Image: Chase Bank credit card with RFID technology © Thomas Cooper, Getty Images

Chip ahoy! Are RFID credit cards secure?

Ask any of the estimated 9 million Americans who become victims of identity theft each year: Getting billed for someone else's credit card charges stinks.

Enter the "radio frequency identification" credit card. Designed to provide extra layers of security against identity theft, an RFID card transmits credit card information through radio waves from a chip embedded in the card. (The cards also have a magnetic stripe on the back so you can swipe it in the traditional way.)

If you're using a card with an RFID chip and your merchant has a compatible card reader, you don't have to swipe your card when making a transaction. You merely hold your card within one to four inches of the card scanner. This practice raises questions as to how safe the technology is and whether you should protect your RFID card with a special wallet or card sleeve. Here's the skinny on RFID credit cards.

Benefits of the RFID card

Available through credit card companies such as Visa, MasterCard and American Express, RFID cards eliminate certain security hazards posed by traditional cards but could make you vulnerable to others. According to Denis G. Kelly, the author of "The Official Identity Theft Prevention Handbook" and the chairman of the Identity Ambassador Commission in Seattle, the security benefits of the RFID cards are threefold: limited card exposure, data encryption and new authentication codes.

A side benefit: RFID cards also help speed the checkout process. "RFID technology tends to cut the overall transaction time (of a credit card purchase) in half," says Kelly.

Because the technology doesn't require a cardholder to physically remove the card from a wallet, RFID can eliminate the need for waiters, retail clerks and other salespeople to handle your card, Kelly points out. That creepy guy lurking behind you at the grocery store? He won't get a chance to see your credit card info because you'll never have to take your card out.

Does RFID make it easier to steal?

The new technology causes some to worry that it's now easier to steal RFID credit card information. Because your RFID card allows you to complete transactions without pulling out the card itself, critics argue that identity thieves could swipe your credit information simply by placing an RFID scanner nearby.

Jay Foley, the executive director of the Identity Theft Resource Center in San Diego, admits that thieves could get your card information remotely through a scanner, but adds that they probably wouldn't be able to use it. Unlike magnetic stripe cards, RFID credit cards encrypt a cardholder's information. To access a consumer's account, thieves not only have to scan the card but must also break the card issuer's encryption.

Authentication code

RFID cards also create a new authentication code for each transaction. If identity thieves nab info by physically skimming a traditional credit card, they can use that information as many times as they like, racking up purchase after purchase until the card gets reported. If all they have is the information from your RFID chip, they can make only one purchase with that authentication code.

"If someone captures your (RFID) card (electronically), the most they can use it is one transaction," Foley explains.

But of course the encryption and authentication code helps you only if your card information is swiped remotely from an unauthorized scanner. If thieves physically nab your RFID card, they can still use the magnetic stripe all over town until you alert the authorities.

Reports of RFID hacking

There's no doubt that limiting who handles your credit card and the number of purchases thieves can make on stolen accounts will significantly increase card security, but questions remain as to the reliability of RFID credit card encryption.

According to a University of Massachusetts, Amherst, study published in 2007, researchers purchased a commercial RFID scanner over the Internet and accessed sensitive information on 20 different first-generation RFID cards issued in 2006.

One year later, a University of Virginia graduate student successfully hacked RFID encryption found in rechargeable bus and subway cards issued by the Massachusetts Bay Transportation Authority.

It's worth noting that, to date, there's never been a major RFID credit card breach outside of a lab, but that's not stopping retailers from selling aluminum-lined wallets and card sleeves designed to disrupt unwanted radio waves from reaching your cards.

Click here to become a fan of MSN Money on Facebook

Protecting your RFID credit card

The first step to protecting yourself from RFID identity theft is simply knowing if you have an RFID-enabled credit card. You can find out by calling your credit card company, reading your card agreement or checking your card for the presence of an RFID chip or RFID logo, which looks like a series of expanding ripples or waves.

Consumers concerned about the security of their RFID card can purchase an RFID-blocking wallet or credit card shield, although both Kelly and Foley insist that such protection products aren't absolutely necessary at this point.

"If it's that big a concern to you," says Kelly, "I probably recommend not using an RFID card."

More from IndexCreditCards.com: