BMW X5
BMW Garage BMW Meets Register Search Today's Posts Mark Forums Read

Post Reply
 
Thread Tools Search this Thread
      07-24-2017, 12:39 PM   #1
zx10guy
Brigadier General
5139
Rep
3,235
Posts

Drives: 2013 135i
Join Date: Feb 2014
Location: DC

iTrader: (0)

Credit card fraud and personal responsibility

We all know about the issues with credit card fraud and the affect it has on us personally. Much of it has to do with security breaches with retailers as a lot of the recent news stories have attested.

So it angers me when I see outright stupidity by individuals that don't do simple things to prevent this stuff from happening. I was at an amusement park Saturday. I saw two people in the span of a few minutes having their credit card in clear view hanging from a lanyard in one of those clear badge holders. All I needed to do was take my phone out and take a picture of their credit card. It's bad enough how fraud has affected the cost of doing business along with the trickle down effect on us as consumers without idiots like the ones I saw contributing to it.
__________________
Quote:
Originally Posted by Lups View Post
We might not be in an agreement on Trump, but I'll be the first penis chaser here to say I'll rather take it up in the ass than to argue with you on this.
Appreciate 2
P111541.50
upstatedoc7555.50
      07-24-2017, 12:49 PM   #2
The Wind Breezes
Lieutenant Colonel
912
Rep
1,850
Posts

Drives: 135i N55 DCT
Join Date: Apr 2015
Location: USA

iTrader: (0)

You still would have needed the security code.
Appreciate 0
      07-24-2017, 01:03 PM   #3
ShopVac
Not willing to take advice
ShopVac's Avatar
No_Country
4020
Rep
1,519
Posts

Drives: F82 M4 - 6MT
Join Date: May 2010
Location: PA

iTrader: (1)

Garage List
...and the new chips don't have the same number that's printed on the card.

Needless, don't think I'd want to show the number publicly.
Appreciate 0
      07-24-2017, 01:05 PM   #4
UncleWede
Long Time Admirer, First Time Owner
UncleWede's Avatar
United_States
17883
Rep
9,376
Posts

Drives: G01 X3 M40i Dark Graphite
Join Date: Jun 2005
Location: Oxnard, CA

iTrader: (0)

And home address, to know where to "hang out" until your package was delivered
Appreciate 0
      07-24-2017, 01:07 PM   #5
NFiftyWon
Second Lieutenant
97
Rep
240
Posts

Drives: E90 LCI 328 X-Drive
Join Date: Jun 2017
Location: Colorado Springs

iTrader: (0)

Majority of fraud and identity theft actually occurs in the form of social engineering and metasploits.
Appreciate 1
CANGRKE70813.50
      07-24-2017, 02:11 PM   #6
zx10guy
Brigadier General
5139
Rep
3,235
Posts

Drives: 2013 135i
Join Date: Feb 2014
Location: DC

iTrader: (0)

There are still merchants which will do a transaction without asking for the security code on the back. Also AMEX still has the security code printed on the front of their cards right with the credit card number, expiration date, and your full name.
__________________
Quote:
Originally Posted by Lups View Post
We might not be in an agreement on Trump, but I'll be the first penis chaser here to say I'll rather take it up in the ass than to argue with you on this.
Appreciate 0
      07-24-2017, 04:22 PM   #7
David70
Colonel
United_States
1567
Rep
2,665
Posts

Drives: 06 Z4M Coupe - 13 Cadillac ATS
Join Date: Apr 2012
Location: Cincinnati, OH

iTrader: (1)

Quote:
Originally Posted by zx10guy View Post
We all know about the issues with credit card fraud and the affect it has on us personally. Much of it has to do with security breaches with retailers as a lot of the recent news stories have attested.

So it angers me when I see outright stupidity by individuals that don't do simple things to prevent this stuff from happening. I was at an amusement park Saturday. I saw two people in the span of a few minutes having their credit card in clear view hanging from a lanyard in one of those clear badge holders. All I needed to do was take my phone out and take a picture of their credit card. It's bad enough how fraud has affected the cost of doing business along with the trickle down effect on us as consumers without idiots like the ones I saw contributing to it.
I eat out 3-4 times a week, sometimes many more when I am traveling for work. I give my card to the waiter, he takes it to the back and who knows what happens to it. I try to be careful with it but see the restaurant the biggest chance for credit card fraud. We should do what both Europe and Canada do and they bring the machine to the table.
__________________
2006 Z4M Coupe - Stromung exhaust, ZHP knob, stubby antenna, clutch delay delete
Appreciate 0
      07-24-2017, 04:54 PM   #8
zx10guy
Brigadier General
5139
Rep
3,235
Posts

Drives: 2013 135i
Join Date: Feb 2014
Location: DC

iTrader: (0)

Quote:
Originally Posted by David70 View Post
I eat out 3-4 times a week, sometimes many more when I am traveling for work. I give my card to the waiter, he takes it to the back and who knows what happens to it. I try to be careful with it but see the restaurant the biggest chance for credit card fraud. We should do what both Europe and Canada do and they bring the machine to the table.
Agreed. Many restaurants are doing that here. Not fast enough in my opinion. The point of my thread is why do something careless to add to the problem?
__________________
Quote:
Originally Posted by Lups View Post
We might not be in an agreement on Trump, but I'll be the first penis chaser here to say I'll rather take it up in the ass than to argue with you on this.
Appreciate 0
      07-24-2017, 05:08 PM   #9
UncleWede
Long Time Admirer, First Time Owner
UncleWede's Avatar
United_States
17883
Rep
9,376
Posts

Drives: G01 X3 M40i Dark Graphite
Join Date: Jun 2005
Location: Oxnard, CA

iTrader: (0)

The ones I've run into in the US, you have to walk over to the cashier to enter your PIN and then they bring over the traditional paper/tip for you to sign.

Each time they come over I prepare to be undignified, claiming the card is perfectly fine, only to walk over and enter my PIN.
Appreciate 0
      07-24-2017, 05:35 PM   #10
JsL
Major
United_States
448
Rep
1,263
Posts

Drives: 2011 AW M3 ZCP
Join Date: Dec 2013
Location: SF Bay Area

iTrader: (2)

Quote:
Originally Posted by David70 View Post
I eat out 3-4 times a week, sometimes many more when I am traveling for work. I give my card to the waiter, he takes it to the back and who knows what happens to it. I try to be careful with it but see the restaurant the biggest chance for credit card fraud. We should do what both Europe and Canada do and they bring the machine to the table.
They bring you their card skimmer and you swipe it yourself
Appreciate 0
      07-24-2017, 06:14 PM   #11
xQx
General
Australia
903
Rep
1,003
Posts

Drives: 2008 BMW 135i (E88 N54 6AT)
Join Date: Aug 2016
Location: Sunshine Coast QLD Australia

iTrader: (0)

I run online retail. Our payment processor needs CVV, but we still get fraudulent orders.

You get to know certain types of orders (multiple easily resellable items) and certain addresses (mail-forwarding companies) not to ship from.

Just FYI, you only need the numbers. There are still many, many merchants that don't check the CVV. It's useful if you can also get the expiry, but given a good set of card numbers you can eventually guess the expiry date by putting through transactions with online retailers until one works.


The name on the card and the card-holder's address are invisible to most merchants. A fake name and an unoccupied house are all you need to get your mail-order goods.

A great trick is to send a friend into a retail store, buy something between $500 and $1,000 then they get to the checkout and say "oh crap, I've forgotten my wallet, I'll call my roommate - is it okay if you take the payment over the phone?" - Then the merchant will do a MOTO (Mail Order / Telephone Order) which doesn't need signature or pin, and usually doesn't need CVV.

Before you say "damn, don't be telling people how to do this" - what I've just said is really basic, and anyone with the slightest passing interest in credit card fraud will tell you what I just did.

There's a new technique which is beginning to be used that allows people to buy stuff with stolen cards online that is _impossible_ for merchants to pick up on or protect themselves from. Thankfully it's not very common (yet) - so I'm not going to describe it.

The big problem is that credit card fraud is basically insured by the bank, so there's little incentive for people to be careful. Also, since it's just the merchant (ie. the shopkeeper)'s loss and it happens across juristictions, there is seriously F*** all interest from the police in catching the bastards. It's just seen as a cost of doing business.

There is a pretty foolproof method for protecting yourself as a merchant, but it's labour intensive and time-consuming:
1) Take payment
2) Refund a random amount between $0.00 and $0.99
3) Ask the customer to login to online banking and tell you how much you refunded
(If you've stolen a card you will be unable to perform this step)
4) If they confirm the right amount, ship the goods. If they don't refund the whole transaction otherwise you'll get a $15 fee when the credit card company reverses it.
Appreciate 2
zx10guy5139.00
David0ff1055.00
      07-24-2017, 06:38 PM   #12
kprocivic
Lieutenant Colonel
kprocivic's Avatar
808
Rep
1,575
Posts

Drives: ecoboost s to the t
Join Date: Apr 2014
Location: 92346

iTrader: (7)

Quote:
Originally Posted by xQx View Post

There is a pretty foolproof method for protecting yourself as a merchant, but it's labour intensive and time-consuming:
1) Take payment
2) Refund a random amount between $0.00 and $0.99
3) Ask the customer to login to online banking and tell you how much you refunded
(If you've stolen a card you will be unable to perform this step)
4) If they confirm the right amount, ship the goods. If they don't refund the whole transaction otherwise you'll get a $15 fee when the credit card company reverses it.
that is a good idea but that would take forever.
__________________
2.0l ecosmackkaa
Appreciate 0
      07-24-2017, 09:31 PM   #13
xQx
General
Australia
903
Rep
1,003
Posts

Drives: 2008 BMW 135i (E88 N54 6AT)
Join Date: Aug 2016
Location: Sunshine Coast QLD Australia

iTrader: (0)

Quote:
Originally Posted by kprocivic View Post
that is a good idea but that would take forever.
It does - which is why it's not standard process for many, many businesses.

I'll only do it when a sale is worth >$500, and the buyer sounds legit, but the sale its self looks fraudulent (international shipping to a third-world country, a large order of an easily resellable item that the buyer could get cheaper elsewhere etc.) ... For times when there's a very big part of you wanting to tell someone to go jump, but you haven't got enough evidence to be sure that you're not just pissing off a good opportunity.

If it's domestic, I'll often refund the credit card and insist on bank transfer if I suspect fraud, but often the only reliable & cheap payment method for international customers is credit card.
Appreciate 0
      07-25-2017, 07:14 AM   #14
David70
Colonel
United_States
1567
Rep
2,665
Posts

Drives: 06 Z4M Coupe - 13 Cadillac ATS
Join Date: Apr 2012
Location: Cincinnati, OH

iTrader: (1)

Quote:
Originally Posted by zx10guy View Post
Agreed. Many restaurants are doing that here. Not fast enough in my opinion. The point of my thread is why do something careless to add to the problem?
I agree they shouldn't do it but the idea the crook is going to follow this person with a camera out waiting for the perfect time to take a picture of their card, while it is attached to their waist, seems pretty far fetched to me, then they still may not have the security code (my Amex has it on the front of the card, I guess they don't want the extra security of putting it on the back).

If credit card companies really cared to inconvenience people a little to raise security there are all kinds on things that could be done. Needed zip code, PIN use, restaurants machine brought to table, etc. but they don't feel the amount of money they lose justifies it.

My company card has a PIN associated with it, only place I have ever needed it is Subway.
__________________
2006 Z4M Coupe - Stromung exhaust, ZHP knob, stubby antenna, clutch delay delete
Appreciate 0
      07-25-2017, 07:36 AM   #15
zx10guy
Brigadier General
5139
Rep
3,235
Posts

Drives: 2013 135i
Join Date: Feb 2014
Location: DC

iTrader: (0)

Quote:
Originally Posted by David70 View Post
I agree they shouldn't do it but the idea the crook is going to follow this person with a camera out waiting for the perfect time to take a picture of their card, while it is attached to their waist, seems pretty far fetched to me, then they still may not have the security code (my Amex has it on the front of the card, I guess they don't want the extra security of putting it on the back).

If credit card companies really cared to inconvenience people a little to raise security there are all kinds on things that could be done. Needed zip code, PIN use, restaurants machine brought to table, etc. but they don't feel the amount of money they lose justifies it.

My company card has a PIN associated with it, only place I have ever needed it is Subway.
I didn't have to follow them around to get a good angle to take a picture of it hanging off of their waist. It was hanging flat against their chest (lanyard). If I was up to no good, I could have easily taken a clear picture of both of these idiot's credit card without them knowing within seconds of seeing it. And because we were at an amusement park, me holding my phone up in front of them wouldn't even raise any suspicions..

Also read xQx's post about how security is still lax with credit card transactions and why the security code isn't even needed for many transactions. I know personally that I had paid for stuff over the phone where the business didn't even ask for the security code. These transactions happened only a few weeks to a couple of months ago.

It's just plain stupid with all the publicity about keeping vital information tied to you protected. What gets me is these idiots probably will never see a consequence to their actions if there were fraudulent activity due to their poor personal security practices. We all end up absorbing the costs of their actions.
__________________
Quote:
Originally Posted by Lups View Post
We might not be in an agreement on Trump, but I'll be the first penis chaser here to say I'll rather take it up in the ass than to argue with you on this.
Appreciate 0
      07-25-2017, 09:51 AM   #16
BayMoWe335
Colonel
1173
Rep
2,132
Posts

Drives: 2010 E92 335i 6MT
Join Date: Aug 2009
Location: US

iTrader: (0)

I don't think the credit card number being out is really all that big of a deal. You need expiration and CVV code to make a legit purchase. I don't understand why sometimes online retailers allow purchases to go through without a CVV.

These days, credit card numbers are stolen in unavoidable ways. They are either guessed through brute force tactics or skimmed/swiped when you make legitimate transactions. I have a charge for some online crap I didn't buy. Called my bank and they took it off immediately and FedEx a new card the next day. It's a hassle, but you're never responsible for fraudulent charges. My card never left my wallet and it still happened. The guy at the bank told me they got the expiration wrong and didn't have the CVV, but the retailer still let it go through. It was a "pending" status from the bank and they told me it would have eventually been declined.

No idea how they got any of my information because I never lost the card. I truly believe it's a computer testing millions of CC combinations with some basic logic. Sometimes, they get a hit.
Appreciate 0
      07-25-2017, 01:06 PM   #17
David70
Colonel
United_States
1567
Rep
2,665
Posts

Drives: 06 Z4M Coupe - 13 Cadillac ATS
Join Date: Apr 2012
Location: Cincinnati, OH

iTrader: (1)

As long as the credit card user is minimally responsible for any fraud most users will take minimal safeguards to prevent the fraud.

I use my credit card whenever possible for both the points and the protections it provides, think I take reasonable precautions, and laugh when I hear people talk about how afraid they are of people stealing their credit card number. It could happen but it's far from the end of the world. I think the limits of my liability are $50? And this is if I do virtually nothing after it is stolen?

I don't use a debit card for purchases as I see the whole process and risk far worse. I will probably eventually get it sorted out but someone is taking the money directly out of my account.
__________________
2006 Z4M Coupe - Stromung exhaust, ZHP knob, stubby antenna, clutch delay delete
Appreciate 0
      07-25-2017, 02:49 PM   #18
elistan
First Lieutenant
United_States
38
Rep
387
Posts

Drives: F30 328i, AP1 S2000
Join Date: Sep 2012
Location: Longmont, CO

iTrader: (0)

Quote:
Originally Posted by xQx View Post
There is a pretty foolproof method for protecting yourself as a merchant
I would have thought that the best way to protect yourself as a merchant is to exactly follow the agreement with their processor. If the merchant does everything properly yet a transaction still gets reported as fraud, the agreement says they're not liable, right?

(Of course, I suppose a processor could give the finger to a merchant and not abide by the agreement, and the merchant if small enough wouldn't really have an recourse via lawsuit, but that's still fraud and I'd imagine word would get out about that processor doing that... Then again, lots of people still use PayPal despite the numerous stories of PayPal screwing people over.)
Appreciate 0
      07-25-2017, 03:02 PM   #19
scostu
Colonel
scostu's Avatar
United_States
1620
Rep
2,036
Posts

Drives: 2016 F25
Join Date: Jun 2015
Location: Space Coast Florida...aka NASA area

iTrader: (0)

Quote:
Originally Posted by zx10guy View Post
Agreed. Many restaurants are doing that here. Not fast enough in my opinion. The point of my thread is why do something careless to add to the problem?
They probably haven't been a victim of identity theft/ c.c. fraud......yet!
__________________
Appreciate 0
      07-25-2017, 07:05 PM   #20
ASAP
Major General
ASAP's Avatar
10057
Rep
8,567
Posts

Drives: '23 X3 M40i
Join Date: Sep 2012
Location: FL

iTrader: (0)

Arent the new Chip cards supposed to be safer... oddly enough, I am rarely now asked for a PIN or to sign anything... not sure of the safer part.
Appreciate 0
      07-25-2017, 07:58 PM   #21
Reborn_
Lieutenant
292
Rep
408
Posts

Drives: 2007 BMW Z4MC
Join Date: Dec 2014
Location: SoCal

iTrader: (7)

To my understanding, the chips are simply harder to "skim" compared to the traditional swipe with regards to skimmers and scanners.
Appreciate 0
      07-25-2017, 09:38 PM   #22
xQx
General
Australia
903
Rep
1,003
Posts

Drives: 2008 BMW 135i (E88 N54 6AT)
Join Date: Aug 2016
Location: Sunshine Coast QLD Australia

iTrader: (0)

Quote:
Originally Posted by elistan View Post
I would have thought that the best way to protect yourself as a merchant is to exactly follow the agreement with their processor. If the merchant does everything properly yet a transaction still gets reported as fraud, the agreement says they're not liable, right?
Obviously I can't speak for all agreements. But not here, nope. If you do everything by the book and someone walks out after paying with a stolen card, you loose your money, your goods, and a $15 'dishonor fee'. If you don't like it, feel free to not accept credit card.

The first thing you're asked for is a copy of the signature, which obviously, you can't produce for a Mail Order / Telephone Order / Internet Order. If you did get a valid signature, you might stand a chance of the card issuer taking on their customer and saying 'hey, it was you'; but they generally don't, and when they unilaterally determine it was an unauthorized transaction, your funds get pulled.

Consumer Protection regulation tends not to cover businesses - this is an excellent example of what happens in business when one side has far more bargaining power than the other. Basically, if you don't like the terms, you're free to not sign the agreement.

That said - I can't speak for the agreement Wallmart might have with their banking provider.

There _was_ a scheme called verified by visa, where you hand the transaction right back to the card issuer who verifies the customer using something other than the name/numbers/expiry/cvv (typically their bank login or customer number) - and when you processed one of those transactions you were 100% covered for fraud. However, it was cumbersome, put customers off, and wasn't supported by many banks. So here we are.

Quote:
Originally Posted by NFiftyWon View Post
Majority of fraud and identity theft actually occurs in the form of social engineering and metasploits.
Hacking, Brute Force & guessing, predicting card numbers a certain bank issues (finding patterns in their cards), malware, fake sites. It's big business. If you want to get in on the game, you don't need to do any of this though - just load up tor and find the latest replacement for silk road and pay someone who's done the hard work about $8 in bitcoin for a verified, working fraudulent card number. (Warning: It's hard to know if you're buying it from a real criminal or a Secret Service agent - if it's any consolation you'll find out soon enough after your transaction)


Quote:
Originally Posted by ASAP View Post
Arent the new Chip cards supposed to be safer... oddly enough, I am rarely now asked for a PIN or to sign anything... not sure of the safer part.
Chips were adopted without much resistance, NFC really scares people. The US banking system lags the rest of the world by a significant margin. Credit Card payments (because of NFC) just took over Cash in Australia as the most common form of payment. Much of that is because while people are scared of pinless NFC (tap & go, PayWave, PayPass etc) they've adopted it in droves because it's so convenient.

But it is almost universally safer by a significant margin. There's one use-case where it's not (I'll mention that last). Signatures were so easy to forge or write-over on a card it is an effectively useless authentication technology. PIN is much better.

Obviously no pin is less secure than pin, but no pin paywave means consumers use the cards a lot more, which means more transactions and more money for card issuers. So while no pin is less secure than pin, it's got a greater reward (for card issuers) to offset the greater risk.

But pinless PayWave or Chip is more secure than Mag-strip and pin for one reason: It's dead easy to copy a mag-strip, but it's impossible* to copy chip or NFC.

A stunningly small amount of credit card fraud is conducted in person with the original card. It's either MOTO transactions with card numbers gained as per above, or a freshly minted forged card with a copy of a legitimate mag-strip in the hands of someone who knows the pin because they own an ATM or EFTPOS skimmer. To summarize: ATM skimming is very common, but it only works with mag-strips.

The one use-case where paywave/no pin fails: At the pub.

You will find many pubs & clubs won't let you paywave, because it's the one place where someone is likely to leave their card lying around and someone else is likely to have the courage to stand under a security camera and use that stolen card to make lots of small transactions using paywave.

(Source: I worked for the telco arm of an Australian Bank where we developed a mobile payments app in the years before paywave/NFC took off)

*MIT have a historical tendency to prove how you can copy these things which are 'impossible' to copy. But Banks tend to take these findings on board and improve their technology a lot quicker than say 'Oyster/MyKi/MiFare' do.
Appreciate 0
Post Reply

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -5. The time now is 10:09 AM.




xbimmers
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
1Addicts.com, BIMMERPOST.com, E90Post.com, F30Post.com, M3Post.com, ZPost.com, 5Post.com, 6Post.com, 7Post.com, XBimmers.com logo and trademark are properties of BIMMERPOST