Credit Card Chips Fail to Halt Fraud, Survey Says

Discussion in 'other security issues & news' started by ronjor, Nov 11, 2018.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    71,417
    Location:
    Texas
    By Jeff John Roberts November 5, 2018

     
  2. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,879
    Location:
    USA
    "But while the EMV standard is supposed to ensure the card data cannot be captured, many merchants are failing to properly configure their systems"

    It would be helpful to know more. Would this be apparent to the end user in some way?
     
  3. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    589
    Location:
    Germany
    This is a page that works if the one above does not. (Like in my case)
    I am glad to hear that it is still somewhat impossible to crack the chip itself. Puuuh...
    (The CCC tried to crack one years ago. They had to slowly etch away the Die and reverse engineer the encrypting part of it.)
    Doesn't sound like it could.
     
  4. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,879
    Location:
    USA
    A hacked network wouldn't be apparent, but I was thinking of for instance Walmart; they have enabled the slot for cards with chips on their point-of-sale terminals, however they do not require a PIN or digital signature. This seems like an improper configuration to me.
     
  5. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,452
    Location:
    U.S.A.
    I believe it depends on which type of card you use.

    The Walmart I frequent always asks for a PIN when I use my chip base debit card. Many merchant floor limits are $50, etc. for credit cards where under that amount, no PIN or signature is required.
     
  6. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,879
    Location:
    USA
    That's a good point about the minimum purchase amount. It's possible that the PIN request kicks in when the amount is over $25 or $50; I tend to grab small items there and don't reach that threshold. Come to think of it when I charge at Starbucks a signature is required if the amounts is $25>, so that must be it.
     
    Last edited: Nov 11, 2018
  7. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    71,417
    Location:
    Texas
  8. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    589
    Location:
    Germany
  9. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,136
    Clearly the FIRST step is for the USA to disallow any SWIPE of a card. When the primitive swipe method is removed the merchants will be required to setup a process for proper communication with the card chip. On the Walmart thing; I use Walmart Pay (their app) because the individual Walmart stores then never see my card number. Its very fast and all receipts are held in their system if I ever need to return something.

    In summary, I don't believe the chips are flawed but these crappy sub-par merchants that hold onto practices from times past when they should update to modern technologies.
     
  10. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,452
    Location:
    U.S.A.
    Actually this is not a government issue but up to the card issuers; Visa, Mastercard, Discovery, etc. to implement. I suspect part of same is already in place in that fraud liability is decreased if a merchart is using a non-chip device.
     
  11. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,879
    Location:
    USA
    Do you know if you can use Google Pay on their terminals?
     
  12. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,136
    All transactions must clear the ACH and the law in the USA was changed to require chips well over a year ago. The powers that be have postponed enabling that requirement. They can flip "one switch" and only chip transactions will clear ACH. Should have happened by law well over a year ago.

    NO, and I hate it. I use Google Pay almost everywhere. Walmart will ONLY accept their own Walmart Pay. It works OK but I would rather use Google pay 100%. They say they will never take Google, Apple, or the old Android pay, which is Google Pay really. Still Walmart Pay is better than using a credit card at the terminal, and again I love that it stores receipts so you can always have access if returns are needed.
     
  13. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,879
    Location:
    USA
    Thanks for the info. I'll try the Walmart Pay app ;)
     
    Last edited: Nov 12, 2018
  14. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,452
    Location:
    U.S.A.
    According to the following, you should be "shopping around" for merchants that only use mag stripe. Just dispute the charge and you get the merchandise for free. :cool:
    https://www.tsys.com/news-innovatio...ant/2018/are-you-still-not-emv-compliant.aspx
     
  15. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,608
    Location:
    Europe then Asia
    Weird to see the US struggling with chip-based credit cards, in France we used them since decades without much issues.
    Put it in the terminal, wait the connection to the bank, enter the PIN, done.
     
  16. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    11,760
    Location:
    UK
    Same in the UK.
     
  17. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    10,996
    Location:
    Here
    Same here. But I guess it's easier to make some doodles on receipt than to remember another code.
     
  18. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    5,879
    Location:
    USA
  19. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,452
    Location:
    U.S.A.
    Chip reader capability non-withstanding, it is imperative that your bank's debit card offers a protection such as the following by Bank of America:
    https://promo.bankofamerica.com/adv...ecking_AdvBankingURL_mastheadCtaBtn#footnote3

    So are you indeed "off the hook" on this issue? Well, maybe.

    It so happens that I was just reading an article in my last Sunday newspaper where the individual had his entire checking account of $24,000 cleaned out by thieves. The guy used his debit card at a gas station which it appears had a car skimmer attached to one of the terminals. Known to me and stated in the article, the thieves then duplicated the harvested skimmed data onto a card blank/s. They then over a period of days, made cash withdrawals in amounts not to trigger suspicion; believe the amount was $100 or less at any given time and ATM terminal.

    His bank initially refused to replace the missing funds stating it was not possible this activity could occur without he being complicit in some way. The guy provided all kinds of supporting documentation including he was out of the country when the withdrawals were made. Made a police report, etc., etc.. All to no avail.

    This is the standard bank BS reply in these incidents; deny, deny, and deny some more. The guy finally got his money back after the newspaper reporter who is a consumer ombudsman contacted the bank president.

    The moral of this story is never ever use a debit card at a very publicly accessible terminal that is not being monitored. Case in point at Walmart, use one of the self-checkout stations. Why? Everyone of those stations have a camera on them monitoring everything you do.
     
  20. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,608
    Location:
    Europe then Asia
    And keeping 24k in a current/check account is silly. What are saving accounts made for then...
     
  21. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,136
    Many folks don't realize that you can LINK only the accounts you want to your debit card, such as my checking account. e.g. - I have many accounts at my bank BUT I only link my checking account to my debit card. I keep very little cash (two hundred tops) in my checking acct. When and if I need more cash in that account I simply transfer funds from one of my unlinked accounts while I am at the ATM and then immediately withdraw the $$. I pay everything online so I only need a debit card for those times were $$ is required. This works and any significant money is not able to be seen by my debit/ATM card. Therefore a hack of my debit/ATM card would only expose < 200 bucks.
     
  22. Umbra

    Umbra Registered Member

    Joined:
    Feb 10, 2011
    Posts:
    5,608
    Location:
    Europe then Asia
    Yes I do the same procedure, limited amount on card-linked accounts.
     
  23. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,452
    Location:
    U.S.A.
    What you need is two checking accounts with only one linked to the debit card. You then link the second checking account to the one with debit card access and perform your transfers between the two checking accounts. Of course, only the non-debit card checking account is linked to the savings account.
     
  24. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    11,561
    Location:
    The Netherlands
    I also don't get it. BTW, in Holland we only use credit cards when we travel to foreign countries, we use PIN cards and money is instantly withdrawn from your account. If you haven't got enough money, you're out of luck. No need to pay interest or anything.
     
  25. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,452
    Location:
    U.S.A.
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.