Your plastic money is easily copied

Discussion in 'Off-Topic' started by strantor, Dec 28, 2015.

  1. strantor

    Thread Starter AAC Fanatic!

    Oct 3, 2010
    4,302
    1,988
    I got this text message from my bank yesterday :



    Screenshot_2015-12-28-06-23-592.png


    I don't shop at Kroger so I immediately knew it was not a legitimate charge. I checked my wallet, my card was still there. I googled Kroger #366, and it is here in Houston where I live. I called the bank and asked how someone else used my card when it hadn't left my wallet, and how their system knew to flag it as a fraudulent charge since it was well within my region (usually I only get these alerts when I travel). They said:
    • It was flagged because previous to that $89.39, there were other charges of very similar amounts. I checked my account and sure enough there had been a couple of charges of $87.55 at Kroger.
    • My card was likely duplicated from information obtained over the internet, or from a hacked card reader at a local business.
    Duplicated? I'm sure this isn't news for all of you, but it was news to me. I had no idea you could copy a credit card.

    Being that the charges were attempted just up the road from me, I think odds are that my info was not gathered from an online source, but more likely from a local business or ATM.

    I researched more and found out that there are devices sold over the black market that fit over ATM and gas pump card slots, that record your card info as you swipe. They are made to order, made to look exactly like the original card slot on the machine. They employ modern technology and are very sleek, slim, and look just like part of the machine. If you aren't an expert on the machines, you likely wouldn't notice the addition. At ATM locations, they are often paired with a hidden camera (usually installed in a brochure holder) to record you keying in your PIN.

    here's a picture of a "skimming" device:

    [​IMG]

    The criminal rips the original out and replaces it with this. Could you honestly tell that isn't OEM equipment?

    There are some which are a little bit easier to identify:

    [​IMG]
    ^This was installed on a RedBox movie machine.
    Below was installed on an ATM

    [​IMG]

    http://www.scambusters.org/skimming.html

    This type of fraud is skyrocketing people! If you didn't know before, now you do; take it from me, they can get your card, copy it, and use it. When they do, they will start making small purchases on it at to avoid you being alerted to it. They don't know how much is in your account and they don't want to make big purchases that get declined, so they go buy lots of smaller value items which they can resell (hence the multiple similar-value charges which activated my bank's anti-fraud algorithm; I hope you bank's is as good as my bank's).

    These things are being made for every type of card slot now! Those little table-top game tablets at TGI Friday's, RedBox machines, soda machines, ATMs, gas pumps, parking toll machines, EVERYTHING!

    Use cash (obtained from your BANK TELLER) whenever and wherever possible. If you can't use cash, use your debit card as credit. Avoid typing in your PIN at all costs, because if they get your PIN they now have access to your balance statement and they can simply wipe out your entire balance rather than fussing around buying & selling expensive cologne from Kroger.
     
    tjohnson and shortbus like this.
  2. dannyf

    Well-Known Member

    Sep 13, 2015
    1,771
    358
    It really isn't. If anything, that kind of fraud has been on a steady decline, thanks to the proliferation of chipped cards.

    Not convenient.

    Your debit cards have the same (lack of) protection as your credit cards. Except that when there is a fraud on your debit card, you are on the hook, vs. your issuing bank. If anything, credit cards should be used precisely in this case.

    The focus of the industry now is on the prevention of online fraud. Offline fraud, the kind you experienced, is trivial.

    BTW, CapOne probably has the best fraud detection in the industry.
     
  3. strantor

    Thread Starter AAC Fanatic!

    Oct 3, 2010
    4,302
    1,988
    Where are you getting this information?
    My claim was regurgitated information from articles I read on the topic, which may have been dated.
    When I went looking for trend data just now, all data from reputable sources is from 2013 and previous.
    Here is what I got from FICO:
    ficofraud.png
    According to FICO, and pretending it's still 2013, this type of fraud IS on the rise.
    Maybe the chipped cards have decreased the number of occurrences since 2013 but I cannot find any data that supports that claim. I cannot find any that refutes it either.

    But I know what I see out in the real world, and what I see is that the only store I've been to that consistently requires me to use the chip in my card is WalMart.


    I can't argue with that, but I can argue that it's more convenient than having all your money stolen.


    I wasn't arguing the case of not using credit cards. I was arguing that, when using a debit card, run it as a credit card (as in, do NOT input your PIN). This prevents a scammer who has obtained your account info from obtaining your account balance and simply withdrawing the entire balance at an ATM. It limits the scammer to making small purchases at POS terminals.

    It wasn't trivial TO ME! and it won't be trivial to anyone else who experiences it either. Which is the intended purpose of this post; to make people aware of the danger so they can limit their damages.
    This post wasn't intended to be a discussion of whether or not physical card fraud is a legitimate danger (which it obviously is)
     
  4. wayneh

    Expert

    Sep 9, 2010
    12,091
    3,027
    I use ApplePay whenever I can, mostly because it's cool, but also because it's safer. It's a pet peeve of mine that I still have to sign my signature some times when using Apple Pay or the chipped cards. That defeats one of the main safety features
     
  5. dannyf

    Well-Known Member

    Sep 13, 2015
    1,771
    358
    Assuming that the device can withstand attacks - that's where a closed system like the iPhone has an advantage over Android.

    Technology-wise, tokenization is the future. For tokenization to work, you have to encode locally, which opens you up for new attacks.

    BTW, the more (technologically) interesting one is SamsungPay.

    Of all the payment technology, AliPay is probably the most amazing. There isn't a whole lot known about it from a technology point of view. However, its widespread uses in China, the volume it processes, and the seemingly low-tech requirement, and the fact that there has not been (known) large scale and successful attacks on it is remarkable.

    The signature isn't there for safety - it is there thanks to the lawyers.
     
    Last edited: Dec 29, 2015
  6. tcmtech

    Well-Known Member

    Nov 4, 2013
    2,034
    1,626
    My wife has a very effective counter defence to her cards getting hacked.

    Simply keep all credit cards maxed out and only pay the minimum amounts plus keep all bank accounts that are tied to cash cards dead flat. :rolleyes:

    In a way it's based on the old concept of can't steal what's not there to take. ;)
     
  7. wayneh

    Expert

    Sep 9, 2010
    12,091
    3,027
    That's part of the argument for not carrying cash, also. I rarely have more than $80 or so in my wallet.
     
  8. tcmtech

    Well-Known Member

    Nov 4, 2013
    2,034
    1,626
    Personally I prefer to carry cash and don't care for the card payment system myself.
     
  9. #12

    Expert

    Nov 30, 2010
    16,257
    6,757
    Nope. My bank bought into that account monitoring software and it sent me a notice that I was paying one of my monthly bills every month. (No Sh!7, Sherlock!)

    I had a wife like that. I called it, "Having all the debt you can service"...kind of like our Government.
    You gots credit? Spend until it's all you can do to pay the minimum each month. Somehow, that's a sign of Prestige.:confused:
     
  10. joeyd999

    AAC Fanatic!

    Jun 6, 2011
    2,675
    2,721
    I think I detect sarcasm here.

    But, just in case you're serious, the price she is paying for "security" is a hell of a lot of interest! Too expensive for my blood.
     
    tranzz4md likes this.
  11. strantor

    Thread Starter AAC Fanatic!

    Oct 3, 2010
    4,302
    1,988
    Right!
    I think I'll go out and apply for more loans. I'll buy more and more crap every year and then somehow convince people to praise my "annual growth."
     
  12. GopherT

    AAC Fanatic!

    Nov 23, 2012
    5,990
    3,734
    Just make sure your purchases are on sale so you can show your spouse how much you are "saving" each year. You'll be ready for retirement in no time.
     
    strantor likes this.
  13. #12

    Expert

    Nov 30, 2010
    16,257
    6,757
    I promise to be envious of you and stand in awe at your obvious wealth.;)
     
    strantor likes this.
  14. JoeJester

    AAC Fanatic!

    Apr 26, 2005
    3,373
    1,157
    My bank went to chipped cards.

    Before I got chipped cards, I did have one card stolen, but the bank declined a purchase of 300 of gasoline in east texas. I only use that card in a few locations, so I knew where it was stolen and found out a week later my waitress was fired from that place.

    Exercising due diligence, I replaced that card once I found out about the decline.

    Yes, I am wary of "added devices" when I swipe my card in vendors and at ATMs.
     
  15. cmartinez

    AAC Fanatic!

    Jan 17, 2007
    3,555
    2,516
    This is really strange... here in Mexico we've had chipped cards for at least 10 to 15 years already! and yet in the US they're almost novelty.

    I wonder if anyone's yet figured out how to clone a chipped card.
     
  16. JoeJester

    AAC Fanatic!

    Apr 26, 2005
    3,373
    1,157
    If man designed it, it is hackable and cloned.

    Chipped cards were available for a long time in Europe as well. Compared to the U.S. how many cards and card machines are in other countries? I'm sure the sheer numbers and cost to replace them all in the US prevented a mandate.
     
  17. wayneh

    Expert

    Sep 9, 2010
    12,091
    3,027
    They're mandated now. Cards without chips should be gone forever in the next few months.
     
  18. Wendy

    Moderator

    Mar 24, 2008
    20,765
    2,535
    Won't help with online purchases though.
     
  19. atferrari

    AAC Fanatic!

    Jan 6, 2004
    2,645
    759
    Hola strantor,

    They moved in one definitive direction. When I read Electronic payment evangelists say largely cash-free economy has cut costs and reduced crime rate I remembered your post.

    Look here
     
  20. cmartinez

    AAC Fanatic!

    Jan 17, 2007
    3,555
    2,516
    I'm afraid that a cashless society is the perfect dream of a totalitarian government.
    Imagine being able to track every single citizen's economic transaction.
     
Loading...