Oct 13 2015

Electronic Pickpocketing: Understanding the Threat and How Startups Are Fighting Back

In the past, thieves had to physically steal your wallet to get ahold of your money, but now a casual brush against you is all they need to steal valuable payment information.

Not all of the futuristic technology that sci-fi dreams up is light and friendly like Marty McFly’s hover board in Back to the Future. While we can't deny how technology helps us connect, integrate and communicate more closely, some people are subverting this technology for nefarious purposes.

Things like mail and commerce have gone through electronic transformations, becoming email and ecommerce, and now pickpocketing has its own electronic version as well. What’s that saying about taking the good with the bad again?

Click2Houston did a story last year on this e-crime.

It works like this: If you have a "chipped" credit card -- a card with a radio-frequency identification computer chip inside -- that chip can be scanned at stores and restaurants, like McDonald's for example. There are currently 250 million chipped cards in use in the U.S.

But now, high-tech thieves are using much more powerful versions of those scanners, devices they can buy online for under $100 and are using them to steal your credit card information right through the air.

Spider-Man’s mantra has always been: With great power comes great responsibility. Perhaps in the digital age, we should tweak that saying to this: With great technological convenience comes great security risk.

Signal Vault Comes to the Rescue

In the spirit of continuing with our superhero analogies, consumers can view Chris Gilpin, founder of Signal Vault, as the payment security equivalent of Batman. His company recently put electronic pickpocketing in the spotlight when it was featured on an episode of "Shark Tank."

SignalVault’s solution to these card-scanning thefts is a simple signal-blocking solution that fits in your wallet and blocks data transmissions from RFID credit cards, the Orlando Sentinel reports.

Gilpin’s company, SignalVault, has a patent pending on technology to block hackers from scanning electronic chips embedded in today’s credit cards. Such credit cards, known as RFID cards, are supposed to be an improvement over older credit cards, but RFID cards can be scanned remotely with the right equipment – even if your credit card is in your wallet.

Gilpin claims his product is unique because it contains its own microchip that can disrupt a hacker’s signal. The SignalVault device is carried in your wallet to shield your credit cards.

There are several solutions like SignalVault, though the results on those RFID-signal-jamming efforts were mixed when Consumer Reports investigated them in 2011.

Shields or wallets marketed as RFID-blocking devices can make it more difficult for someone with an electronic reader to read your cards, but they don’t entirely block transmission of card data. When Recursion’s security experts tested 10 types of shields and wallets currently being sold to protect contactless cards, they found that none blocked the signal completely, and there was dramatic variability even among samples of the same brand. Using a different approach, Recursion’s experts created a credit-card-sized jamming device for the wallet that prevents cards from responding to any reader.

Our reporter offered her own homemade shield constructed of duct tape and lined with aluminum foil. It provided better protection than eight of the 10 commercial products, including a stainless-steel “RFID blocking” wallet selling online for about $60.

While e-pickpocketing sounds implausible in the abstract, hearing a firsthand account from someone who’s been e-pickpocketed puts a human face to the crime. WREG in Memphis, Tenn., spoke with a woman who said she was e-pickpocketed on the day after Christmas.

Karen Reetz said she was simply returning her son's Christmas gift to a Toys "R" Us when she believes she was hacked.

A reimbursement was made to her credit card and she thought the deal was done.

However an hour later, she got a call from her debit card company which told her a $503.00 purchase had been made with her card at a Toys "R" Us in California.

Strange? The case gets even stranger because Reetz said she never took the charged debit card out of her purse when she was returning her item.

Hopefully, SignalVault (which sharks Lori Greiner and Robert Herjavec successfully funded) and solutions like it can help prevent these e-thieves from becoming an e-pirating menace.

Or you could always go the DIY route and keep a few sheets of aluminum foil in your back pocket.


Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT