By Claudia Buck
The tiny plastic chips embedded in passports and credit cards are primarily designed to thwart fraud and counterfeiting. But they also make many credit card users and travelers uneasy about the potential for someone with prying eyes trying to steal their personal data.
Susan Levitsky, a seasoned traveler who spent a month last fall in France and Morocco, said she’s concerned. “I’ve heard that the chip allows a thief with a scanner to walk by you and scan your cards while they’re still in your purse, unless you have them in a protective case.”
While her credit cards and passport aren’t new enough to contain a microchip, Levitsky said she’s feeling “the pinch” of needing to be prepared.
How big a worry?
The chip technology is different between passports and most credit cards.
With credit cards, the tiny chip contains encrypted data that are activated only when the card is inserted into a designated “smartcard” reader, such as at a store or restaurant. So fears of having someone “skim” your microchipped credit card are largely unwarranted, security officials say.
Passports, however, use a different technology known as RFID (or Radio Frequency Identification), the same type used to tag clothing, pets, even artificial replacements for hips and knees. When embedded in a U.S. passport, the chip can be scanned only by someone at close range with an RFID reader, usually within a couple feet.
While there’s valid concern about having your microchipped passport “skimmed” by a tech thief, actually having it happen is unlikely, some security officials say.
“Yes, someone nearby could read what’s in your wallet. That’s why I keep my passport in an RFID-shielded wallet,” said G. Mark Hardy, president of National Security Corp., based in Rosedale, Md., which provides cybersecurity expertise to government and corporate clients.
But, he said, “it’s less likely to happen, at this point in time, because it’s so much easier to do fraud some other way.”
Since August 2007, all U.S. passports have come embedded with an RFID chip, intended to deter fraud and improve security. The chip contains the same information as on the passport’s picture page, including a digital version of your passport photograph. (You can still use a pre-2007 passport that doesn’t contain a chip. Once your passport expires, a new one will contain an RFID chip.)
According to the federal Bureau of Consular Affairs, the passport chip is designed with security features to thwart unauthorized access. Also, it can be “read” only when the passport book is open. When the cover is shut, the information on the chip supposedly can’t be scanned by an RFID device.
Separately, a newer U.S. travel document, a wallet-sized passport card, also has a chip. It contains only an identification number, not personal information from the card itself. However, “To address concerns that passport card bearers can be tracked by this technology,” the consular bureau’s website says, “We are requiring that the vendor provide a sleeve that will prevent the (passport) card from being read while inside it.”