Correction: An earlier version of this story incorrectly described “chip and signature” or “chip and PIN” cards as examples of credit cards with RFID chips. Such cards contain a chip, but it is not an RFID chip. This version has been corrected.
At some point between the time she disembarked from a recent cruise in Miami and returned to Carmel, Ind., someone decided to go shopping with Jody Tzucker’s credit card. “They bought cigars and other odd things in Miami,” says Tzucker, a retired manager for a nonprofit association.
She suspects that the criminals may have skimmed her Visa account information while she was filling up her gas tank in South Florida. Or maybe not. Nowadays, hackers don’t even have to see your credit card to access the information on it. They can scan it from a safe distance.
One of the latest threats against travelers is invisible and silent: wireless attacks that siphon your credit card number, personal information and passwords. Anything with a radio-frequency identification (RFID) chip, including your passport or a credit card, can be read from afar. Thieves can also mine valuable data from your smartphone when it automatically logs on to a WiFi network.
Fortunately, there are a few simple ways to thwart these wireless assaults, including new luggage products and common-sense steps that protect your devices and credit cards.
As it turned out, Tzucker’s card didn’t have an RFID chip. And she was lucky. Before the cigar-loving thieves could finish their shopping excursion, her bank’s fraud detection algorithm tagged her purchases as suspicious, disabled her account and refunded the fraudulent transactions. And that may be one of the most effective solutions — having a bank that can stop fraud quickly and cover any losses. After the incident, Tzucker also switched to using a prepaid debit card when she traveled, which contains no personal information.
But others haven’t been so fortunate. Nearly half of all travelers use their smartphones to access the Internet when they’re on vacation, according to a recent survey by security firm Kaspersky Lab. One-third of phone users store their passwords to online accounts, including bank and social networks, on their devices. While any phone can be a target, the most vulnerable wireless devices run on the Android operating system, according to Kaspersky.
The luggage industry offers one possible solution: new backpacks and suitcases with protective linings to shield your IDs and wireless devices.
This month, luggage manufacturer Briggs & Riley, based in Hauppage, N.Y., will add RFID-blocking pockets to its new @work briefcase and bag collection. The models offer two pockets with electromagnetic shielding, one for IDs and passports, the other for a smartphone or a tablet computer. The black ballistic nylon cases, priced from $129 to $479, are designed to appeal to privacy-conscious business travelers.
Richard Krulik, Briggs & Riley’s chief executive, says that his company is constantly adapting to the concerns and demands of travelers, something he refers to as “reality engineering.”
“Increasingly, travelers are coming to rely on their luggage to keep more than their belongings safe,” he adds. “They need protection for their personal information and data.”
Escape the Wolf, a travel security company based in Virginia Beach, is also introducing a product this month, aimed at leisure travelers and called the Zero Trace Two-Day Backpack. It offers a large interior compartment to store any electronics you want to protect from prying eyes or scans. The $199 backpack, which will be part of Escape the Wolf’s line of security-enhancing luggage, is minimalist on the outside but sophisticated on the inside for a reason, says Clinton Emerson, the company’s chief executive.
“Fancy gets you mugged,” he says. “Fancy gets stolen.”
A closer look at this technology suggests that the best strategy for preventing data theft when you’re on the road is a combination of electromagnetic shields and common sense. A series of tests conducted in 2011 by Consumer Reports concludes that products with electronic shielding can partially block the signal from a chip in a credit card.
Only credit cards with RFID chips are vulnerable to scans. Most credit cards in the United States don’t use this technology at present, although it’s gaining some traction, particularly among corporate travelers.
Wireless devices left in the pouches would run down the battery searching for a signal, and security experts say that an equally effective way to prevent someone from accessing them is to power down the device and remove the battery. However, that’s not an option with the most popular wireless devices, such as Apple’s iPhone and iPad, which don’t have an easily removable battery.
Experts say that making sure the WiFi settings on your smartphone or tablet are set so that they don’t automatically connect to any wireless network, and not storing passwords or credit card numbers on your phone, is an equally effective way to make sure hackers don’t access your data and steal your identity, or your money.
But luggage with electromagnetic shielding can’t hurt, either. It makes your information a less desirable mark. Hackers and ID thieves prefer easy targets, which come from unprotected wireless devices and credit cards emitting a clear, easy-to-intercept signal.
In a world of invisible and often unknown security threats, the new bags may make travelers such as Linda Snow feel a little safer. Snow, an actress who lives in Denver, says that many of her friends have had their identities stolen, some of them while traveling. “I’m more careful with how I handle my ID and phone,” she says. Now she’s thinking of upgrading her luggage, too.
E-mail Christopher Elliott at firstname.lastname@example.org.