDs, and almost all of them out there have the RFID as an unneeded bonus. I have no need for physical money since many shops and stores don't accept them anymore for security reasons (I live in Sweden). My main need is to have the thinnest possible holder. I like this video very much, my opinion is that nowadays, the FEEL of security has taken over actually being safe. I guess it is too much effort to sift through the massive information flow to decide what actually is most true. Stay (truly) safe, happy, and healthy... and use the tin foil for the baked potatoes on the barbie😁
I am in europe, and if I make an online purchase I have to approve it in the phone app or it won't go though. I also don't have my card with me, as I am using my phones NFC for paying. I never had a fraudulent charge so far nor issues using my card abroad.
The thing about credit card companies knowing your habits such that you don't have to notify them of overseas travels seems to assume you have one card for travel purchases (airfare, etc) and using that same card in overseas purchases. I think so anyway.
You're correct. Used to be you'd need to contact your card company or risk having your card declined if you went out of your normal purchase patterns or geography. Now, with access to all kinds of data, they correlate millions of data points and know whether what you're doing is expected or not. If not, then you're contacted about the purchase or it's declined.
Somewhat related question: When it comes to sniffing, is there any difference between the chip in a card and in let's say, a ring or an RFID implant?
My understanding is there should be a crypto key on items that contain more than static data. RFID tags for example generally don't have a crypto key, they can be read by any reader. When crypto is involved a token is passed between the ring/implant and the reader which has the primary key and can decrypt the information. That's what prevents random readers (sniffers) from pulling that information. That said, unless the receiving technology with the primary key is ubiquitous, then the lowest common denominator is a non-protected reader. An example would be an access card which is keyed specifically to the readers on doors, etc. Many are non-protected, but many are. In the case of protected cards, they can't be read by just any reader.
thanks, I was on my way of preparing an alluminum protection in my wallet. Now, I will not do this. Thanks again
I always carry RFID blocking cards in my wallet..I hate wallets with RFID blocking integrated into them.
Perfect!
Saw a video where several people had their cards charged while they parked to shop at Costco's - cards read 200-300 feet from a register inside the store.
These were chip and stripe
Mine was stolen somehow because I was getting transactions from North Carolina and that's over a thousand miles away from me. It wound up being about $300 The good news is I called my credit card company and they stopped the card and refunded my money within a week.
another issue is you usually have more than one card in the wallet, so when someone tries to scan your wallet the scanner will get error cause too much NFC tags are close to the sensor
😮😮😮
Yea, card clash is another thing that can mess up a reader.
Very interesting, much appreciated. 👍
Say I use Apple Pay at a pay terminal, while trying to pay there is a nfc chip reader that acts as the pay reader will Apple Pay stop the payment?
It won’t process as the reader doesn’t have the crypto key pair to validate the card and via-a-vis
isn't there a danger that people can scan your cards just to pay something? then I don't mean to steal your information, just to pay for something there and then, because when I pay for something in the store I just tapp the card on the payment device without entering a code, and it will be charged.
They aren't a scam, but they are overhyped. A scam implies that they don't serve their inteded purpose, they do. The marketing for them is just over the top as the general risk is low. For those shopping for a wallet though, the peace of mind is a factor in purchasing decision. I rather have the feature and not need it vs the less than 1% chance probably of someone sniffing and dealing with that headache.
I also worked as a SIGINT operator for awhile so maybe I'm more paranoid than most.
The opposite happened to me for years using just normal folding wallets and having lost my last one after having it for eight years and hearing a lot about the new minimal wallets that are smaller in size than the traditional leather or nylon wallet became interested in getting one then finding out that
Anazon did affordable knockoffs of the major Makes I checked them out as so far in the UK no store retailer sells these minimal wallets you can only get them from online websites and I think because most of them use aluminium in their construction they also happen to be rfid blocking even if it is not nessesary it is used by the manufacturers as a convenient marketing tool so in my case the reason I got a new wallet with rfid blocking was because I was looking for a minimal wallet and most of them have that feature because of the materials used in their construction which I see as purely coincidental.
If you wrap cards in f king aluminium foil, that shags the crims.
This channel needs more subs! Such good info!
Sniffers are quite common. They're just usually done by corporations instead of hackers or guys in ski masks.
If you think a business won't figure out a way to make an "accidental" charge likely, by minimal-failsafe process design, you're nuts.
Also, many people simply don't want to be ID'd and have various automated promoted personalized adds thrown at them in a store. Or just not want to be tracked 24/7.
Good info and background info
I don't disagree with these points, but I think it's hyperbolic to call it a scam. First, lack of data on sniffing risk doesn't tell us that there is a low risk. It only tells us we need more and better quality data on risk. Even if we assume for argument that there are no issues of underreporting, aggregate data obscuring variations in risk between communities and demographics, and the inherent limitations of observational data, low risk still doesn't equal zero risk. And as you and others have noted, there is a higher risk for physical access RFID compared to a credit card RFID.
Sure, don't let a vague sense of fear convince you to spend a lot of money and time to buy an RFID wallet when you have a perfectly fine regular wallet. But RFID wallets are so ubiquitous and inexpensive these days that it is equally silly to exclude RFID wallet from consideration just to prove a point if you need a wallet anyway. The larger perspective here is that they don't hurt your security and don't cost any extra money or time to get one vs a regular wallet. And there are uses for them that have nothing to do with security like card clash. Finally, why would I bother buying separate shielding cards/sleeves when I can just buy a wallet with RFID that costs me nothing extra and be done with it?
Excellent observations, thanks for taking the time. I don't disagree. For those who collect wallets and tend to avoid the cheaper RFID one's, the shielding you can move from one wallet to another provides the coverage, but if a wallet is a one and done until it falls apart, then yes, any inexpensive RFID wallet takes care of it. My beef is how companies stoke the FUD on this to push sales, so disingenuous.
@@walletopia Totally agree about companies capitalizing on fear. Thank you for the informative content!
Thank so much for the info.
My bank card was compromised. The closed my card. For my protection.
The card never left my wallet. Not sure how they got my actual card number 😢
Happened to my City card. Yesterday
Trends in products tend to evolve into short-lived stupidity, and it happens often. The market tends to be really good at introducing features that do nothing, but artificially add value and demand for those products. Fear mongering in the wallet industry. Bonkers. Wallets probably don't get that level of stupidity often.
Do the " Allumawallets" actually block any RFID etc signals?
Yes. Whenever you get two pieces of metal together, even aluminum, it'll block RFID signals
@@walletopia cool. Good to know. I am simply a fan of the "Alumawallets" and have used one for years.
Reminded me of the mostly peaceful riot. The guy got roughed up by the police. Turns out he was a pro at digital world. He was trying to get close enough to officers to capture there radio frequencies. Wonder how that case turned out?
do you still use checks in US?
Very little and only situations where you mail them, you rarely see them in an in-person transactions. While they're still accepted, you'll only see them used by older boomers at a checkout counter these days.
How many bills can Ridge wallet hold?
Can’t lie the video started with a really good hook. That got me
RFID protected pockets would be much better
I really prefer RFID blocking card, I put it on the side that I want to block so I have the other one usable for transportation card.
thanks !!!!! for the information
A flipper device can read a card if the person gets close to you like in line at a store!! So the rfid would prevent them from stealing your card info
I have a flipper and have tested it extensively. Unmodified you have to be on top of the card or within mm’s. And even then it only gives you the card number, not the CVC or the iCVC. That said, yes, if that’s a concern then get an RFID blocking card.
8:44 Cards do not broadcast.
My debit card was comprised 3 different times and I'm in a homeless shelter and they have metal detectors and I think that they can see my card numbers
you can't tell what the future will bring and RFID protection in wallet is super cheap unless you fall for marketing pitches, which then that is your real problem.
Please review the 5.11 Ronin Wallet
Thanks, I've added it to the list.
@@walletopia Awesome! Thanks a lot.
Theres a video on youtube called "How Hackers Steal Card Info, Just by Standing Nearby" Watch it. They have a more poweful antenna for scanning cards. I think you need to do a lot more research inti scanners and modifying scanners to scan further distance. This scanner is about 1-1.5m scanning distance.
Yes, I've seen all the videos on RUclips about this, I've research the crytography and technology used in the cards and readers and these hacker videos all still miss the points I outline. The threat is very low, BUT, if you're still uncomfortable, then get an RFID blocking card, you don't need the wallet.
John was show a vision, and John interpreted as best as possible with limited vocabulary. The words microchip or technology wasn’t anything he knew in 60AD. But I find it chilling that rfid makes a mark. And John did say the Mark was “IN” the hand or head. Not “ON” It will not be evil until we are forced under new laws and new religion.
I keep thinking about the usability perspective.
If a card holder has layers of leather, 1 pocket on each side and a layer in between...
If this middle layer is RFID protected, can this cardholder work with 2 cards (1 in each pocket) to payment by NFC ? Without one card interfering on the other ?
So this way depending on what side of the cardholder you tap on the machines will be that card that will be activated...
Don't know if I explained well, English it's not my language...
Thanks
In the US, we call that sandbagging :-) dont sell yourself short- your english is pretty good! Made perfect sense
Great observation and you expressed it well. Leather doesn't block RFID, but I use tap pay with a card on the outside slot of my wallet and it has never accidentally used a card in my interior slot. That said, when you have cards stacked the frequencies conflict which prevents that from happening. There are also wallets that have RFID protection on the interior and don't on the outside slots to make it easier. The Blackinkk wallets we reviewed do that very well.
Except nobody checks nothing these days for safety
Great info, thanks!
MOST IF NOT ALL RFID blocking technology (mostly just aluminum shell around your cards like scammy ridgewallet) ONLY BLOCK 35Mhz and not anything above that like 120mhz and NFC is not even talked about.
Just an excellent video, thank you
I had a $600 charge on my card that I did not make. It was at a grocery store a 2 hour drive from me that I had never been to. When I reported it, I was told the card was swiped, but I had the card in my possession. All I could think of was a week before, I was standing outside in line to get into a concert venue, and someone around me must’ve captured my card info and cloned it. Thankfully the bank refunded the charge. I’ve been pro rfid blocking ever since.
Exactly.
Hee hee. Skimmer & Shimmer. That is the dance move.
Sniffing - is the level up grapevine, ball change … add on. Lo.
Well, an rfid wallet may be essential when travelling abroad. Just to play safe.
Do you need one to travel to Mexico? Passport chip, etc….
This is why cash is king and the government is trying to do away with it. Wonder why!
Thank you!
My rant ...After 8 minutes of wasting my time, I still did not get the answer to 'is RFID wallets a scam". Regardless of all the information that is thrown at you in this video, the only piece of information that in important is... Fact, since it is possible that information from a card in your wallet can definitely be transferred to a device using just a tap, then of course having something in your wallet to prevent that is necessary. End iof story. You might as well buy a wallet that has that protection built in or, add a card blocking card to your existing wallet. Adding a piece of aluminum foil has been shown to block some types of cards and having more that one rfid card in your wallet has also been shown to stop some scanners.
Well, you can jump to summary section, not a scam but not a necessity either. But overselling thise rfid blocking wallet should be considered scam
That’s my point, thank you. But to get to that point you need to walk people through the why.
@@walletopia you did a very good job making me save those $$$ for purchasing rfid wallet, but some people here in the comment section could not understand, guess they were skipping lot of parts
Someone came out with FlipperZero and since we kindly did the field testing for them, they will now be making the improved FlipperOne version...seems RFtech (wi-fi and bluetooth might be in the mix too) and tech-cavemen lawmakers...did not see this coming this fast (:D)...it's all mayhem and mischief until it becomes and actual crime with victims (>.
I have one and it can’t read the encryption on the chip as it doesn’t have the key pair. It can read the name of the person, the card number and the expiration date but those don’t get you a usable card.
WE should know our personal and financial digital info can be stolen (our gov and big tech companies are already doing so daily and legally w/o messing with us too much)...what we want to prevent is making it too easy for gadrden variety knuckleheads and bad guys to do so with impunity for laughs and giggles for them but headaches for us...make them work for it at least. - (:D).
The American Express customers who travel the world they target travelers
This video is a PERFECT example of why you NEVER ask an American ANYTHING related to technology, especially BANKING technology. The USA is like 15 years behind EVERYONE. The rest of the world has had tap for like a decade now. If you don't want people to steal money from your card by walking near you, you need protection.
Yea, the US is behind Europe by not yet removing the swipe stripe on the back of the card. With pin and chip, nobody is “sniffing” your card. Period.
@@walletopia anyone can get tap to pay terminals to use for their "business", attach it to their phone, set up a fake transaction and then walk near unprotected cards to siphon money.
Anything? Europe is asking for all our tech to crush Putin. But maybe we are behind in the luxury shopping experience domain. I think we made the right choice.
An excellent explanation, many thanks 👍🏻
Update your information as now the chip readers in different institutions can and are reading and charging people's credit cards sometimes more than once too.
Wow, this dude sure likes to hear himself talk. He talks about everything under the sun then at 8 minutes and 24 seconds into the 11 minute video he says "Finally, we're to what everybody wanted to hear about".
Why am I more confused after watching this?