Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
19611 posts

Uber Geek
+1 received by user: 1402

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 524757 22-Sep-2011 20:04 Send private message

dontpanic42: If I had one of these contact-less pay system cards, what are the chances of someone passing me on the street and "skimming" $80 from my card?


In all seriousness the chances of this happening are lower than the chances of you being hit by a bus because you were staring at Elvis.


623 posts

Ultimate Geek
+1 received by user: 69


  Reply # 524779 22-Sep-2011 21:09 Send private message

dontpanic42: If I had one of these contact-less pay system cards, what are the chances of someone passing me on the street and "skimming" $80 from my card? Are there portable EFTPOS machines available that support PayWave/Paypass systems.

BTW, that's a serious question for someone that may be in the know with these things. It's not a 'how would one go about doing this' question, just wanted to know how likely it would be for my own piece of mind.

I suppose it's a moot question as well, since in those circumstances it would be refunded by the bank anyway.

A simple solution for the skimming scenario might be to keep the card in an RF isolation sleeve until needed. Possibly a bit paranoid, but you never know these days.

EDIT: Spelling mistake. :P


I'm not sure what the chances are at the moment, I'd say fairly slim, but it's something that has already been depicted on TV a few times already, the one I noticed in particular was an episode of NCIS that was on TV3 recently (Enermies Foreign (Episode 8)) where a woman was walking down the street with a large smartphone/iPod type device setup that was scanning for RFID Credit Cards in people's pockets and then she was cloning them onto a Mag Stripe card.

Now while I'm sure the latter is next-to-impossible to be true, I do wonder what really is stopping cloning RFID to RFID cloning and then going on massive McDonald's sprees etc.

A quick Google brought up http://www.wtsp.com/news/topstories/story.aspx?storyid=158493 (I haven't watched the video, but the article suggests it's already happening.

All I can think of is: it's getting to be a scary world we live in, and it's not too hard to believe that technology might be what kills us all :(.

EDIT:

Also, it's $80 per transaction, so a thief that tried to take advantage of the scheme of things could (theorectically) walk in a mall and go into each shop and as long as he didn't spend more than $80 in one transaction, not have to enter a PIN/anything.

Of course, the downside to that, is I'm sure even the anti-Fraud depts of Banks would be wise enough to realize that people wouldn't go into every single shop in a mall and block the card, AND there would be a huge chance that w/ a thief making a large number of < $80  transactions that there would be CCTV footage.

(Note, I'm speaking totally theorectically, and I don't condone any fraud-related activities, it's wrong.  & I totally agree with openmedia (OP) that the customer needs to be able to set more restrictive settings/disable the feature, unfortunately the business of banks is to make money and customers imposing restrictions on their credit limit/RFID payment system, is not a money maker)

1437 posts

Uber Geek
+1 received by user: 88

Trusted
Subscriber

  Reply # 524796 22-Sep-2011 22:02 Send private message

If you stole/cloned one of these cards, the best/quickest way to draw money from it would be to go to the sports stadium on a public holiday and buy a few rounds of drinks. Theres a limit to how much McDs one can eat

Tbh i wouldnt be worried at all, combination of low transaction limit, few outlets accepting payment, and bank underwriting any losses

1503 posts

Uber Geek
+1 received by user: 81

Subscriber

  Reply # 524813 22-Sep-2011 22:46 Send private message

dontpanic42: Since they have now implemented this system, I would like to see immediate/real-time transaction info on all credit card transactions. i.e. through internet banking.

Any bank I have come across so far, it seems to take between 1-3days for transactions to appear on my internet banking credit card transactions list.

It can't be that hard to have that sort of info real-time, even if the transactions haven't been statemented yet.


BNZ do have this information already, it's just not coming through to internet banking.  I assume other banks do to.

I know this because I had problems paying on a website a few years ago and the could tell me every failed transaction and why it had failed.  This was only a minute or so after I tried to make the transaction and they already had all the details.

They use this type of information for fraud prevention and detection, it's just that you don't normally get to see it.

623 posts

Ultimate Geek
+1 received by user: 69


  Reply # 524818 22-Sep-2011 22:56 Send private message

nickb800: Tbh i wouldnt be worried at all, combination of low transaction limit, few outlets accepting payment, and bank underwriting any losses


But you should worry, banks underwriting any losses means that the bank has to make up the money from other avenues (i.e. higher fees to their customers, recovery, chargebacks) and in the end, one way or another, it will be you that pays.

Not only that, but I'd imagine that if the RFID portion of the card was comprimised, they would have to cancel & replace the entire card, which can easily take a week+ to happen (more if you are overseas which can also be costly), which would also disrupt any automatic credit card debits, online shopping activities, etc.

2497 posts

Uber Geek
+1 received by user: 241

Trusted
Subscriber

  Reply # 524820 22-Sep-2011 23:00 Send private message

Beccara: I thought CC transactions were 2 stage process where the merchant "reserves" the funds and then they process it at end of the day or something to get the funds, I know I've had transactions take weeks to show up because merchants only processed them every other week. Can't remember the right terms


Authorisation and Acquisition.  The way the process works is that the transaction is authorised on the spot (depending on the merchant and acquiring institution, details of the transaction may not be available to your bank at this stage - I suspect it's to do with whether the merchant is overseas, personally) and overnight (or a later date if the merchant opts to acquire manually) the acquiring bank will actually transfer the funds.  At least that's the impression I get from monitoring my own incoming credit card transactions.

623 posts

Ultimate Geek
+1 received by user: 69


  Reply # 524825 22-Sep-2011 23:05 Send private message

Kyanar:
Beccara: I thought CC transactions were 2 stage process where the merchant "reserves" the funds and then they process it at end of the day or something to get the funds, I know I've had transactions take weeks to show up because merchants only processed them every other week. Can't remember the right terms


Authorisation and Acquisition.  The way the process works is that the transaction is authorised on the spot (depending on the merchant and acquiring institution, details of the transaction may not be available to your bank at this stage - I suspect it's to do with whether the merchant is overseas, personally) and overnight (or a later date if the merchant opts to acquire manually) the acquiring bank will actually transfer the funds.  At least that's the impression I get from monitoring my own incoming credit card transactions.


I think this is mostly correct, except the second stage normally requires presentation, I worked for a company that had an EFTpos terminal and I recall that a nighty process was for a special sequence to be entered on the terminals to generate a report, and along with the merchant copy printouts, were required to be presented/'banked' at the bank.

My understanding is that it's this point where the details appear on the statement, but I think that also depends on who the merchant is, who they do their banking with, who they do their processing with, type of card, and all that jazz.

EDIT: In fact, what I have described is according to Wikipedia, the "Batching" , you described the next step, the Clearing ;)  See: http://en.wikipedia.org/wiki/Credit_Card#Transaction_steps

3617 posts

Uber Geek
+1 received by user: 891

Trusted

  Reply # 524839 22-Sep-2011 23:57 Send private message

I find it interesting how people aren't more worried about the fact you can quickly snap a picture of the digits on someones credit card the instant that you pull it out of their wallet and process online transactions with these very easily and far more anonymously. Sometimes the security code on the back of the card isn't even required.

Requires far lower tech and it wouldn't be hard to be stealthy with a hidden camera.

3907 posts

Uber Geek
+1 received by user: 174

Trusted
Subscriber

  Reply # 524871 23-Sep-2011 08:23 Send private message

eXDee: I find it interesting how people aren't more worried about the fact you can quickly snap a picture of the digits on someones credit card the instant that you pull it out of their wallet and process online transactions with these very easily and far more anonymously. Sometimes the security code on the back of the card isn't even required.

Requires far lower tech and it wouldn't be hard to be stealthy with a hidden camera.

Also, many shops insist that you hand over your card so that they can swipe it (and potentially copy the numbers). There's very little card security out there these days when you think about it.

Edit: Typo. 

5390 posts

Uber Geek
+1 received by user: 223

Subscriber

  Reply # 524872 23-Sep-2011 08:27 Send private message

sbiddle:
dontpanic42: If I had one of these contact-less pay system cards, what are the chances of someone passing me on the street and "skimming" $80 from my card?


In all seriousness the chances of this happening are lower than the chances of you being hit by a bus because you were staring at Elvis.



Depends where in Manners St you are crossing the road..




Regards,

Old3eyes

2497 posts

Uber Geek
+1 received by user: 241

Trusted
Subscriber

  Reply # 524888 23-Sep-2011 09:07 Send private message

Behodar:
eXDee: I find it interesting how people aren't more worried about the fact you can quickly snap a picture of the digits on someones credit card the instant that you pull it out of their wallet and process online transactions with these very easily and far more anonymously. Sometimes the security code on the back of the card isn't even required.

Requires far lower tech and it wouldn't be hard to be stealthy with a hidden camera.

Also, many shops insist that you hand over your card so they they can swipe it (and potentially copy the numbers). There's very little card security out there these days when you think about it.


This is the biggest problem.  If you ask me, it should be mandated by Paymark that all transactions be customer swipe.  The merchant has no reason to ever need the physical card but too often I'm told "oh, that doesn't work I need to swipe it here" or the PIN pad has no magstripe (or chip) reader.

(Also, FYI: KFC restaurants point all their security cameras DIRECTLY at the PIN pads for their EFTPOS terminals.  Look up sometime).

875 posts

Ultimate Geek
+1 received by user: 10

Subscriber

  Reply # 524893 23-Sep-2011 09:29 Send private message

Kyanar:
Behodar:
eXDee: I find it interesting how people aren't more worried about the fact you can quickly snap a picture of the digits on someones credit card the instant that you pull it out of their wallet and process online transactions with these very easily and far more anonymously. Sometimes the security code on the back of the card isn't even required.

Requires far lower tech and it wouldn't be hard to be stealthy with a hidden camera.

Also, many shops insist that you hand over your card so they they can swipe it (and potentially copy the numbers). There's very little card security out there these days when you think about it.


This is the biggest problem.  If you ask me, it should be mandated by Paymark that all transactions be customer swipe.  The merchant has no reason to ever need the physical card but too often I'm told "oh, that doesn't work I need to swipe it here" or the PIN pad has no magstripe (or chip) reader.

(Also, FYI: KFC restaurants point all their security cameras DIRECTLY at the PIN pads for their EFTPOS terminals.  Look up sometime).


And a few retailers (I know of) are looking at putting in 3MP cameras over tills, so then they'll be able to count your hairs on the back of your hand too. ;)

There's no security reg/moral code preventing this either.


are you worried about your 4cm RFID chip in you Visa/Mastercard as much now? ;)

19611 posts

Uber Geek
+1 received by user: 1402

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 524898 23-Sep-2011 09:48 Send private message

Kyanar:
This is the biggest problem.  If you ask me, it should be mandated by Paymark that all transactions be customer swipe.  The merchant has no reason to ever need the physical card but too often I'm told "oh, that doesn't work I need to swipe it here" or the PIN pad has no magstripe (or chip) reader.




Around 18 months ago it was my understanding that this was going to be required as part of the EMV mandated upgrade in May, ie pinpads with chip reader and magstripe would be compulsary. It seems for some reason that this didn't happen.     


There are still lots of strange things that happen on the EFTPOS network. There is a shop near my work that doesn't require the use of chip cards in their old Provenco terminal. It's not a case of the chip reader failing and requiring a swipe, they simply don't even use the chip reader and I have no idea if it's even a 5.2 complaint terminal.

  



1552 posts

Uber Geek
+1 received by user: 45

Trusted

  Reply # 524919 23-Sep-2011 10:21 Send private message

sbiddle:
davidcole: I'd imagine visa won't be too far away doing the same thing as MasterCard.


Visa's NFC launched in NZ 3 weeks ago.


I see no point in disabling your NFC card because your credit card transaction is no more secure. With no pin required for less than ~$80 you are exposed to the same risk of fraud regardless of the technology type.



Ah but I want my account configured so that a PIN is required for all transactions.




Generally known online as OpenMedia, now working for Red Hat New Zealand as a Solution Architect for all things Linux, Virtual and of course Cloud. Still playing with MythTV and digital media on the side.

2055 posts

Uber Geek
+1 received by user: 118

Trusted

  Reply # 524921 23-Sep-2011 10:24 Send private message

openmedia:
sbiddle:
davidcole: I'd imagine visa won't be too far away doing the same thing as MasterCard.


Visa's NFC launched in NZ 3 weeks ago.


I see no point in disabling your NFC card because your credit card transaction is no more secure. With no pin required for less than ~$80 you are exposed to the same risk of fraud regardless of the technology type.



Ah but I want my account configured so that a PIN is required for all transactions.


But then I'd like some sort of additional authentication (not written on the card) for online transactions as well.  I've always found that bit of the process a bit lacking.  It's all well and good to require PIN on swiped transactions, but I don't get that sense of "security" (don't laugh you lot!! :D ) from online transactions.




Previously known as psycik

NextPVR Based HTPC:

Gigabyte AMD A8 Brix --> Samsung LA46A650D via HDMI, SiliconDust HDHomeRun Dual DVB-T Tuner, NextPVR, Plex Plugin 
Clients:
Popcorn Hour A-100, 1xATV2, 1xATV3, Roku3
Windows 7 Ultimate Host (Plex Server)
3x2TB, 1x3TB, 1x4TB + 1x1.5TB using DriveBender, VMWare Workstation 10 with 1xW7, 2xW2k3 1xUbuntu 11.10 Desktop, 1xWHS2011, Plex, Crashplan, NextPVR channel for Plex

UnblockUS - Unblock your freedom

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Windows 10 announced, as well as developer preview
Created by macuser, last reply by KiwiNZ on 2-Oct-2014 22:38 (119 replies)
Pages... 6 7 8


What time will the Apple Store online be selling the iPhone 6?
Created by scotiwis, last reply by sub on 3-Oct-2014 05:32 (239 replies)
Pages... 14 15 16


Moment of Truth?
Created by BarTender, last reply by JimmyC on 29-Sep-2014 09:16 (441 replies)
Pages... 28 29 30


Can i have 2 ISP's at home?
Created by ReckITT, last reply by Lazarui on 30-Sep-2014 18:15 (49 replies)
Pages... 2 3 4


Samsung Galaxy S4
Created by beenz, last reply by fizzychicken on 2-Oct-2014 19:46 (21 replies)
Pages... 2


Why is your nickname what it is, what are the origins of it?
Created by Presso, last reply by Presso on 2-Oct-2014 20:12 (97 replies)
Pages... 5 6 7


Harvey Norman's Biggest Ever Retail Sale
Created by DravidDavid, last reply by Dunnersfella on 2-Oct-2014 22:32 (33 replies)
Pages... 2 3


Easiest way to have iPhone warranty service
Created by JoshWright, last reply by nitrotech on 30-Sep-2014 21:37 (15 replies)


Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.