Arsenic Posted September 17, 2007 Posted September 17, 2007 I knew it was coming...but I saw a commercial the other day, and I can't believe they are actually doing it... I'm not an RFID nut, but theoretically can't you record the signal that a chip gives off and have all the data needed to reproduce a point of sale transaction?.... what are they doing to secure this? It's ridiculous... Quote
SomeoneE1se Posted September 17, 2007 Posted September 17, 2007 what are they doing to secure this? It's ridiculous... just about nothing Quote
deleted Posted September 17, 2007 Posted September 17, 2007 I would rather advertise my PIN number in the Paper. Quote
cooper Posted September 17, 2007 Posted September 17, 2007 They still need your autograph on the receipt, no? Basically, they're shooting themselves in their own foot. Or am I missing something? Quote
anyedie Posted September 18, 2007 Posted September 18, 2007 They still need your autograph on the receipt, no? Basically, they're shooting themselves in their own foot. Or am I missing something? The autograph on recipts mean nothing... I started signing in glyphs, symbols, and my own art work a couple months ago... no one says anything. On one of my purchances I even wrote 'And its not even me' and the cashire dident say anything. There is no protection... this just means all a crook has to do is point a laser at your wallet insted of taking it. Quote
puredistortion Posted September 18, 2007 Posted September 18, 2007 Another thing is if you knew what signal to send the cards you could set them off in someone's pocket and "steal" there credit card with out them knowing just by wandering past with a correctally configured RFID reader. This is scary if your bank sends you one go and buy an RFID shielded wallet from here: http://www.difrwear.com/products.shtml Quote
Sparda Posted September 18, 2007 Posted September 18, 2007 It is really easy to setup a ultra mobile laptop in a briefcase with a RFID scanner mounted against the lid and set up the software to remember every single RFID broadcast it receives. Potentially you don't even have to use a full on laptop, you could use some thing like a PDA if you can get a RFID scanner that works with it. Quote
cooper Posted September 18, 2007 Posted September 18, 2007 They still need your autograph on the receipt, no? The autograph on recipts mean nothing... Did you bother to contest the charge on the card? There was an article a while back about some guy who decided to start signing with 'Service sucks', vulgar artwork and worse as time went by. He claims he got all the purchases refunded (which basically means the place that sold the stuff to him gets the bill as they accepted the clearly invalid autograph. Here it is: http://www.zug.com/pranks/credit/ and part 2 http://www.zug.com/pranks/credit_card/ A coworker of mine went to Turkey on holiday, and paid with credit card there in a number of locations. When he got back and saw his statement, he noticed an extra charge. He contested it and they refunded it because there was no signature on the receipt. I would expect them to not only check that there was an actual signature on the receipt, but also that it sort-of matches your own signature. Quote
SomeoneE1se Posted September 19, 2007 Posted September 19, 2007 an intersting test would be to see if anyone accepts a receipt signed 'Do not accept' Quote
moonlit Posted September 19, 2007 Posted September 19, 2007 an intersting test would be to see if anyone accepts a receipt signed 'Don't not accept' ...which actually means 'accept', you would be asking them to not tell you they can't accept it. Quote
Andycapp91 Posted September 19, 2007 Posted September 19, 2007 You don't even need a signature. There are coffee shops around here advertising the convenience of purchases "under $25" not needing to be signed. Just pull into the drive though, flash the card... and bob's your uncle. Not only do you not need a signature... but these devices are mounted OUTSIDE in the drive through... If my bank were to send me one of these cards in the mail... they'll cease to be my bank, very quickly. I'm with DarkBlueBox... it's safer to post my PIN number in the paper. Does anyone have any true insight into how actively card issuers monitor things?... ie: how does the algorithm work? I wonder if a transaction under $25 even hits the radar? Quote
SomeoneE1se Posted September 19, 2007 Posted September 19, 2007 an intersting test would be to see if anyone accepts a receipt signed 'Don't not accept' ...which actually means 'accept', you would be asking them to not tell you they can't accept it. yea yea yea, fixed 'Do Not Accept' Quote
puredistortion Posted September 20, 2007 Posted September 20, 2007 I wonder if a transaction under $25 even hits the radar? I doubt it as this is one of the ways that a cracker or phisher will test or use a credit car by making these small payments. I think there was some talk about this on the Network Security podcast.... at least I think that is what I was listening to. Quote
SomeoneE1se Posted September 20, 2007 Posted September 20, 2007 I wonder if a transaction under $25 even hits the radar? I doubt it as this is one of the ways that a cracker or phisher will test or use a credit car by making these small payments. I think there was some talk about this on the Network Security podcast.... at least I think that is what I was listening to. I'm going to go with no... http://www.mastercard.com/us/personal/en/a...rcards/paypass/ * Signature is not required for purchases under $25 at participating locations. PIN may be required for debit transactions Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.