[bff]

This is actually an active research area so a google scholar search can turn up interesting stuff from various security conferences. Here's a summary of what I've read and heard about:

If a chip has unecrypted personal data stored on it an attacker can easily gain access to it by stealing the device. If encryption is used throughout the chip then side channel attacks can usually break the encryption. This requires something like an oscilloscope, some resistors, and a soldering iron. The danger of this attack to a consumer depends upon what's stored on the RFID chip since the consumer will notice if someone has stolen their device and will have it disabled in short order.

To clone a tag that doesn't use encryption, for instance a tag that just sends an ID, you'd need a reader to query the tags and some device to copy the responses. This is probably the easiest attack but the reader, which needs to transmit a strong radio pulse and then listen for a response, either needs to be very large or in very close proximity and you could protect a card in your wallet by surrounding it in a metal mesh (which forms a faraday cage) so it's not clear how dangerous this could be in the wild.

If the communcation channel is encrypted then an attacker could listen to the query and response from a legitimate reader and RFID tag and could then replicate the legitimate response later. However, if there is any timestamp or counter involved this won't work.