HOUSTON – It may sound like science fiction, but identity theft experts warn thieves could be using your cell phone to steal your credit and debit card numbers. Worse, they warn, you may never know it happened.
Walt Augustinowicz, president of Identity Stronghold, warns that cards equipped with contactless pay technology could be at risk. Augustinowicz demonstrated the cards’ vulnerability recently during a visit to Bush Intercontinental Airport.
The KHOU 11 News I-Team watched as Augustinowicz was repeatedly able to read people’s credit cards through their wallets using a scanner easily found online, and hidden in an unassuming case.
But Augustinowicz remains convinced.
“When they say no documented case, they mean they’re not able to catch anybody, because it’s too difficult to catch,” he said.
While Rojas disagrees, he admits to carrying a protective sleeve in his wallet to protect his passport card which contains RFID technology.
“It’s just like wearing a belt,” Rojas conceded. “Most of us don’t need to, but it’s not a bad idea.”
Along with protective sleeves and wallets, you can also wrap your credit and debit cards in foil. That will keep your cards from being scanned by thieves.
Experts also say it’s important to make sure you trust the source of any application you download to your smart phone.
“Nobody thinks they are vulnerable,” said S.J. Malkani of Houston after Augustinowicz scanned a credit card still in Malkani’s wallet. “It always happens to somebody else, right?”
Wrong, according to Augustinowicz.
His company sells protective sleeves and wallets that block credit and debit cards containing the radio frequency identification (RFID) technology from being scanned.
“Off a credit card you can get the full 16-digit account number, the expiration date, sometimes their name,” explained Augustinowicz. He said it’s everything a crook needs to rip you off.
“Oh my gosh, how crazy is that?” asked Kori Hallmark, of Cypress, after Augustinowicz read her daughter’s credit card number.
Critics argue a potential victim would probably notice a thief scanning their wallets from only a few inches away. But Augustinowicz says picking your pocket is easier than ever since bad guys can now hide right inside your cell phone.
“You could really be in a cornfield in Iowa and get ripped off by someone in South Africa,” said Augustinowicz. He says vulnerable phones use near field communications or NFC. The technology allows people to make payments using their phones. But Augustinowicz demonstrated what can happen if a victim’s phone gets infected with a virus.
“When I put this card next to it here, it will actually scan that,” Augustinowicz showed the I-Team. In his case, the virus was hidden in a tic-tac-toe game he downloaded onto the phone as an application. The scanned credit card information was then sent to an e-mail account Augustinowicz set up.
“You could put your phone in your purse, it could scan your credit cards and five minutes later they could be buying something,” he said.
Or could they?
“There are limitations to how easily that can be done,” said Ernesto Rojas, President of Forensic and Security Services and a computer crime expert. Rojas says while electronic pick pocketing may look easy, it’s not practical for crooks.
“There are hackers in many countries around the world whose whole day is figuring out the next hack,” explained Rojas. “If they figured out how to hack an NFC reader for collecting credit cards, it would have been implemented quickly.”
But in a statement, the Smart Card Alliance an industry group pushing contactless payments, says it’s only seen attacks like the ones done by Augustinowicz in demonstrations and not in actual fraud.