Arachno 1D Posted July 23, 2015 Share Posted July 23, 2015 Consumers who use contactless debit and credit cards to buy goods or services could be unwittingly opening their bank account up to fraudsters, according to an investigation by Which? Researchers bought cheap, widely available card scanners from a mainstream website to see if they could Link to comment Share on other sites More sharing options...
n_K Posted July 23, 2015 Share Posted July 23, 2015 I think the upcoming new standard that people say apple pay uses is meant to help avert this because it forces encryption and you can't just read any plantext data, though I could be wrong? Link to comment Share on other sites More sharing options...
The Evil Overlord Posted July 23, 2015 Share Posted July 23, 2015 Not to fearmonger, but this is the reason why I preferred the old signature method, I know the pin codes for both my wife, and my elderly mother's cards. Ok it's a convenience thing in regards to my mother as she's lost a great deal of dexterity, but as I also know the pin codes for my wife, and she knows my codes, the cashier is completely oblivious to who's card is being used. (I'm guessing theoretically, a contactless card could be stolen, and used to make small purchases without the cashier ever knowing the card is stolen until it is reported, <same as chip and pin>) Link to comment Share on other sites More sharing options...
FloatingFatMan Posted July 23, 2015 Share Posted July 23, 2015 They -really- need to implement biometrics into cards and scanners, as well as full encryption... It's a lot harder to clone someone's card if you've gotta cut a finger off too! As for internet orders, it should be a legal requirement for all traders to ONLY ship to the cardholders verified address. Link to comment Share on other sites More sharing options...
n_K Posted July 24, 2015 Share Posted July 24, 2015 They -really- need to implement biometrics into cards and scanners, as well as full encryption... It's a lot harder to clone someone's card if you've gotta cut a finger off too! As for internet orders, it should be a legal requirement for all traders to ONLY ship to the cardholders verified address. No I don't agree. If I want to buy a gift for someone I have to have it delivered to my address and then I have to pay additional postage (not to mention more time wasted) to send it to them? Depicus 1 Share Link to comment Share on other sites More sharing options...
WelshBluebird Posted July 24, 2015 Share Posted July 24, 2015 They -really- need to implement biometrics into cards and scanners, as well as full encryption... It's a lot harder to clone someone's card if you've gotta cut a finger off too! As for internet orders, it should be a legal requirement for all traders to ONLY ship to the cardholders verified address. So goodbye to people being able to get packages delivered to work then! remixedcat and Depicus 2 Share Link to comment Share on other sites More sharing options...
FloatingFatMan Posted July 24, 2015 Share Posted July 24, 2015 So goodbye to people being able to get packages delivered to work then! Register your work address with the card issuer. No I don't agree. If I want to buy a gift for someone I have to have it delivered to my address and then I have to pay additional postage (not to mention more time wasted) to send it to them? You can't have both card security and freedom of delivery. Letting them deliver anywhere is just asking for trouble when your card gets cloned. Link to comment Share on other sites More sharing options...
WelshBluebird Posted July 24, 2015 Share Posted July 24, 2015 Register your work address with the card issuer. You can't have both card security and freedom of delivery. Letting them deliver anywhere is just asking for trouble when your card gets cloned. But that isn't my home address. And would then mean I couldn't get stuff delivered to my home if I wanted to! Link to comment Share on other sites More sharing options...
FloatingFatMan Posted July 24, 2015 Share Posted July 24, 2015 But that isn't my home address. And would then mean I couldn't get stuff delivered to my home if I wanted to! I have two addresses registered with my card issuer... Link to comment Share on other sites More sharing options...
remixedcat Posted July 24, 2015 Share Posted July 24, 2015 Mine doesn't let me have two addresses. Only 1. I wanted my mum's as an alt and they said I would have to have a biz acct to have multiple addresses. Link to comment Share on other sites More sharing options...
(Account no longer active) Posted July 24, 2015 Share Posted July 24, 2015 A friend with a USB contactless card reader was easily able to read data on his bank card. His metro card was a different story (well secured). Link to comment Share on other sites More sharing options...
Mando Posted July 24, 2015 Share Posted July 24, 2015 I have two addresses registered with my card issuer... As do I, infact 3 authorised addys, home, parents and my permanent place of work. im surprised this is even news, what did people think, that the makers would give a flying chuff about these items, that's the responsibility of the card issuers really. internet ordering really needs revised, its scary how easy it is to order stuff say using your parents CCard if you know the card number n expiry date, no real checks require further verification. you know the age old work around "Purchaser not present" on receipt, or other words anyone could have placed this order. the only time the card issuer will act on this kind of security lapse is when the cost of reimbursement due to online and CC fraud is higher than the cost to develop and implement security checks, until then they'll just compensate affected customers. Link to comment Share on other sites More sharing options...
FloatingFatMan Posted July 24, 2015 Share Posted July 24, 2015 Mine doesn't let me have two addresses. Only 1. I wanted my mum's as an alt and they said I would have to have a biz acct to have multiple addresses. Then respectfully, your card issuer is a frelling idiot. It's in their own best interests to enforce things like this, and letting you register several authorised addresses is a pretty basic step. Link to comment Share on other sites More sharing options...
remixedcat Posted July 24, 2015 Share Posted July 24, 2015 it's my freakin bank and they are meh but not many physical bank choices where I'm at so... only like 3-4 and they are all bad so pick yah poison Link to comment Share on other sites More sharing options...
FloatingFatMan Posted July 24, 2015 Share Posted July 24, 2015 Well, your bank is a frelling idiot, too! Link to comment Share on other sites More sharing options...
ATLien_0 Posted July 24, 2015 Share Posted July 24, 2015 Had my credit card and debit card numbers skimmed a few weeks ago by one of these scanners. The idiots that did this racked up $100 at a subway and another $100 at a McDonalds go figure. Basically Chase told me that for now I should get on of those blocking cards for my wallet that prevents this. They need to come up with better protection for these chips on the card, thought these were supposed to be more secure than the stripe Link to comment Share on other sites More sharing options...
Brian M. Veteran Posted July 24, 2015 Veteran Share Posted July 24, 2015 I think this study is a little scaremongering by which. For online shopping what do you need? The card number, the expiry date and the security code - all of which are printed on the card. Unless the card is transmitting the customers physical address via NFC, there is no further information that'd be useful for online shopping. What is the point of securing information which is printed on the damn thing? If you're close enough for a contactless read of the card, you're close enough to get the card itself. Link to comment Share on other sites More sharing options...
FloatingFatMan Posted July 24, 2015 Share Posted July 24, 2015 I think this study is a little scaremongering by which. For online shopping what do you need? The card number, the expiry date and the security code - all of which are printed on the card. Unless the card is transmitting the customers physical address via NFC, there is no further information that'd be useful for online shopping. What is the point of securing information which is printed on the damn thing? If you're close enough for a contactless read of the card, you're close enough to get the card itself. Which is why online companies should only be allowed to deliver to registered cardholder addresses, nowhere else. No point in stealing someone's card if you can't get the stuff you're trying to order. Link to comment Share on other sites More sharing options...
n_K Posted July 24, 2015 Share Posted July 24, 2015 Register your work address with the card issuer. You can't have both card security and freedom of delivery. Letting them deliver anywhere is just asking for trouble when your card gets cloned. I'll stick with freedom over an illusion of safety. Link to comment Share on other sites More sharing options...
FloatingFatMan Posted July 24, 2015 Share Posted July 24, 2015 I'll stick with freedom over an illusion of safety. I see what you did there... badly. Link to comment Share on other sites More sharing options...
Torolol Posted July 25, 2015 Share Posted July 25, 2015 Carders aren't always use the card data they obtained to buy physical objects, which in that case make holder address restriction meaningless for them. Link to comment Share on other sites More sharing options...
Recommended Posts