An RFID blocker could be a lifesaver — here's why

Menu to add a payment card, transit pass, loyalty card, or gift card to Google Wallet
(Image credit: Michael Hicks / Android Central)
Gadget Weekly

Inspector Lloyd

(Image credit: Android Central)

Join Namerah Saud Fatmi as she explores the cool, quirky, and sometimes downright odd world of smartphone accessories, gadgets, and other nerdy toys every week.

Ever heard of an RFID blocker? If you're interested in wallet cases for your phone or even wallets in general, you might have heard the term. A lot of wallets and wallet accessories, such as MagSafe wallet add-ons, boast RFID-blocking as a feature. What is this feature, and why is it important anyway? I'm here to shed some light on this matter.

Contactless payments weren't as widespread a couple of years ago, but they're all the rage right now. NFC-based services like "Tap to Pay" and the marriage of Google Wallet with Google Pay have ushered in a new era where we feel comfortable storing our credit cards, debit cards, IDs, and even driving licenses digitally. Our overall trust in such payment methods has increased. Even modern debit and credit cards that use "Tap to Pay" rely on NFC to work.

Unbeknownst to most people, however, this system has a glaring security flaw. Although many security mechanisms protect personal and financial details when you depend on contactless payment mechanisms, these NFC-based systems are still unable to prevent certain activities.

Don't worry; I'm not going to bore you with technical details that you don't understand anyway. The problem is extremely simple, to the point that it's ridiculous.

Understanding contactless payments

Let's start by breaking down how NFC-based payments are made. You use your phone's or smartwatch's Google Wallet or e-wallet by enabling NFC and adding your supported credit or debit cards to it. Most banks in the world require you to set up limits for contactless digital transactions. Select transactions over a certain limit may require additional authentication, such as a PIN, a one-time password (OTP), or biometric verification.

However, for contactless digital transactions within the bank's specified limits, your device does not usually need additional authentication after initial setup and verification. After all, this is what makes it a convenient payment method on the go. You tap your device or "Tap to Pay"-enabled card to make a payment, and then you're off on your way.

Google Wallet on Wear OS device, TicWatch Pro 3

(Image credit: Chris Wedel/Android Central)

The problem with relying on NFC is that it activates as soon as it detects a compatible payment device nearby. Your Android phone, wearable, or card automatically makes a payment when it detects a compatible machine nearby, usually if the phone has been unlocked within a few minutes of the purchase. As long as your device's NFC is enabled, this will happen automatically. It gets worse with your cards because those don't have the option to disable NFC.

You could place your wallet or phone near a contactless payment card machine, and it could automatically make a payment, even if you didn't intend to use it. Now, this might sound silly, but there are actual reports of people facing this issue.

For example, a user called Aram Dermenjian 2298 took to the Google Wallet support page to address this issue in January 2023. The user complained that their Google Wallet made a payment without their consent because of the unlocked phone's close proximity to the payment machine.

(Image credit: Google)

Aram Dermenjian 2298 had no intention of paying for their purchase with their Google Wallet's primary card as it was a business expense. However, because of the nature of NFC payments, the payment automatically went out because their phone detected the payment machine and initiated the transaction.

I am not a fintech professional by any means, but this non-consensual transaction sent alarm bells ringing through my head. There are so many unfortunate scenarios where this flaw could be taken advantage of. The worst part is that the only real solution to this is to disable your NFC when your wallet isn't in use or to add more passwords and locks for additional verification, which kills the convenience of the system itself.

This is where RFID blockers come in

While you can add a ton of extra preventive measures to your phone or wearable to stop this from happening, things aren't as easy with your credit or debit cards. This is where RFID and NFC-blocking wallets come into play.

The best way to block NFC or RFID signals is by using an aluminum plate.

The best way to block NFC or RFID signals is by placing an aluminum plate on top of your cards or on the back of your phone. This can be done with the help of an RFID-blocking wallet or wallet case for your phone. Fortunately, these can be found a dime a dozen. It is a pretty simple and easy idea that reduces the number of things you need to carry. Most importantly, however, this solution prevents unfavorable scenarios from happening, such as unintentional payouts from your e-wallet or bank cards.

You can find an RFID-blocking wallet or wallet case at affordable pricing from most retailers. If you're using a flagship phone like the Galaxy S24 Ultra, recommend the Scooch Wingmate as it's a wallet case with an RFID-blocking metal plate baked in.

If you don't want to buy an accessory, even some aluminum foil will do the trick. Now that you're aware of this situation, be sure to take the necessary precautions.

Namerah Saud Fatmi
Senior Editor — Accessories

Namerah enjoys geeking out over accessories, gadgets, and all sorts of smart tech. She spends her time guzzling coffee, writing, casual gaming, and cuddling with her furry best friends. Find her on Twitter @NamerahS.

  • gomezz
    I use a Bixby routine to turn NFC on and off as I fire up Google Wallet and close it down. That and blocker inserts in the wallet of my choice does the job for me.
    Reply
  • SnowyRVulpix
    If Android makes a payment as soon as it detects a payment terminal, that is a VERY serious design flaw.

    I've only just moved over to Android from iOS and on iOS, not only did the iPhone wait for me to activate it before the NFC chip was active, but it used one time codes instead of being copyable.

    Is it a deal killer? No. But I am very disappointed to learn about this flaw. It should not be activating until I've activated it (I have my Pixel set up to activate on a double tap to the back) and chosen a card.
    Reply
  • Village_Idiot
    Keep in mind, by close, we are talking within a foot of the card or phone NFC chip or radio. RFID is by design not supposed to work beyond that. Many tap-to-pay POS systems have their transmit power up too high. The simplest solution is to lower the transmit power of tap-to-pay transmit power down to the bare minimum needed for it to work.

    Also, there will always be a trade-off between convenience and security. Generally speaking, more convenience equals less security. I use Samsung Pay and I have it set up to require my fingerprint or PIN every time I use it; even if the phone is unlocked.
    Reply