Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
18574 posts

Uber Geek
+1 received by user: 736

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 524757 22-Sep-2011 20:04 Send private message

dontpanic42: If I had one of these contact-less pay system cards, what are the chances of someone passing me on the street and "skimming" $80 from my card?


In all seriousness the chances of this happening are lower than the chances of you being hit by a bus because you were staring at Elvis.


371 posts

Ultimate Geek
+1 received by user: 10

Subscriber

  Reply # 524779 22-Sep-2011 21:09 Send private message

dontpanic42: If I had one of these contact-less pay system cards, what are the chances of someone passing me on the street and "skimming" $80 from my card? Are there portable EFTPOS machines available that support PayWave/Paypass systems.

BTW, that's a serious question for someone that may be in the know with these things. It's not a 'how would one go about doing this' question, just wanted to know how likely it would be for my own piece of mind.

I suppose it's a moot question as well, since in those circumstances it would be refunded by the bank anyway.

A simple solution for the skimming scenario might be to keep the card in an RF isolation sleeve until needed. Possibly a bit paranoid, but you never know these days.

EDIT: Spelling mistake. :P


I'm not sure what the chances are at the moment, I'd say fairly slim, but it's something that has already been depicted on TV a few times already, the one I noticed in particular was an episode of NCIS that was on TV3 recently (Enermies Foreign (Episode 8)) where a woman was walking down the street with a large smartphone/iPod type device setup that was scanning for RFID Credit Cards in people's pockets and then she was cloning them onto a Mag Stripe card.

Now while I'm sure the latter is next-to-impossible to be true, I do wonder what really is stopping cloning RFID to RFID cloning and then going on massive McDonald's sprees etc.

A quick Google brought up http://www.wtsp.com/news/topstories/story.aspx?storyid=158493 (I haven't watched the video, but the article suggests it's already happening.

All I can think of is: it's getting to be a scary world we live in, and it's not too hard to believe that technology might be what kills us all :(.

EDIT:

Also, it's $80 per transaction, so a thief that tried to take advantage of the scheme of things could (theorectically) walk in a mall and go into each shop and as long as he didn't spend more than $80 in one transaction, not have to enter a PIN/anything.

Of course, the downside to that, is I'm sure even the anti-Fraud depts of Banks would be wise enough to realize that people wouldn't go into every single shop in a mall and block the card, AND there would be a huge chance that w/ a thief making a large number of < $80  transactions that there would be CCTV footage.

(Note, I'm speaking totally theorectically, and I don't condone any fraud-related activities, it's wrong.  & I totally agree with openmedia (OP) that the customer needs to be able to set more restrictive settings/disable the feature, unfortunately the business of banks is to make money and customers imposing restrictions on their credit limit/RFID payment system, is not a money maker)

1386 posts

Uber Geek
+1 received by user: 66

Trusted
Subscriber

  Reply # 524796 22-Sep-2011 22:02 Send private message

If you stole/cloned one of these cards, the best/quickest way to draw money from it would be to go to the sports stadium on a public holiday and buy a few rounds of drinks. Theres a limit to how much McDs one can eat

Tbh i wouldnt be worried at all, combination of low transaction limit, few outlets accepting payment, and bank underwriting any losses

1315 posts

Uber Geek
+1 received by user: 38

Subscriber

  Reply # 524813 22-Sep-2011 22:46 Send private message

dontpanic42: Since they have now implemented this system, I would like to see immediate/real-time transaction info on all credit card transactions. i.e. through internet banking.

Any bank I have come across so far, it seems to take between 1-3days for transactions to appear on my internet banking credit card transactions list.

It can't be that hard to have that sort of info real-time, even if the transactions haven't been statemented yet.


BNZ do have this information already, it's just not coming through to internet banking.  I assume other banks do to.

I know this because I had problems paying on a website a few years ago and the could tell me every failed transaction and why it had failed.  This was only a minute or so after I tried to make the transaction and they already had all the details.

They use this type of information for fraud prevention and detection, it's just that you don't normally get to see it.

371 posts

Ultimate Geek
+1 received by user: 10

Subscriber

  Reply # 524818 22-Sep-2011 22:56 Send private message

nickb800: Tbh i wouldnt be worried at all, combination of low transaction limit, few outlets accepting payment, and bank underwriting any losses


But you should worry, banks underwriting any losses means that the bank has to make up the money from other avenues (i.e. higher fees to their customers, recovery, chargebacks) and in the end, one way or another, it will be you that pays.

Not only that, but I'd imagine that if the RFID portion of the card was comprimised, they would have to cancel & replace the entire card, which can easily take a week+ to happen (more if you are overseas which can also be costly), which would also disrupt any automatic credit card debits, online shopping activities, etc.

2250 posts

Uber Geek
+1 received by user: 160

Trusted
Subscriber

  Reply # 524820 22-Sep-2011 23:00 Send private message

Beccara: I thought CC transactions were 2 stage process where the merchant "reserves" the funds and then they process it at end of the day or something to get the funds, I know I've had transactions take weeks to show up because merchants only processed them every other week. Can't remember the right terms


Authorisation and Acquisition.  The way the process works is that the transaction is authorised on the spot (depending on the merchant and acquiring institution, details of the transaction may not be available to your bank at this stage - I suspect it's to do with whether the merchant is overseas, personally) and overnight (or a later date if the merchant opts to acquire manually) the acquiring bank will actually transfer the funds.  At least that's the impression I get from monitoring my own incoming credit card transactions.

371 posts

Ultimate Geek
+1 received by user: 10

Subscriber

  Reply # 524825 22-Sep-2011 23:05 Send private message

Kyanar:
Beccara: I thought CC transactions were 2 stage process where the merchant "reserves" the funds and then they process it at end of the day or something to get the funds, I know I've had transactions take weeks to show up because merchants only processed them every other week. Can't remember the right terms


Authorisation and Acquisition.  The way the process works is that the transaction is authorised on the spot (depending on the merchant and acquiring institution, details of the transaction may not be available to your bank at this stage - I suspect it's to do with whether the merchant is overseas, personally) and overnight (or a later date if the merchant opts to acquire manually) the acquiring bank will actually transfer the funds.  At least that's the impression I get from monitoring my own incoming credit card transactions.


I think this is mostly correct, except the second stage normally requires presentation, I worked for a company that had an EFTpos terminal and I recall that a nighty process was for a special sequence to be entered on the terminals to generate a report, and along with the merchant copy printouts, were required to be presented/'banked' at the bank.

My understanding is that it's this point where the details appear on the statement, but I think that also depends on who the merchant is, who they do their banking with, who they do their processing with, type of card, and all that jazz.

EDIT: In fact, what I have described is according to Wikipedia, the "Batching" , you described the next step, the Clearing ;)  See: http://en.wikipedia.org/wiki/Credit_Card#Transaction_steps

3402 posts

Uber Geek
+1 received by user: 800

Trusted

  Reply # 524839 22-Sep-2011 23:57 Send private message

I find it interesting how people aren't more worried about the fact you can quickly snap a picture of the digits on someones credit card the instant that you pull it out of their wallet and process online transactions with these very easily and far more anonymously. Sometimes the security code on the back of the card isn't even required.

Requires far lower tech and it wouldn't be hard to be stealthy with a hidden camera.

3494 posts

Uber Geek
+1 received by user: 86

Trusted
Subscriber

  Reply # 524871 23-Sep-2011 08:23 Send private message

eXDee: I find it interesting how people aren't more worried about the fact you can quickly snap a picture of the digits on someones credit card the instant that you pull it out of their wallet and process online transactions with these very easily and far more anonymously. Sometimes the security code on the back of the card isn't even required.

Requires far lower tech and it wouldn't be hard to be stealthy with a hidden camera.

Also, many shops insist that you hand over your card so that they can swipe it (and potentially copy the numbers). There's very little card security out there these days when you think about it.

Edit: Typo. 

4999 posts

Uber Geek
+1 received by user: 166

Subscriber

  Reply # 524872 23-Sep-2011 08:27 Send private message

sbiddle:
dontpanic42: If I had one of these contact-less pay system cards, what are the chances of someone passing me on the street and "skimming" $80 from my card?


In all seriousness the chances of this happening are lower than the chances of you being hit by a bus because you were staring at Elvis.



Depends where in Manners St you are crossing the road..




Regards,

Old3eyes

2250 posts

Uber Geek
+1 received by user: 160

Trusted
Subscriber

  Reply # 524888 23-Sep-2011 09:07 Send private message

Behodar:
eXDee: I find it interesting how people aren't more worried about the fact you can quickly snap a picture of the digits on someones credit card the instant that you pull it out of their wallet and process online transactions with these very easily and far more anonymously. Sometimes the security code on the back of the card isn't even required.

Requires far lower tech and it wouldn't be hard to be stealthy with a hidden camera.

Also, many shops insist that you hand over your card so they they can swipe it (and potentially copy the numbers). There's very little card security out there these days when you think about it.


This is the biggest problem.  If you ask me, it should be mandated by Paymark that all transactions be customer swipe.  The merchant has no reason to ever need the physical card but too often I'm told "oh, that doesn't work I need to swipe it here" or the PIN pad has no magstripe (or chip) reader.

(Also, FYI: KFC restaurants point all their security cameras DIRECTLY at the PIN pads for their EFTPOS terminals.  Look up sometime).

Joel Johnson
823 posts

Ultimate Geek
+1 received by user: 1

Subscriber

  Reply # 524893 23-Sep-2011 09:29 Send private message

Kyanar:
Behodar:
eXDee: I find it interesting how people aren't more worried about the fact you can quickly snap a picture of the digits on someones credit card the instant that you pull it out of their wallet and process online transactions with these very easily and far more anonymously. Sometimes the security code on the back of the card isn't even required.

Requires far lower tech and it wouldn't be hard to be stealthy with a hidden camera.

Also, many shops insist that you hand over your card so they they can swipe it (and potentially copy the numbers). There's very little card security out there these days when you think about it.


This is the biggest problem.  If you ask me, it should be mandated by Paymark that all transactions be customer swipe.  The merchant has no reason to ever need the physical card but too often I'm told "oh, that doesn't work I need to swipe it here" or the PIN pad has no magstripe (or chip) reader.

(Also, FYI: KFC restaurants point all their security cameras DIRECTLY at the PIN pads for their EFTPOS terminals.  Look up sometime).


And a few retailers (I know of) are looking at putting in 3MP cameras over tills, so then they'll be able to count your hairs on the back of your hand too. ;)

There's no security reg/moral code preventing this either.


are you worried about your 4cm RFID chip in you Visa/Mastercard as much now? ;)

18574 posts

Uber Geek
+1 received by user: 736

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 524898 23-Sep-2011 09:48 Send private message

Kyanar:
This is the biggest problem.  If you ask me, it should be mandated by Paymark that all transactions be customer swipe.  The merchant has no reason to ever need the physical card but too often I'm told "oh, that doesn't work I need to swipe it here" or the PIN pad has no magstripe (or chip) reader.




Around 18 months ago it was my understanding that this was going to be required as part of the EMV mandated upgrade in May, ie pinpads with chip reader and magstripe would be compulsary. It seems for some reason that this didn't happen.     


There are still lots of strange things that happen on the EFTPOS network. There is a shop near my work that doesn't require the use of chip cards in their old Provenco terminal. It's not a case of the chip reader failing and requiring a swipe, they simply don't even use the chip reader and I have no idea if it's even a 5.2 complaint terminal.

  



1482 posts

Uber Geek
+1 received by user: 35

Trusted

  Reply # 524919 23-Sep-2011 10:21 Send private message

sbiddle:
davidcole: I'd imagine visa won't be too far away doing the same thing as MasterCard.


Visa's NFC launched in NZ 3 weeks ago.


I see no point in disabling your NFC card because your credit card transaction is no more secure. With no pin required for less than ~$80 you are exposed to the same risk of fraud regardless of the technology type.



Ah but I want my account configured so that a PIN is required for all transactions.




Generally known online as OpenMedia, now working for Red Hat New Zealand as a Solution Architect for all things Linux, Virtual and of course Cloud. Still playing with MythTV and digital media on the side.

1845 posts

Uber Geek
+1 received by user: 97

Trusted

  Reply # 524921 23-Sep-2011 10:24 Send private message

openmedia:
sbiddle:
davidcole: I'd imagine visa won't be too far away doing the same thing as MasterCard.


Visa's NFC launched in NZ 3 weeks ago.


I see no point in disabling your NFC card because your credit card transaction is no more secure. With no pin required for less than ~$80 you are exposed to the same risk of fraud regardless of the technology type.



Ah but I want my account configured so that a PIN is required for all transactions.


But then I'd like some sort of additional authentication (not written on the card) for online transactions as well.  I've always found that bit of the process a bit lacking.  It's all well and good to require PIN on swiped transactions, but I don't get that sense of "security" (don't laugh you lot!! :D ) from online transactions.




Previously known as psycik

NextPVR Based HTPC:

2 x HVR3000 - DVB-S - Freeview, HVR3000 - DVB-T Freeview|HD, Nova-T 500 - Dual Freeview|HD, Digital Coax --> Yamaha RX-v540, 8600GT --> Samsung LA46A650D via HDMI
Clients:
Popcorn Hour A-100, 1xATV2, 1xATV3, Roku3
Windows 7 Ultimate Host
3x2TB, 1x3TB + 1x1.5TB using DriveBender, VMWare Workstation 10 with 1xW7, 2xW2k3 1xUbuntu 11.10 Desktop, 1xWHS2011, Plex

UnblockUS - Unblock your freedom

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
View this topic in a long page with up to 500 replies per page Create new topic








Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when new jobs are posted to our jobs board:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Telecom introduces unlimited broadband data plan
Created by freitasm, last reply by KiwiNZ on 24-Apr-2014 07:28 (94 replies)
Pages... 5 6 7


Stonedine
Created by Lizard1977, last reply by surfisup1000 on 23-Apr-2014 21:27 (58 replies)
Pages... 2 3 4


Forms of government for New Zealand
Created by charsleysa, last reply by KiwiNZ on 23-Apr-2014 20:57 (169 replies)
Pages... 10 11 12


Telecom has started metering their TiVo customers' broadband usage (WITHOUT PRENOTIFICATION)
Created by Peteriv, last reply by kre8uv on 24-Apr-2014 08:03 (70 replies)
Pages... 3 4 5


Parallel imported product
Created by Wills1, last reply by joker97 on 23-Apr-2014 21:01 (53 replies)
Pages... 2 3 4


MH370 - Call for Search & Rescue Help
Created by DS248, last reply by joker97 on 23-Apr-2014 22:37 (737 replies)
Pages... 48 49 50


Labour MP Shane Jones to step down
Created by jeffnz, last reply by jeffnz on 23-Apr-2014 20:41 (32 replies)
Pages... 2 3


Upcoming Freeview Restack AUCKLAND
Created by Brunzy, last reply by richms on 23-Apr-2014 21:05 (13 replies)


Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.