A Radio Frequency Identification (RFID) skimmer is a device used to collect mass information from RFID devices. While there are legitimate uses for an RFID skimmer, such as devices used to control inventory at supermarkets and other large stores, it is possible to abuse an RFID skimmer. In the wrong hands, an RFID skimmer could be used to quickly collect a great deal of data about a large number of individuals who might be unaware of the security breach.
RFID tags are small devices which can store a limited amount of information. The RFID tag responds to a query from an RFID scanner, relaying information about the object it is attached to. Devices which can read RFID tags are generally known as scanners, because they are used to scan objects with embedded RFID tags. An RFID skimmer is equipped to work exactly like a scanner, but usually has a sinister purpose.
RFID technology is used to identify inventory in stores, books in libraries, and other things for which rapid electronic cataloguing is highly useful. A growing number of companies and countries are using RFID technology to identify their workers and citizens as well. In the United States, for example, passports have embedded RFID devices which customs agents can quickly scan to get information about the passport bearer. Corporately, RFID tags are used to clock employees in and out, as well as manage information about them. Credit card companies have also begun to offer tags with RFID capabilities, so that consumers do not even need to take out their wallets to pay.
An RFID skimmer can signal RFID tags in its vicinity and record the responses. Used at a checkout line, for example, an RFID skimmer could acquire credit card numbers and other information from individuals with RFID tagged belongings. An RFID skimmer can be powerful enough to pick up signals from RFID tags in a wide radius. This means that identity thieves can quickly walk through a crowded area and leave with a wide range of information.
An RFID skimmer could be used to recover the information from a remote key fob to start a car. Once the skimmer had the information, the user could trick the car into unlocking, making theft very easy and also very difficult to prove in court, because the car would show no evidence of forced entry. Credit card information acquired with an RFID skimmer could be used to make unauthorized purchases on a card holder’s account. If the card holder was unfortunate enough to have RFID encoding on his or her identification as well, the RFID skimmer could collect that information as well, making fraud even easier.
It is alarmingly easy and inexpensive to build a reasonably high powered RFID skimmer, which has raised questions about the safety of RFID technology. For the time being, users are advised to be aware of what information they may be inadvertently broadcasting with RFID tags, and to take steps to ensure the security of that information. Frequent review of financial accounts to quickly detect fraud should be done in any case, but especially if you own RFID enabled credit cards or identification.