RFID skimming is the wireless interception of information from RFID chip-based debit, credit and ID cards and other documents, such as passports.
The purpose of RFID skimming may be simple theft of funds or more complex identity theft. Most typically, thieves use an NFC- (near-field communication) enabled device that records unencrypted data from the card's RFID chip, which is broadcast into the air. In the case of a credit card, for example, the data might include the card number, expiry date and card holder name -- all that's required for transactions and, for many applications, to establish identity.
Many smartphones are equipped with NFC and more mobile devices, such as tablets, are slated to have it. RFID skimming apps can be loaded onto mobile phones and devices can be constructed that are capable of reading RFID broadcasts at distances up to 15 feet away.
Potentially, RFID skimming is an even greater risk with debit cards, because banks often lack any policy to protect customers from fraudulent charges. The payment card industry has stated that safeguards are in place to make RFID-based cards secure. However, many researchers have demonstrated that the cards can be exploited.