Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
19516 posts

Uber Geek
+1 received by user: 1342

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 524757 22-Sep-2011 20:04 Send private message

dontpanic42: If I had one of these contact-less pay system cards, what are the chances of someone passing me on the street and "skimming" $80 from my card?


In all seriousness the chances of this happening are lower than the chances of you being hit by a bus because you were staring at Elvis.


620 posts

Ultimate Geek
+1 received by user: 68


  Reply # 524779 22-Sep-2011 21:09 Send private message

dontpanic42: If I had one of these contact-less pay system cards, what are the chances of someone passing me on the street and "skimming" $80 from my card? Are there portable EFTPOS machines available that support PayWave/Paypass systems.

BTW, that's a serious question for someone that may be in the know with these things. It's not a 'how would one go about doing this' question, just wanted to know how likely it would be for my own piece of mind.

I suppose it's a moot question as well, since in those circumstances it would be refunded by the bank anyway.

A simple solution for the skimming scenario might be to keep the card in an RF isolation sleeve until needed. Possibly a bit paranoid, but you never know these days.

EDIT: Spelling mistake. :P


I'm not sure what the chances are at the moment, I'd say fairly slim, but it's something that has already been depicted on TV a few times already, the one I noticed in particular was an episode of NCIS that was on TV3 recently (Enermies Foreign (Episode 8)) where a woman was walking down the street with a large smartphone/iPod type device setup that was scanning for RFID Credit Cards in people's pockets and then she was cloning them onto a Mag Stripe card.

Now while I'm sure the latter is next-to-impossible to be true, I do wonder what really is stopping cloning RFID to RFID cloning and then going on massive McDonald's sprees etc.

A quick Google brought up http://www.wtsp.com/news/topstories/story.aspx?storyid=158493 (I haven't watched the video, but the article suggests it's already happening.

All I can think of is: it's getting to be a scary world we live in, and it's not too hard to believe that technology might be what kills us all :(.

EDIT:

Also, it's $80 per transaction, so a thief that tried to take advantage of the scheme of things could (theorectically) walk in a mall and go into each shop and as long as he didn't spend more than $80 in one transaction, not have to enter a PIN/anything.

Of course, the downside to that, is I'm sure even the anti-Fraud depts of Banks would be wise enough to realize that people wouldn't go into every single shop in a mall and block the card, AND there would be a huge chance that w/ a thief making a large number of < $80  transactions that there would be CCTV footage.

(Note, I'm speaking totally theorectically, and I don't condone any fraud-related activities, it's wrong.  & I totally agree with openmedia (OP) that the customer needs to be able to set more restrictive settings/disable the feature, unfortunately the business of banks is to make money and customers imposing restrictions on their credit limit/RFID payment system, is not a money maker)

1432 posts

Uber Geek
+1 received by user: 83

Trusted
Subscriber

  Reply # 524796 22-Sep-2011 22:02 Send private message

If you stole/cloned one of these cards, the best/quickest way to draw money from it would be to go to the sports stadium on a public holiday and buy a few rounds of drinks. Theres a limit to how much McDs one can eat

Tbh i wouldnt be worried at all, combination of low transaction limit, few outlets accepting payment, and bank underwriting any losses

1471 posts

Uber Geek
+1 received by user: 69

Subscriber

  Reply # 524813 22-Sep-2011 22:46 Send private message

dontpanic42: Since they have now implemented this system, I would like to see immediate/real-time transaction info on all credit card transactions. i.e. through internet banking.

Any bank I have come across so far, it seems to take between 1-3days for transactions to appear on my internet banking credit card transactions list.

It can't be that hard to have that sort of info real-time, even if the transactions haven't been statemented yet.


BNZ do have this information already, it's just not coming through to internet banking.  I assume other banks do to.

I know this because I had problems paying on a website a few years ago and the could tell me every failed transaction and why it had failed.  This was only a minute or so after I tried to make the transaction and they already had all the details.

They use this type of information for fraud prevention and detection, it's just that you don't normally get to see it.

620 posts

Ultimate Geek
+1 received by user: 68


  Reply # 524818 22-Sep-2011 22:56 Send private message

nickb800: Tbh i wouldnt be worried at all, combination of low transaction limit, few outlets accepting payment, and bank underwriting any losses


But you should worry, banks underwriting any losses means that the bank has to make up the money from other avenues (i.e. higher fees to their customers, recovery, chargebacks) and in the end, one way or another, it will be you that pays.

Not only that, but I'd imagine that if the RFID portion of the card was comprimised, they would have to cancel & replace the entire card, which can easily take a week+ to happen (more if you are overseas which can also be costly), which would also disrupt any automatic credit card debits, online shopping activities, etc.

2477 posts

Uber Geek
+1 received by user: 226

Trusted
Subscriber

  Reply # 524820 22-Sep-2011 23:00 Send private message

Beccara: I thought CC transactions were 2 stage process where the merchant "reserves" the funds and then they process it at end of the day or something to get the funds, I know I've had transactions take weeks to show up because merchants only processed them every other week. Can't remember the right terms


Authorisation and Acquisition.  The way the process works is that the transaction is authorised on the spot (depending on the merchant and acquiring institution, details of the transaction may not be available to your bank at this stage - I suspect it's to do with whether the merchant is overseas, personally) and overnight (or a later date if the merchant opts to acquire manually) the acquiring bank will actually transfer the funds.  At least that's the impression I get from monitoring my own incoming credit card transactions.

620 posts

Ultimate Geek
+1 received by user: 68


  Reply # 524825 22-Sep-2011 23:05 Send private message

Kyanar:
Beccara: I thought CC transactions were 2 stage process where the merchant "reserves" the funds and then they process it at end of the day or something to get the funds, I know I've had transactions take weeks to show up because merchants only processed them every other week. Can't remember the right terms


Authorisation and Acquisition.  The way the process works is that the transaction is authorised on the spot (depending on the merchant and acquiring institution, details of the transaction may not be available to your bank at this stage - I suspect it's to do with whether the merchant is overseas, personally) and overnight (or a later date if the merchant opts to acquire manually) the acquiring bank will actually transfer the funds.  At least that's the impression I get from monitoring my own incoming credit card transactions.


I think this is mostly correct, except the second stage normally requires presentation, I worked for a company that had an EFTpos terminal and I recall that a nighty process was for a special sequence to be entered on the terminals to generate a report, and along with the merchant copy printouts, were required to be presented/'banked' at the bank.

My understanding is that it's this point where the details appear on the statement, but I think that also depends on who the merchant is, who they do their banking with, who they do their processing with, type of card, and all that jazz.

EDIT: In fact, what I have described is according to Wikipedia, the "Batching" , you described the next step, the Clearing ;)  See: http://en.wikipedia.org/wiki/Credit_Card#Transaction_steps

3608 posts

Uber Geek
+1 received by user: 890

Trusted

  Reply # 524839 22-Sep-2011 23:57 Send private message

I find it interesting how people aren't more worried about the fact you can quickly snap a picture of the digits on someones credit card the instant that you pull it out of their wallet and process online transactions with these very easily and far more anonymously. Sometimes the security code on the back of the card isn't even required.

Requires far lower tech and it wouldn't be hard to be stealthy with a hidden camera.

3825 posts

Uber Geek
+1 received by user: 160

Trusted
Subscriber

  Reply # 524871 23-Sep-2011 08:23 Send private message

eXDee: I find it interesting how people aren't more worried about the fact you can quickly snap a picture of the digits on someones credit card the instant that you pull it out of their wallet and process online transactions with these very easily and far more anonymously. Sometimes the security code on the back of the card isn't even required.

Requires far lower tech and it wouldn't be hard to be stealthy with a hidden camera.

Also, many shops insist that you hand over your card so that they can swipe it (and potentially copy the numbers). There's very little card security out there these days when you think about it.

Edit: Typo. 

5374 posts

Uber Geek
+1 received by user: 219

Subscriber

  Reply # 524872 23-Sep-2011 08:27 Send private message

sbiddle:
dontpanic42: If I had one of these contact-less pay system cards, what are the chances of someone passing me on the street and "skimming" $80 from my card?


In all seriousness the chances of this happening are lower than the chances of you being hit by a bus because you were staring at Elvis.



Depends where in Manners St you are crossing the road..




Regards,

Old3eyes

2477 posts

Uber Geek
+1 received by user: 226

Trusted
Subscriber

  Reply # 524888 23-Sep-2011 09:07 Send private message

Behodar:
eXDee: I find it interesting how people aren't more worried about the fact you can quickly snap a picture of the digits on someones credit card the instant that you pull it out of their wallet and process online transactions with these very easily and far more anonymously. Sometimes the security code on the back of the card isn't even required.

Requires far lower tech and it wouldn't be hard to be stealthy with a hidden camera.

Also, many shops insist that you hand over your card so they they can swipe it (and potentially copy the numbers). There's very little card security out there these days when you think about it.


This is the biggest problem.  If you ask me, it should be mandated by Paymark that all transactions be customer swipe.  The merchant has no reason to ever need the physical card but too often I'm told "oh, that doesn't work I need to swipe it here" or the PIN pad has no magstripe (or chip) reader.

(Also, FYI: KFC restaurants point all their security cameras DIRECTLY at the PIN pads for their EFTPOS terminals.  Look up sometime).

Joel Johnson
872 posts

Ultimate Geek
+1 received by user: 10

Subscriber

  Reply # 524893 23-Sep-2011 09:29 Send private message

Kyanar:
Behodar:
eXDee: I find it interesting how people aren't more worried about the fact you can quickly snap a picture of the digits on someones credit card the instant that you pull it out of their wallet and process online transactions with these very easily and far more anonymously. Sometimes the security code on the back of the card isn't even required.

Requires far lower tech and it wouldn't be hard to be stealthy with a hidden camera.

Also, many shops insist that you hand over your card so they they can swipe it (and potentially copy the numbers). There's very little card security out there these days when you think about it.


This is the biggest problem.  If you ask me, it should be mandated by Paymark that all transactions be customer swipe.  The merchant has no reason to ever need the physical card but too often I'm told "oh, that doesn't work I need to swipe it here" or the PIN pad has no magstripe (or chip) reader.

(Also, FYI: KFC restaurants point all their security cameras DIRECTLY at the PIN pads for their EFTPOS terminals.  Look up sometime).


And a few retailers (I know of) are looking at putting in 3MP cameras over tills, so then they'll be able to count your hairs on the back of your hand too. ;)

There's no security reg/moral code preventing this either.


are you worried about your 4cm RFID chip in you Visa/Mastercard as much now? ;)

19516 posts

Uber Geek
+1 received by user: 1342

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 524898 23-Sep-2011 09:48 Send private message

Kyanar:
This is the biggest problem.  If you ask me, it should be mandated by Paymark that all transactions be customer swipe.  The merchant has no reason to ever need the physical card but too often I'm told "oh, that doesn't work I need to swipe it here" or the PIN pad has no magstripe (or chip) reader.




Around 18 months ago it was my understanding that this was going to be required as part of the EMV mandated upgrade in May, ie pinpads with chip reader and magstripe would be compulsary. It seems for some reason that this didn't happen.     


There are still lots of strange things that happen on the EFTPOS network. There is a shop near my work that doesn't require the use of chip cards in their old Provenco terminal. It's not a case of the chip reader failing and requiring a swipe, they simply don't even use the chip reader and I have no idea if it's even a 5.2 complaint terminal.

  



1545 posts

Uber Geek
+1 received by user: 45

Trusted

  Reply # 524919 23-Sep-2011 10:21 Send private message

sbiddle:
davidcole: I'd imagine visa won't be too far away doing the same thing as MasterCard.


Visa's NFC launched in NZ 3 weeks ago.


I see no point in disabling your NFC card because your credit card transaction is no more secure. With no pin required for less than ~$80 you are exposed to the same risk of fraud regardless of the technology type.



Ah but I want my account configured so that a PIN is required for all transactions.




Generally known online as OpenMedia, now working for Red Hat New Zealand as a Solution Architect for all things Linux, Virtual and of course Cloud. Still playing with MythTV and digital media on the side.

2045 posts

Uber Geek
+1 received by user: 118

Trusted

  Reply # 524921 23-Sep-2011 10:24 Send private message

openmedia:
sbiddle:
davidcole: I'd imagine visa won't be too far away doing the same thing as MasterCard.


Visa's NFC launched in NZ 3 weeks ago.


I see no point in disabling your NFC card because your credit card transaction is no more secure. With no pin required for less than ~$80 you are exposed to the same risk of fraud regardless of the technology type.



Ah but I want my account configured so that a PIN is required for all transactions.


But then I'd like some sort of additional authentication (not written on the card) for online transactions as well.  I've always found that bit of the process a bit lacking.  It's all well and good to require PIN on swiped transactions, but I don't get that sense of "security" (don't laugh you lot!! :D ) from online transactions.




Previously known as psycik

NextPVR Based HTPC:

Gigabyte AMD A8 Brix --> Samsung LA46A650D via HDMI, SiliconDust HDHomeRun Dual DVB-T Tuner, NextPVR, Plex Plugin 
Clients:
Popcorn Hour A-100, 1xATV2, 1xATV3, Roku3
Windows 7 Ultimate Host (Plex Server)
3x2TB, 1x3TB, 1x4TB + 1x1.5TB using DriveBender, VMWare Workstation 10 with 1xW7, 2xW2k3 1xUbuntu 11.10 Desktop, 1xWHS2011, Plex, Crashplan, NextPVR channel for Plex

UnblockUS - Unblock your freedom

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »

Trending now »
Hot discussions in our forums right now:

Moment of Truth?
Created by BarTender, last reply by networkn on 18-Sep-2014 15:32 (344 replies)
Pages... 21 22 23


10 Iphone 128gb 6+ iphones this weekend at auckland airport
Created by frysie, last reply by TimA on 17-Sep-2014 22:02 (36 replies)
Pages... 2 3


Mr. Key to extradite Kim Dotcom?
Created by TimA, last reply by SaltyNZ on 18-Sep-2014 09:20 (126 replies)
Pages... 7 8 9


Spark DNS Issues - Amazing - Broadband Service Alert
Created by PeteS, last reply by Demeter on 15-Sep-2014 14:13 (307 replies)
Pages... 19 20 21


hp bios update
Created by foxy38, last reply by foxy38 on 14-Sep-2014 19:08 (26 replies)
Pages... 2


Gigatown finalists and retail provider
Created by freitasm, last reply by macuser on 17-Sep-2014 23:02 (17 replies)
Pages... 2


2014 Holden SS (V8) or Ford XR6-T (in-line 6 turbo)
Created by joker97, last reply by ilovemusic on 16-Sep-2014 14:34 (71 replies)
Pages... 3 4 5


IOS8 - Network Load
Created by FireEngine, last reply by sDew on 18-Sep-2014 15:44 (15 replies)


Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.