I'm from Denmark and there's been a ramp up in skimming activity since 2007-08.
I think according to police statistics, its something like 95% Romanians, jesus fucking christ man.
Christian Reyes
The problem is amplified by a few things" 1) A number of merchants who refuse to upgrade to chip for a variety of reasons 2) Gas pump owners got a pass until October 2017 for reading chips on liability 3) US ATM owners got an unlimited (not yet defined) timeline to transition to chip from magswipe.
Chase Hernandez
>live in Canada >have had chips since early 2000s >get confused when I go to the states and they ask me to swipe and sign
What the fuck are you niggers doing. You guys INVENTED credit cards.
Christian Hernandez
Don't chips pretty much make this shit non-existent?
Colton Brown
We had an older, more established credit card processing infrastructure in the US. It meant more legacy shit which made the transition higher.
Unfortunately many merchants in the US still process on the basis of the magswipe, since older point of sale software cannot process chip transactions in many cases (even if the terminal itself is upgraded). Thus the cards still have the magswipe even though they have the chip.
Blake Stewart
>You guys INVENTED credit cards. that's literally the problem, the entire country is too Jewish to upgrade
like for instance my girlfriend works at a porn shop
when making a credit card transaction you must: >type amount into register >also type the same amount into credit card machine >swipe card >have customer enter pin >the machine now takes 2 fucking minutes over dialup to complete the purchase >she then has to complete the transaction from the register
Nothing is digital, and the bastards who run the company refuse to upgrade anything at the store, this is a huge trend in america. "it works, i don't need to fucking upgrade"
They finally got a chip reader yesterday (literally still the same bullshit fragmented process, and still dial up), and corporate says if the card doesnt have a chip, they need to make a photo copy of your drivers license and credit card (is that even fucking legal?)
Theres DOZENS of local stores that have a chip reader to avoid the fine, but every time you go to stick in your card "Oh sir the chip reader is broken", they refuse to activate them for some unknown magical reason.
Bitch the protective plastic is still on the screen, how is it broke.
PS: some people still use pic related
Jaxson Cooper
>Unfortunately many merchants in the US still process on the basis of the magswipe, since older point of sale software cannot process chip transactions in many cases (even if the terminal itself is upgraded).
For what purpose?
The US is the richest country in the world and the companies are the biggest, why is it so hard to upgrade?
Either way I don't think this is much of a problem more than a minor inconvenience.
Only like 1-2% of total cards fall victim and then you just check your statement and call the number and say "Hello I did not purchase this shit" and get your money back.
That's why you always use your credit card rather than your debit, if you lost money out of your account the bank will refund you but they're in no rush since it's not their money, credit it's their money so they'll rush to fix it.
Cooper Miller
Because upgrading point of sale software and testing it costs money. If the hardware is end of life then it may involve buying new hardware, software, and then training your people how to use it. Fraud costs may be less than all of the above.
The biggest companies already largely upgraded (the noteable exception I can think of is Costco, and they have a photograph of every member on their ID that has to be swiped before purchase, so they can identify if someone is using someone else's card easily and if they use a stolen credit card they know who the person is.)
>Only like 1-2% of total cards fall victim and then you just check your statement and call the number and say "Hello I did not purchase this shit" and get your money back. p much
Easton Thomas
I thought this shit was suppose to be a non-problem with rfid or whatever
Levi Rogers
The gypsy problem is being overlooked due to the ""other"" problem
Jose Mitchell
I use the ATM like once a year. The bank is close enough that I can walk and do anything I need with the teller. I pretty much never use cash anyway.
Brayden Taylor
RFID/NFC in modern cards/phones prevents cloning fraud, but if a company still takes magswipes, those are easy to capture and clone.
Kayden Gomez
How do they even cash them out?
Isn't it incredibly sketchy to get use them? Or do they just sell them online to drug addicts and other retards who aren't valuable so they can just get caught
Caleb Russell
stohlen credit caad
Evan Ramirez
Doing the smallest thing at a large company requires 100 layers of management to sign off and give their rubber stamps.
Smaller companies are more nimble.
Brayden Wood
People usually sell magswipe data online because it's lower risk. They get as cheap as $1 per card
Aiden Garcia
But how is it used after?
Seems incredibly sketchy and risky. What's even the point if it's so cheap... Seems really high risk low reward in general
Kayden Martinez
This. At least in my realm of the payment processing world. I'm at a medium sized business, and EMV compliance for us means coordinating our POS software with a compatible payment gateway and merchant processor. It's taking the software company forever to implement a solution for EMV, because it's a pretty specialized market and nobody is going to drop them if they don't get it done. They are just rolling out their compliance update next month.
We could have pulled the trigger on EMV last year, but it would have been a total work around, much like described at the porn shop. Then we would have thrown all that hardware out and got a proper solution this year.
The problem in my industry is that nobody's stepping up to make an easy to use, highly compatible system for taking chip cards. I'm sure a lot of businesses were in the same boat as we are, thinking we'll just eat any fees so we don't end up wasting money on hardware that will be useless to us in a year
Julian Sanders
>Unfortunately many merchants in the US still process on the basis of the magswipe
The only places around me that still do magswipe are fast food places. Everywhere else I shop at requires me to use the chip.
Daniel Thomas
>life in austria >shop across the street got the third credit card machine in the last 8 years >never had a problem with credit card fraud
you amerifats are brightening my day once again
Jackson Gutierrez
well?
This shit is pretty confusing
Ryder Price
>like for instance my girlfriend works at a porn shop People still buy porn?
William Wilson
she sells a little bit more than porn in the backroom...
Camden Brooks
Where else do you swipe besides gas stations and ATMs? Everything else is mandatory chip now.
Levi Cooper
Australia does not havethis problem. Why dont banks just issue cards eith chips permanently?
Aiden White
>Everything else is mandatory chip now. lolno
>Only about 17 percent of Visa's merchants have adopted the new technology, Visa CEO Charles Scharf said in early February during a call with investors, and getting 50 percent of merchants on board will likely take until the end of the year.
Nicholas Wood
any place that's not a major chain usually doesn't have chip enabled
and even the major chains, it's a gamble if they have chip enabled
Daniel Rogers
Are you a 3rd world country?
I just touch the register with my card and Im done. No dirty bra cash, no waiting for change. Anything over 20€ I just enter pin.
Andrew Nelson
If you're actually curious about this, find an eBook copy of Darkmarket(How Hackers Became The New Mafia)
Basically, Skimmer skims. Skimmer sells card data online in a large batch. Carders buy lists. Carders use drug addicts, homeless and bottom rung of society to cash out from shitty alleyway ATMs and they get compensation, usually a percentage of the money. Rinse and repeat until the cards no longer work.
It's actually pretty much that simple, but yeah. I'd read DarkMarket if I was you, quite a lot of insight into how everything works.
Nathan Collins
I'll check it out.
But I still don't get your explanation of it, I mean I understand it in theory but it seems simply way too sketchy with cameras at ATMs and such.
Why would the drug addict or whatever take a percentage of the money when he can take all the money? How would you even persuade him to do it? >psst hey faggot wanna make $100?
Daniel Ramirez
you tell them if they do what you want they get drugs/money, if they try and steal they die
Levi Brown
It's consistent work, basically. >hey phaggot draw out 1k and ill give you 100 of it >why the fuk would i wanna do that? >because ill give you a 10% cut for every job we do over a year?
Or conversely >hey phaggot draw out 1k and ill give you 100 of it >yeah sure Jew steals the money >lucky we're in Eastern Europe and i can just find you and cut your head off out the back of a slav techno bar
The guys who do this are actually organised crime, that do this on the side. A smart man wouldn't promise to sell product for a drug dealer and then skip out on him. That's how you end up shot in a ditch. Considering the guys that do this are so poor already, I doubt they could hide from people like this.
Henry Jenkins
Oh, I know a little about that side of the world. Someone stole my credit card in 2011, and the person who used it was clearly not a criminal mastermind. >cable bill >two cell phone bills >electric bill >catering >hair braiding shop
Then a couple years later some stranger calls me and tells me my card number is on the internet. I google recent results for my name and my credit card is on pastebin along with 499 others as a "taster" for a guy selling them.
Carson Thomas
>Then a couple years later some stranger calls me and tells me my card number is on the internet
How is that possible? Wouldn't it have been cancelled and you have gotten a new one?
Credit card companies don't really allow you to get all that shit without verifying it.
>Hmmmm this guy started billing this credit card from an entirely different state even though what seems to be the legitimate owner has just used it a local store in his city
Zachary Diaz
Jesus. Is that recent news?
In the past several months I haven't swiped anywhere except at gas stations. The grocery stores, CVS, etc. that I go to are all mandatory chip readers. I guess it must vary a lot depending on what part of the country you're in.
Aiden Cox
>How is that possible? Wouldn't it have been cancelled and you have gotten a new one? It was cancelled when I saw the fraud in 2011 (two years prior to the pastebin) but my name, address, full card number (that had previously been cancelled), expiration, phone number and CVV2 (three digits on the back) were part of the dump.
>Credit card companies don't really allow you to get all that shit without verifying it. Yeah Wells Fargo didn't shine in the fraud prevention department that day.
Jose Bell
>how bad are these getting in your local area? literally never known anybody who has had their credit card skimmed except for like 6 people who all had it happen in LAX at random times over the past 10 years. sort your life out burgers
Adam Martin
Still seems kinda retarded.
I can't imagine anyone would agree to taking on that much risk for only 10% rather than just reporting you to the police after telling you to fuck off
Nicholas Edwards
>HE THINKS NFC CCS ARE SAFE PFFFFFFFFFFFFAHHAHAHAHAHAHAHAHAHHAHA
NIGGA I CAN READ YOUR DATA FROM 3 METERS AWAY
Blake Brown
here Here's the fraud affidavit that I had to fill out when it happened
Ryan Stewart
You're showing the picture of the inside of the atm machine, the only people who could have possibly installed a skimmer on the inside are either other techs like you or the bank tellers.
James Bell
here geniuses kept trying for a couple days until they had realized that the card number no longer worked
Nathan Allen
Why do I feel like poor niggers are the ones who do this shit?
Makes me kinda sick desu, I can understand if it's a normal guy earning money for the sake of earning money but a Shaniqua saying to her children "Ay kids mommas gonna be able to pay da bills and buy us some dem groceries" seems kinda unsettling
Owen Bell
Isn't the range of NEAR FIELD communication like in the millimeter range?
Chase Wright
there are multiple presentations on this topic. Look into defcon and blackhat,just google. ex. youtube.com/watch?v=x2rF3dD1Ns0
Julian Gonzalez
>swipe cucks BTFO
Jordan Scott
It takes a special kind of retard to pay utility bills with a stolen credit card
Kayden Stewart
I don't know, but somebody had to go out of their way and buy my credit card number online to use purchases that were easily tied to them.
I signed the fraud form, the charges were reversed and I owed nothing. I don't know if my information was ever charged to prosecute the person who used my card or who sold my information.
Nicholas Smith
i don't have it set up on my phone but using a visa/mastercard if you don't have it pretty much flush against the sensor it doesn't read correctly half the time. i'd say 1cm would be max
Christian Parker
>It takes a special kind of retard to pay utility bills with a stolen credit card
Not him but let's look at the clues.
1. Detroit 2. Braids 3. Retarded enough to pay utility bills and cell phone bills(LMAO) 4. Retarded enough to KEEP using it(ok one charge might go unnoticed... but fucking 6? and then keep trying even when it's declined???)
This is without a doubt a nigger. Only question is how did a nigger figure out how to navigate to forums to buy this?
Alexander Wood
Retarded as fucking hell.
I don't get why they didn't just use it to order like 2 iPhones and then sell them. Would've been *A LITTLE* smarter than fucking paying utility bills, you'd think.
Jaxson Barnes
how do the new chip things stop credit card fraud? cant someone just make a copy of your chip?
Daniel Richardson
They check IDs at the apple store nowadays for a match against the name listed against the card. In any event that wouldn't have worked as by all indicators some store I shopped at online was compromised, they didn't have the magswipe track data to make a physical card.
Andrew Peterson
I meant order it online.
Joseph Price
No, that's the whole reason the chip exists. When the chip is manufactured it is made with a secret, a secret the chip will not reveal. This secret is given to the bank who keeps it on file.
With EMV a challenge is given to the card (say 123). This is processed with the secret. The terminal doesn't know and can't get the secret. In combination with a set number of things (the challenge, the time of the charge, and the secret itself) the output will always be the same. If a charge with challenge 123 at 12:52 PM should have a result of x1Z, then it always will. But only the card issuing bank can validate that.
The whole point of the chips is they're not cloneable. At least, theoretically. There are attacks on poor EMV implementations.
Maybe they could've used it to buy WoW gold or something and then exchange that for BTC?
Ian Davis
say you have someones chip what if you challenge it multiple times can you figure out what its 'secret' is?
Jordan Morris
Could have worked if they had done it quickly enough, possibly. I haven't played WoW in a while but they would ban accounts by association with farmers when I played, so people were very hesitant as to who they would buy gold from.
Grayson Morgan
You can't derive the secret (at least not with currently known attacks) but if the terminal uses poor implementation of the unpredictable number in the challenge then criminals can harvest attempts and make fake transactions that look cryptographically sound to the bank from the chip. There's a good paper on it: cl.cam.ac.uk/~rja14/Papers/unattack.pdf
Ian Johnson
I don't see how ordering an iPhone wouldn't work past address verification while paying utility bills for an address not even associated with the credit card and buying catering is fine.
Ian Nguyen
It's common for people to have a vacation or second home and pay utility bills with a credit card under another address, unfortunately.
For shipping goods worth hundreds of dollars, Apple doesn't ship to addresses that the bank doesn't have on file.
Newegg is crazy about this too (they made a mistake and banned me for fraud because I had billto: myname, shipto: Brother's name for the same exact address because they got an AVS name mismatch code; they claimed that my card issuer told them it was fraud, but I called my bank's merchant services and they verified Newegg never called them. I called Newegg back and flipped shit and they un-suspended me and gave me a $25 gift card).
Kevin Allen
What if you do it as a "gift"?
Sebastian Fisher
Smart white guy sold it to him.
Kayden Peterson
I did. Newegg's fraud department went full retard anyways. A mismatch on name for AVS is normal if the shipto recipient is different.
Tyler Flores
Desperate drug addicts and homeless aren't known for their decision making abilities. Nice to hear that you can high road these people, user
Grayson Price
If you want to use a credit card to buy expensive goods, the way to do it is by buying gift cards to whatever store. Gift cards are sold in drug stores, convenience, etc. These places typically don't have proper ID verification procedures. You could then resell those cards for cash too.
Alexander Young
her ass?
Camden Russell
>Gift cards are sold in drug stores, convenience, etc. These places typically don't have proper ID verification procedures. You could then resell those cards for cash too.
>It gets reported >Gift card number is flagged >Go to buy something with it and police are called
Hudson Baker
Fucking Burgerland…
When I was there last year, everything used the fuckin ancient magstripe.
And sometimes I even wasnt asked for a signature. That's not supposed to work like this.
Next time I am there, I keep track of my spendings, and whenever I pay something with card, and do not enter my pin or sign something, I'll tell my bank that I did not make this payment and see what happens.
Or probably I should use the wording "authorize" instead of pay. I'm pretty sure it should not be possible to get money out of my CC without my signature, so my bank does have to assume fraud.
Or am I overseeing something?
Gabriel Lopez
you just don't understand freedom
Brayden Mitchell
>Land of the free >People go to jail for possessing a plant
Logan Myers
Pics of gf?
If you were American, your credit score would go down if you report it for fraud. That can fuck you over in a thousand different ways for the rest of your life so trying to get a few dollars back from all those over priced coffees you drank would not be in your interest. That includes if the fraud was real.
James Johnson
>When I was there last year, everything used the fuckin ancient magstripe. The EMV migration started late last year
>And sometimes I even wasnt asked for a signature. That's not supposed to work like this. Merchants figure convenience is more worth it to you than the fraud from small charge amounts... they pay if the cardholder claims the charge isn't legitimate (of course they have security cam footage if you're lying, then your bank will consider you to have comitted fraud).
Joseph Stewart
>Land of the free >People go to jail for having certain 1's and 0's in their hard drive
Charles Murphy
>it should not be possible to get money out of my CC without my signature, so my bank does have to assume fraud. It is rather possible. Ever notice amazon doesn't use CVV? And with some card issuers, only a small portion of the info has to line up.
Juan Allen
>RFID/NFC in modern cards/phones prevents cloning fraud
Parker Gonzalez
In competent scenarios, yes. Ignoring the inflammatory defcon videos HORRY SHIT IT SHOWS YOUR NAME AND A CARD NUMBER AND SOME SHIT!!!!
Basically, in modern NFC implementations: 1) The cardholder name may or may not be different. 2) The credit card number on the RFID/NFC is different than the number printed on the physical card. This usually involves a cap in value. Even if the number is captured, it can't be used for non-wireless transactions. 3) The expiration date is not included on most RFID chips nowadays. 4) The CVV1 and CVV2 values are not included on modern NFC/RFID chips. Even if you eavesdrop, you cannot use the captured data for a magswipe or card not present transaction. 5) In modern RFID chips (& NFC implementations), the CVV3 value is dynamic, it varies based on the terminal ID, the challenge from the issuer, and then it is transformed by the secret on the NFC secure element/RFID chip to a unique response. Basically, replay attacks are impossible, while main-in-the-middle attacks would require you to hold up a card to an NFC enabled device while it is networked to a second NFC enabled device that is being held against the antenna at a point of sale. It's not trivial. NFC on cell phones becomes even harder as you have to have the person's phone unlocked and in their wallet application. 6) NFC transactions in the US are usually subject to a $25 or $50 ceiling, although it depends on the store, reducing the incentive for fraud to occur.
Jason Lee
This is really interesting. Where I live you give your card to the cashier, he swipes it and enters the security code and then the machine spews a little ticket, which you have to sign and also write your id number.
It's really painless for the user, although a little bit dated cause you get the ticket from the credit card machine thingy AND the ticket from the register AND the cashier gets a copy of both, a fucking waste of paper.
Christopher Parker
And you also would have to give it to the cashier.
Mason Hughes
>life in austria
Anthony Williams
>Amerifats still don't get how chip and pin works in 2016 >'Developed Country' >'Technology Leader'