Walk through any airport and you'll find a rack of RFID-blocking wallets promising to stop a thief from stealing your card data by walking past you in a crowd. The product category is real and the underlying radio technology is real. Whether the attack it's built to stop is a practical threat to your specific cards is a more complicated question than the packaging suggests.

Contactless payment cards, passports, and building access badges all use some form of RFID or NFC: a small chip and antenna that can be read by a nearby reader without physical contact. That's the same category of technology, but the three use cases have very different security models, and lumping them together is where most of the fear around "RFID skimming" goes wrong.

Contactless payment cards: harder to abuse than it looks

A contactless EMV payment card (the tap-to-pay chip cards most banks issue now) doesn't transmit your raw card number and a static CVV the way a magnetic stripe does. Each transaction generates a unique cryptogram using data on the chip and a transaction counter. Even if someone captured a full contactless read from your card in a crowded subway car, replaying that same data at a payment terminal generally won't work, because the cryptogram was generated for a specific transaction and the counter has already moved on.