My wife and I recently signed up for our first joint credit card. This will allow us to do things like buying plane tickets to see each other and dinners out without having to constantly update our Karma spreadsheet. The Karma spreadsheet (thanks Google) will remain in use for non-credit purchases.
That’s not what this post is about.
What it is about is the plastic cards that come with the account. When I arrived here in New Orleans today, I opened up the envelope and dutifully read the documentation that came with the credit cards. I noticed a mention of the cards having “Blink” contact-less checkout ability. I felt a lurch in my stomach. Sure enough, a quick inspection of the card and some googling revealed that this “Blink” thing is nothing more than a nice name for RFID.
RFID is insecure as used in this application. Your credit card number can be read from afar (up to 69 feet) while sitting in your wallet in your pocket or purse, without your knowledge. As detailed in the linked article, it is then trivial to create a duplicate card.
Of course, our government is also keen on RFID in passports. In the case of Chase, it turns out you can simply request new cards or get creative with a drill. I was going to do the latter, but ended up doing the former, because I want it to register with Chase that I don’t want RFID in my credit cards. It was no problem getting new cards ordered — for all my quibbles with Chase, their customer service on the phone is generally both helpful and English-speaking.
If you want to de-RFID your passport, I believe the recommended method is by hammer blow, but here are instructions for making an RFID-fryer from a disposable camera. Apparently tampering with passports is punishable by up to 25 years in prison, so tamper at your own risk.