Jump to content

Yes, COMPLETELY OT - BUT PLEASE READ

Hybrid_From_Hell

By Hybrid_From_Hell
in International Forum

 Share

Recommended Posts

Hybrid_From_Hell

Hybrid_From_Hell

Posted
Posted

Credit Card Cloning :(

There is a new trick that a friend of mine was caught with

Goes to petrol station fills up puts card into machine

Petrol assistant asks for PIN NUmber to be entered - he entered it

Assistant then says "Oh sorry" theres an error - and asks you to rekey it

What has happened is that he didn't put the amount in for the fuel, you then key in you pin

which shows up on the screen as keyed info (should have been fuel amount)

He then wipes number (Has now your pin) asks for you to rekey, and it goes through

He has the reciept with your Card number on it AND now has the pin

BEWARE

Nige

Flame if if you wnat - just thought this should be made aware, he has had his account emptied overnight :(

But they have arrested fuel chap :D

Link to comment
Share on other sites
CwazyWabbit

CwazyWabbit

Posted
Posted

I think they do on the retailer's copy.

Chris

Regardless of whether they have the card number once they have the pin they quite often nick the card one way or the other. There is also at least one technique where a stolen card can be used in a machine without knowing the correct pin.

Link to comment
Share on other sites
BogMonster

BogMonster

Posted
Posted

I think they do on the retailer's copy.

Chris

Correct. On the terminal at my old job, the cardholder's copy had the first twelve digits blanked out as most cardholders are too stupid not to lose their receipts, but the retailer copy has all the information on it.

So with the PIN and a copy of the retailer receipt you have the card number, expiry date and PIN which is probably enough to generate a new card. Didn't realise the number showed up on the screen from the PIN pad though - that's a big design flaw :rtfm:

Having said that I think there is an assumption that anybody being issued with a terminal is not going to be a criminal, which is probably a bad assumption to make these days. I was forced to use my card in a questionable petrol station while I was over there on holiday recently, and I watched my account like a hawk for about a week afterwards, though nothing happened.

Link to comment
Share on other sites
CwazyWabbit

CwazyWabbit

Posted
Posted

......

So with the PIN and a copy of the retailer receipt you have the card number, expiry date and PIN which is probably enough to generate a new card. Didn't realise the number showed up on the screen from the PIN pad though - that's a big design flaw :rtfm:

....

The pin is showing up because it is being entered by the customer at the point where the retailer should be entering the value of the sale, the 'attack' relies on the customer not reading what is on the hand held terminal from what I can tell. So it isn't really a design flaw, hence there could be problems with getting money back from the bank.... JMHO

Link to comment
Share on other sites
Smego

Smego

Posted
Posted

If you are scammed that easy you deserve to loose the money IMHO!

the amount of people who do not cover their hand when putting the pin in is amazing how many garages have camera's pointing directly at the terminal (to record attacks on staff they say)?

Link to comment
Share on other sites
GBMUD

GBMUD

Posted
Posted
amazing how many garages have camera's pointing directly at the terminal

In Tesco the other day waiting for SWMBO at the till, I noticed that for every till there is a smoked dome type camera housing. Each one of these could be housing a camera pointing directly at the PIN pad. I am sure Tesco have many legal ways of separating us from our money, but still not good IMHO.

Chris

Link to comment
Share on other sites
Sirocco

Sirocco

Posted
Posted

If you are scammed that easy you deserve to loose the money IMHO!

the amount of people who do not cover their hand when putting the pin in is amazing how many garages have camera's pointing directly at the terminal (to record attacks on staff they say)?

what your basically saying then is 'fraud is fine' 'they were asking for it'?

My card has been done twice now and Lloyds have been very good about it returning all funds to the rightfull owner.

G

Link to comment
Share on other sites
Diablo

Diablo

Posted
Posted

In Tesco the other day waiting for SWMBO at the till, I noticed that for every till there is a smoked dome type camera housing. Each one of these could be housing a camera pointing directly at the PIN pad. I am sure Tesco have many legal ways of separating us from our money, but still not good IMHO.

Chris

Those cameras are pointed at the cash drawers to see what the employees are up to.

Link to comment
Share on other sites
pete3000

pete3000

Posted
Posted

To follow on from this one, with another way in which fraud is happening now chip and pin and delivery restrictions are enforced. Mail/telephone order you ring up order your gizmos give your card details, exp date, last 3 etc.

The Salesperson Fraudster then tags another expensive order on to your card to be delivered express delivery, to your house (card registered keeper address). Hours later you get a phone call supposedly from the company (they have your contact details) saying there has been a mistake with the order, wrong much more expensive item has been dispatched.

Not to worry they have now dispatched the correct item (the one you ordered probably on economy/standard post)and the wrong one will be collected by courier at their expense, and that your correct part will be with you in a day or so.

Wrong item is delivered to your house and you sign for it.

Hours later courier turns up in a white van to collect wrong parcel.

Your real parcel turns up a day or so later, all good?

Your credit card statement comes in at end of month, with both items invoiced and signed for by you.

You ring up card company and shop and say I sent the expensive one back, the courier company collected it.

shop: We have no record of any collection, who did you give it to?

you: Bloke in a white van?

Penny drops.

Link to comment
Share on other sites
simonr

simonr

Posted
Posted

One of the big problems, from a retailers point of view anyway, is that after the Banks realised that Chip & Pin did very little to prevent fraud, they persuaded the Government to change the rules, making the Retailer fully liable for any card fraud. If you put through a fraudulent transaction, the amount will be debited from you plus a £28 charge-back fee.

I agree that the retailer has to take some responsibility for fraud prevention, but this move has removed ANY incentive for the banks to do anything about it as now it's not costing them a penny - and arguably they make more out of the chargeback than they would have out of the transaction. They also keep any fixed fee for the payment (any percentage fee, you get back).

This change was implemented when the government were pushing the banks to introduce photo or bipmetric cards - much better idea IMHO. I think the banks persuaded them that having the retailers police the system would be more effective (and cheaper for them).

I've only had a few of these and only at shows. Someone has used the correct Pin number - so how the hell are you supposed to tell they are a criminal? Now they have implemented address verification on most terminals, its much better - but still not foolproof.

The full card number is printed on the retailers copy of the receipt. I cannot see a good reason for this! If I were cynical, I would think its so the banks can blame the retailer for leaking card numbers, should the receipts get lost / stolen.

Also, the most valuable part of the card number is the last four digits. If you have the expiry, pin and last four digits, you have the check digit which tells you if the rest of the number is correct. The first four digits tell you which bank and the next three of four, the branch. This dramatically limits the number of possible combinations you have to go through to find the rest of the number from 999999999999 to about 5000000. A computer running a LUHN checker (the formula used to generate the check digit) can find all the valid card numbers with those last four digits in a couple of seconds. Worryingly, there is rarely more than one valid combo if you limit it to UK banks. So, really, the card receipt should have a different combination of digits such as the first four and the last one.

Being that there is no incentive for the banks to do anything about it - only Governments can force a change - so get lobbying!

Si

Link to comment
Share on other sites
Quagmire

Quagmire

Posted
Posted

Another Petrol Station trick is that the bad guys fill up a mahoosive car, usually next to a small thing like an Aygo then walk in and "accidentally" pay for the Aygo pump. They then drive off and if they are pulled up on it they say it was an honest mistake. They have in the meantime driven off with a not insignificant amount of fuel unpaid for...

Link to comment
Share on other sites
Steve King

Steve King

Posted
Posted

The other thing is ringing up your local takeaway and ordering a meal.

They have your card No, expiry date, security code and your address. In fact everything needed to place an order on a website - just need to give an alternative address for delivery.

Your card details could be written on a scrap of paper for all (including cleaners and mates of the staff) to see before the payment is processed.

Far fetched?? No - it happened to my wife!!!

At work we obscure card or bank details on insurance proposals once we have processed the transactions. Others may not be as diligent!!

Personally I think card transactions on the net and in person are safer than giving details over the phone, but stay sharp!!

Link to comment
Share on other sites
Hybrid_From_Hell

Hybrid_From_Hell

Posted
  • Author
Posted

Just to add to this

His bank are "Looking into this and consideruing his request for compensation" :(

So, he ha financial probs as well now !

Don't expect your bank just to pop all the money straight back in, it can take a while................

In the past I worked for a corporate Bank, when I saw frankly how poor the security really was - and the probs that then had on the poor

customers, I made a desicion then which has servred me well ever since.

I have a "Main" bank account - this has NO cards attched to it, so the only way I can get to the money (or anyone else for that matter :lol: ) is to

"Transfer" to the "Second" account I have, whih does have cards attcahed to it. Therefore if I am ever "Cloned" then there are always limited funds in that account,

no overdraft facility and I still have my "Main" account with funds in etc so I am not then in a financial problem. I use the main bank account to "feed" the 2nd account

which I then use for day to day tranactions

All my paypal accounts are linked to the "Second" account, and if needed I transfer out to the "Main" account

Means my main account is protected as there is no other link to it other than me transferring.

It may seem paranoid, but the voices in my head have always said its a good idea :P

HTH

Nige

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We use cookies to ensure you get the best experience. By using our website you agree to our Cookie Policy

  I accept