1. Technical Field
The present disclosure relates to the use of radio-frequency identification (RFID) systems. More particularly, the present disclosure relates to devices, systems and methods for protecting personal data contained on an RFID-enabled device.
2. Discussion of Related Art
Contactless smartcards are increasingly available to consumers as an alternative to magnetic strip cards as a convenient way for storing personal data. Contactless smartcards are credit-card sized cards with embedded integrated circuits (also referred to as ICs, chips, or microchips). The chips used in contactless smartcards can be manufactured in a form called an RFID chip. RFID stands for Radio-Frequency IDentification. The acronym generally refers to small electronic devices that consist of a small chip and an antenna used to transmit data over radio frequency (RF) waves. Contactless smartcards are sometimes referred to as RFID-enabled cards, chip cards, or integrated circuit cards (ICCs).
Consumer RFID payment systems have been implemented that allow individuals to make an electronic payment for purchases, whereby payment can be made by simply waving a contactless smartcard (or a key fob, etc.) in front of a reader. Whereas magnetic strip cards and contact smartcards must come in physical contact with a reader, contactless smartcards can exchange information with a reader via magnetic, RF, infrared radiation or light. A typical RFID system is composed of three components: a reader (or “interrogator”); an RFID device (or “transponder”); and a host computer. The RFID device is composed of an antenna coil (e.g., wire loop or printed-circuit loop antenna) and a microchip that includes basic modulation circuitry and non-volatile memory. “Active” RFID devices are powered by batteries or other energy sources. “Passive” RFID devices lack power sources of their own; the power is supplied by the reader.
A multitude of contactless credit and debit cards, driver's licenses, transit cards, medical information cards, insurance cards, student ID cards, and all U.S. passports issued since 2006 as well as passports from many other countries are equipped with RFID chips. RFID chips can store all the personal data printed in a passport (e.g., name, birth date, address and physical descriptors) as well as the data for an electronic image of the passport photo. RFID-enabled credit cards can store the authorized card-holder's name, address, account number as well as the card expiration date on the RFID chip. Some smartcards include math co-processors for performing complex encryption algorithms. By virtue of their ability to store data on an embedded microchip, along with the convenience of not having to swipe a card through a scanner, or hand it to a cashier, contactless smartcards likely will continue to find new applications in the fields of banking, transportation, healthcare, insurance, social security, and other personal data.
In order to obtain the information contained on a smartcard, an RFID reader is used to activate the RFID device with RF energy and to extract information from the RFID chip. Contactless smartcards do not typically have an embedded power source. One common approach to providing power to the embedded chip is via a modulated magnetic field that induces a current in an antenna coil, which is typically laminated as an internal layer of a smartcard. This allows the information to be obtained from the embedded chip.
The ability to control the personal information one reveals, and who can access that information, has become a growing concern as that information is increasingly available electronically. Identity theft and identity fraud are terms used to refer to crimes in which someone wrongfully obtains and uses another person's personal data in some way that involves fraud or deception, typically for economic gain. In 2012, according to a report issued by the Bureau of Justice Statistics, 16.6 million people fell victim to identity theft, amounting to financial losses of $24.7 billion, paid by consumers and companies. Wireless identity theft, also known as contactless identity theft or RFID identity theft, is a form of identity theft wherein an individual's personal data is compromised via wireless devices.
Various methods and apparatus have been devised for shielding smartcards from RF electromagnetic fields which impart energy to power the RFID chip. One example of a reference that describes shielding smartcards is U.S. Pat. No. 7,482,925 assigned to Visa U.S.A. (herein “Visa”). Some of the embodiments described in Visa are temporary security measures to protect and shield newly-issued smartcards during transport through the mail to their owners, such as envelopes with metalized coatings and electromagnetic-shielding stickers attached to smartcards. Visa also describes a wallet with an “RF shield liner” configured to attenuate RF signals within the operation frequency range of the contactless portable consumer device contained inside a holding pocket when the wallet is folded in a closed configuration.
If a smartcard is not shielded by an RF shielding enclosure, the RFID chip can be powered up and accessed without the card holder's knowledge. Basically, anyone with an appropriately equipped scanner and sufficiently close access to the smartcard can activate it and read its contents. In some cases, the unauthorized scanning of a smartcard may be accidental, such as when the card holder is unaware that he has come within range of an active RFID reader. In other cases, the unauthorized scanning of the card may be intentionally executed by a party with a covert reader who is seeking to obtain the card holder's personal information without their consent.