Slashdot Mirror
Privacy Pitfalls in No-Swipe Credit Cards
Nrbelex writes to mention a New York Times article about the privacy pitfalls of 'no-swipe' credit cards. Despite assurances from the card companies, researchers Tom Heydt-Benjamin and Kevin Fu were able to easily retrieve data from the new cards ... data available without encryption and in plain text. From the article: "They could skim and store the information from a card with a device the size of a couple of paperback books, which they cobbled together from readily available computer and radio components for $150. They say they could probably make another one even smaller and cheaper: about the size of a pack of gum for less than $50. And because the cards can be read even through a wallet or an item of clothing, the security of the information, the researchers say, is startlingly weak. 'Would you be comfortable wearing your name, your credit card number and your card expiration date on your T-shirt?' Mr. Heydt-Benjamin, a graduate student, asked."
Let them do this. I think it's time these idiots suffered a really big catastrophe; it'd probably the most (only?) effective way to really set the tone re. RFID.
Meantime, don't carry these cards yourselves, and avoid banks that use them...
Tired of Political Trolls? Opt Out!
In the old days, you used to actually have to stick your hand into someone's pocket or purse.
In the new days, you apparently only have to sit next to them on the bus.
FINALLY! Us geeks have something to be happy about. For once we can walk confidently sporting our tinfoil wallets and WE'LL be the ones laughing...all teh way to the bank!
I thought they could not get even dumber then not having people sign their credit card slips or have the user swipe it themselves and sign so the cashier does not even look at them. Let who ever chooses this "easier" way to crash and burn
Of course, I found this interesting blog post from several years ago: http://www.spy.org.uk/spyblog/2004/02/foiling_the_ oyster_card.html
I just wish TfL would get the bloody Silverlink / North London Line railways on the system rather than posting stormtrooper rent-a-cops at selected stations on random mornings. I actually do pay my fare, but I'm deeply distressed by the rudeness of some of the non-TfL staff. Treat customers not as potential fare-evaders but customers!
Okay, magnetic swipe cards are better than the old way of making a carbon from the raised info on the little plastic cards, but what is the advantage of an RFID credit card? I still need to get the RFID-thing out of my wallet or out of my pocket to use it. Is saving five seconds such a big deal that I wouldn't spend that five seconds in order to protect my identity?
Upgrades for the sake of the "wow-factor" are stupid.
Here will be an old abusing of God's patience and the king's English.
...then you have nothing to hide, right? So why are you bothering hiding your credit card from the other law abiding citizens, are you a terrorist?
Lead-lined sleeves for credit cards, driver's licences, passports, and airport visitor tags. In an assortment of new colors for our autumn lineup!
http://prisms.cs.umass.edu/~kevinfu/papers/RFID-C
gentlemen, start your soldering irons
...swipe cards aren't secure? Hell, I'm still waiting for CREDIT cards to become secure.
I've been waiting for 2 years for cashiers and salespeople to check my signature whenever I buy something with my credit card. Sometimes I'll sign "Mickey Mouse" or "Donald Trump", or even write a phrase like "Yankees suck!", and I still have yet to be asked even once. With the lack of security on older cards, it doesn't surprise me that these newer ones are no less safe.
When did we get too lazy to swipe credit cards?
If you're too lazy to have any security, you won't have any.
In NYC, you can use Citi's PayPass as a metrocard at 6 station terminals (the green line).
And, that's pretty much the only thing I've used it for.
I'm not really worried about theft of the information on the device -- there's zero liability and all that -- but, who knows how much hassle I might have to go through, to get the credit card company to actually credit the charges. Oh -- the paypass (and amex's expresspay) has a different credit card number embedded then the credit card it's associated with -- so, even if the paypass is 'lost', you only need to replace the paypass, and not your credit card.
As a former employee of one of the credit card companies, I'd like to explain a little bit of how they think. Banks and credit card companies take fraud for granted. They have departments which analyze potential and reported fraud. They set certain thresholds which they consider acceptable. Since they know it's going to happen they study it and figure out the best way to flag accounts. To the credit card companies it makes the most financial sense to not bother with the technological blocks and catch the fraud on the tail end. For example, with smaller purchases no longer requiring a signiture, card use for small purchases has gone up. If a few percent of those purchases are fraud the banks and credit card companies don't care because in the end they're making more money. People who notice fraudulent transactions on their statements will make calls and the banks will eat the cost of the purchases. Banks who suspect fraud has taken place simply block the accounts until the card holder calls. It all works out to the benefit of the banks and credit card companies.
So even though the credit card companies should do more to protect the information from a logical and PR perspective, they've already decided that the small potential increase in the cost of fraud is outweighed by the increased use of these cards that some people consider more convenient.
Developers: We can use your help.
Aren't the credit card companies liable in the case that someone war-drives your credit card info? I mean, if it's not encrypted and it's effectively broadcasting the number, could there really be a bigger security risk? Maybe we should all just get stainless steel wallets.
stuff |
Finally the tin foil hat brigade has something to teach us. To stop your RFID cards being read you simply need two sheets of tin foil (aka bacofoil) on either side of your wallet. I predict that such wallets will soon be on sale as will metalized pockets for coats.
...an airport that regularly checks wireless credit cards from walking through the door, to boarding the plain.
You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
check the small print, you might find the bank owns the card and you're not allowed to alter it.
I've never heard of anyone having to pay a single cent of a disputed charge.
How many fulltime jobs can one man have?
Why not just get an RFID Blocking Wallet? http://slashdot.org/articles/06/10/03/2133244.shtm l from http://www.difrwear.com/ and not worry.
Are you suggesting his fiancé is Ann Coulter? That's pretty low...
Ben Hocking
Need a professional organizer?
There seems to be a really huge gap between the security research community and the companies developing RFID credit cards, RFID passports and voting machines, in other words, the people making the practical applications. It is clear that these companies have absolutely no competence whatsoever regarding information security and don't care to ask anyone for advice either. Beautiful. Security by obscurity is the default and often there's not even much obscurity..
Aren't there any rules regarding the handling of sensitive customer information? No laws? Is it enough to just say: "Don't worry. Your data is safe with our technology." when it is actually not?
I probably sound like a paranoid nut, but banks are pushing this 'touchless' card technology because we buy more when we use it. By 'we' I mean consumers. And we buy more when using plastic than when using cash. In this USAToday article - http://www.usatoday.com/money/perfi/credit/2006-10 -09-credit-cards-usat_x.htm - a great quote sums it up:
Merchants, too, benefit from faster no-signature transactions, credit card companies say, because the stores can serve more customers -- resulting in higher overall sales. And "people will spend more if they come in with a card vs. cash," says Gareth Forsey of MasterCard Worldwide (MA).
"People will spend more".
So, if people already spend more by putting a card in a reader, it stands to reason that they'll spend even more when they don't even have to get the card out of the wallet - just wave it around in front of the reader. The speedpass technology is pretty much doing this already, and McDonald's adopted it a few years back. Obviously it was a pretty big expense for them to put the machines in, refit their networks to accomodate it, etc. Why would they do it unless it meant people were buying more? In fact, Visa's own website (http://merchants.visa.com/solutions/qsr.jsp) states that
A recent Visa study of 100,000 QSR transactions showed that customers using payment cards spent an average of 30 percent more than those who paid with cash. Other industry studies suggest that the average spread may be even higher.
So for everyone saying "when did we get so lazy?" and similar notions, it's not that we're lazy. We simply spend more the less psychologically painful it is to do so. If I lay down 5 $20s to do my grocery shopping, it's more painful than swiping a card, because it's not as real at that moment. When I get view my statement later, yes, it all tallies up, but there's no difference between using plastic for groceries, clothes, the movies, or anything else, even if all the prices are wildly different.
creation science book
For years I had a Mobil speedpass. I found it incredibly convenient. Take out the keys, pass them near the pump, and go. For those rushed commutes when I wanted to get back to the road and back to my audiobook, getting out of the gas station was a priority and I thought it was great. And even when it was clear the system was hackable http://www.marketingshift.com/2005/1/exxon-mobile- speedpass-hack-via-rfid.cfm I still used it. WTF? You get cheated, you call the credit card company and take care of it. How many websites already have my credit card information? How many bills do I pay online? There is a huge amount of trust that I put in these institutions. But I've decided that my time and convenience in the long run are more important than worrying about a few hundred dollars.
you know, I think that it's stupid crap like this that makes it so easy for people's idedtities to be stolen...Let the dumbasses keep the card...papa needs a new pair of shoes...:D
I'm I the only one who can't wait for their bank to get these RFID cards in for their Check Cards? My magnetic swipe is always wearing out. And it will be so great to not even have to pull my card out of my wallet. Now finally cashiers might stop going against the Visa merchant agreement by asking for my ID. Nothing grinds my gears like being asked for ID when using a credit card especially my Check Card. I mean that was the whole point according to the commericals.
I'm not really worried about people stealing the RFID information either. I don't think many people will be making these for credit card fraud. And if it does get stolen screw I'm not responsible for fraudulent purchases.
Open Source, Open Standards, Open Minds
Really - if they did, don't you think they would at least REQUIRE A PIN? This is something that can easily be turned on with the flip of a switch - hell the infrastructure is already in place for ATM and Debit Card transactions.
If they can't be bothered with PIN numbers, why would they be bothered with encryption and authentication?
-ted
These 'old days' you talk about ended long, long ago. These 'new days' you predict started decades ago. I'm far more worried about the minimum wage employee handling my credit card info or someone digging through improperly discarded credit card receipts than I am of a technophile taking the time and effort to build a mobile card reader. A stolen credit card is a stolen credit card, regardless how it's done - and we already have measures to counter this. I fail to see how this 'new world' is any different than today's status quo.
in case you didn't know, in check fraud/credit card fraud etc. it is the banks which are liable not the person using the services of the bank. by law. As for passing on the cost, that is only doable with debit cards. otherwise, there is no way to pass the cost on to the customers.
I have invested in an amazing technology that is 100% secure, is accepted at more locations than ANY credit card, can be used even if there is no card reader present, does not bear my name or any identifying characteristics, and best of all, if someone does duplicate it or use it fradulently, I cannot be held liable. It's called cash.
I think he's saying that the costs come back to the CC users anyway, in the form of raised rates, fees, and increased prices at retailers that don't want to lose the cut to the CC company.
I solved the security issue in about 10 seconds with a drill press. Now there's just a little hole where the RFID chip used to be....
This sig has exceed its monthly bandwidth allotment.
Personal data including owner's name, card number and expiration date will always be stolen, since they're shared with other parties by nature.
The killer security method is SMS notification of each transaction. Here in Italy it's widely used. What about your own countries?
our
Everyone keeps saying, "Who cares, I'm not liable if someone takes my card and uses it", and that "The banks eat it".
No, they don't. The merchants do. And the customers end up covering it in the end.
I own an online retail business. If someone disputes a purchase and we lose the dispute, the credit card processor simply takes the money back from *us*. We're out the money. Nobody else.
We go to great lengths to try and prevent this (AVS, CVV, etc), but you will get one every once in a while no matter what you do.
So fraud rates are built into retail *pricing*. When we get a new product, we have a formula to decide our selling price. It's based on our business costs. Fraud is one of those costs - we know how much we incur per year, so we build it into the profit margin. Every business does this in one way or another.
If fraud goes up, so do our prices. Therefore, it goes full-circle back to the consumer.
Brian Roach
weellllllllllll duuuuuuuhhhhhhhhhhh ?
The reason that we have the credit card fraud protection that we do today is not just because the banks thought it was a good idea, but because federal law makes them liable for all fraudulent charges up to a certain amount. Regardless of what arguments they put forth about who is most at fault, it is the bank and not the consumer who is liable, period. The credit card companies can and do write conditions into it's merchant contract that say they won't pay the merchant for fraudulent charges, especially if they don't have a signed receipt. In this case PIN numbers actually push liability further away from the merchant and back to the bank. When the actual perpetrator of fraud is caught, they are required to pay the money to the bank. But if these don't occur it is the bank who must ultimately swallow the losses.
This is why the banks have invested a ton of money into programs that detect patterns of fraud, and why I am not too worried about these new technologies. If they increase fraud, then the bank will be the one that gets hurt and if it becomes too great a problem they will move back to the old solution or onto better solutions (smart card authentication using PINs and public/private keys). So just stick with regular credit card accounts, not debit cards - the legal protection is the same, but you are out the money until the bank gets around to refunding it - and you will be fine. Of course, this is US specific, YMMV in the EU.
The CC companies cannot directly do it, but what about the notices in the mail stating "we will raise your rate to x% unless you write us a letter"? The notices I've received in the mail always seem rather shady and throw-away-able...
This quote from the article particularly bothered me:
""It's a small sample," said Art Kranzley, an executive with MasterCard. "This is almost akin to somebody standing up in the theater and yelling, 'Fire!' because somebody lit a cigarette.""
I thought smoking was banned from theaters 'for the children'. Smoky the bear would be upset too. Who cares HOW SMALL the sample is; the issue still needs addressed. That 'little cigarette' could cause a 'fire', and shouldn't be allowed in the first place! As much as I am against some governmental overlording, this is an appropriate time for the government to in act legislations to require credit comapnies to safe guard against this sort of danger.
Where is the greater threat?
1. Stealing information from card holders one-at-a-time with a soon to be illegal device?
2. Card holder data at rest by the thousands in some DB somwhere?
Where is the liability in each instance?
There's no incentive for the banks to do this any differently.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
Ok maybe I did not say it correctly.
If you think you are not paying for CC fraud then you are mistaken it is not a direct charge but No WAY is the bank paying for it. The CC company take on average 3-5% of every transaction so do you think the merchant just pays this No it is built in to the cost of every thing so if you pay with cash you pay this fee ( I do recall a while back some Gas stations used to give you a discount for cash But I have not seen it in a long time ) Uggg oll well I guess the Moderators of this missed the point of what I was saying. (More likely I did not represent my self well that's what I get for posting before coffee) Every time one of these things comes to light The CC companies say well you are not responsible for fraud and every one goes AHHH OK well no problem then, instead of being pissed that the CC companies are not doing a better job of protecting our information.
This is why I am always amazed that people carry the 'check cards'. It is so easy to commit credit card fraud that it is just silly. So, what do people do? They start carrying around a credit card that has access directly to their checking account. Of course the banks will try to tell you it is safe because if the money is stolen, they will return it in one business day. Of course that is one business day after you notify them, and the way you find out about it is that your mortgage/rent check bounces, and your real credit card bill check bounces causing all of your interest rates to shoot up from 6% to 22%. Hell, Visa's orginal check card TV adds showed exactly how to commit fraud with the cards!
There is absolutly no benifit to a check card over a real credit card, and huge drawbacks, but people keep carrying them.
How about Visa in Canada (CIBC to be exact)?
Recently, I received a bunch of $2.50 charges on my card. When I called Visa about it, they couldn't figure it out at first, but they appeared to be "cash advance fees," so they went to investigate. Later, they called to inform me that the fees were from when I bought lottery tickets, which were now treated as a cash advance: $2.50/transaction + interest, and that I had received in the mail a new policy stating such. I stated I hadn't recieved said changes, so they refunded the $2.50 fees (probably not the interest, buggers), and mailed me a new copy of the policy.
So I checked it out, and the closest thing they have is to the effect of:
Cash-like transactions: Some transactions are treated as a cash-advanced and are charged a service fee + interest. These include casino chips, money orders, wire transfers, etc. Transactions that are indicated by your teller as a cash-advance may also be treated in this manner, if in doubt, ask your teller.
Now a lottery ticket is a far fucking cry cash-wise from gambling chips or wire transfers. All the items indicated has a real-world value, with a consistent, fair exchange of cash-to-item value. Lottery tickets might win you cash, but if they want to go that far I could also go buy a bloody car and then sell if off for extra bucks at a loss.
In other words, with anyone who handles the big-bucks, you're pretty much screwed for anything that's not cash. As for the bottle of coke, with many cards you have a tied-in debit account, which gets charged accordingly with either a monthly amount, a per-transaction amount (not near $4), or a varying amount depending on your balance (in my case, so long as I keep $1000 in the account, which is always, I don't get charged on debit transactions, but if I ever dipped below for a moment, it would be like $1.50/transaction).
Personally, I was using Visa because I gain travel points and don't pay interest (always paid on time), unless I started getting fucked-up fees like the ones above. But when they've got the big-bucks, who do you complain about their very vague policies to?
Well, I got my "new fantabulous" debit card several (6?) months ago - they included very exciting documentation about how ez this woule make transactions ahref=http://www.mastercard.com/us/personal/en/abo utourcards/paypass/index.htmlrel=url2html-14326htt p://www.mastercard.com/us/personal/en/aboutourcard s/paypass/index.html>
I immediately called the customer service dept. The customer service rep, who tried to be very nice, and was very well trained on how easy, simple and secure this card was - but didn't know exactly much about how RFID actually works! I asked her if she thought EZ Pass was a good idea... and she knew what that was. When I explained that essentially my card and hers, I'm sure) was essentially the same thing - there was a long, quiet pause on the other side.
long story short - I said "well, I don't want this feature in my card, please send me an 'old' one." I was told that they didn't have the old ones anymore. I told them I would take my business elsewhere... and I was told that the cards were being driven/produced by Mastercard - and ALL hte banks were doing the same thing. Hmmm... Should have shorted that stock the next day!
Yours, with a pocket full of aluminum foil & Duct tape
CA in NY
So, what exactly is wrong with a system like Suica? It's anonymous and convenient. Not having to wait in line in Tokyo for a JR ticket in the morning was quite nice. So was running into a combini and buying a Pocari Sweat with my Suica card.
'Would you be comfortable wearing your name, your credit card number and your card expiration date on your T-shirt?'
No, but I think it'd be cool to have a t-shirt with LEDs that could put up multi-line data, and capture other peoples' names, CC-#s, etc and display _their_ info on _my_ shirt!
Awesome furniture, accessories and cabinetry in Santa Rosa, CA: http://humanity-home.com/
Speaking of past and future predictions, how about we all step back in time a bit down digital memory lane...
a tion-gets-facial-scan-payment-systems/
t 2006/tc20061009_971601.htm
/ index.php?page=all
c ards_big_....html
Tokyo train station gets facial scan payment systems
http://www.engadget.com/2006/04/27/tokyo-train-st
----
RFID subway pass? Sure, New York says
http://news.zdnet.com/2100-1035_22-6033364.html
----
Radio-Frequenci ID: Asian Impediments
http://www.businessweek.com/technology/content/oc
(page was ALL jacked up in my Konqueror browser....)
----
Suica
http://www.answers.com/topic/suica
Suica stands for "Super Urban Intelligent CArd"
"a rechargeable contactless smart card used as a fare card on train lines in Japan. Launched in November 2001,..."
"Technology
The card incorporates contactless radio frequency identification RFID technology developed by Sony, called FeliCa. The same technology is also deployed in the Edy electronic cash cards used in Japan, the Octopus card in Hong Kong, and the ezlink Card in Singapore."
----
RFID in Japan
http://ubiks.net/local/blog/jmt/archives3/2005/02
----
RFID Cards Big in Tokyo
http://www.smartmobs.com/archive/2003/03/15/rfid_
"Pockets in Japan, however, are getting lighter with the growing use of integrated-circuit smart cards. The size of a credit card, they are packed with thin antennas and an encrypted integrated chip that can be used thousands of times to pay for train fares, meals at restaurants and snacks at convenience stores. In less than two years, nearly seven million people in Japan have started using one of two types of cards, both based on technology developed by Sony.
So far, the main client for the cards is JR East, the largest railway company in Japan. Nearly six million train and bus commuters have started using the first of the two types, known as Suica cards, since they were introduced 18 months ago."
For those interested in similar devices (well, actually key fob) in the US, read 5-Peter Davidson's post about "Speedpass"
BUT, be sure to read # 7- "SUICA IS NOT RFID"
http://www.eurotechnology.com/store/suica/
----
heheh, slash image word: "rescuing"...
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
At least SOMEONE else realizes that the signature is in NO WAY a security measure on a credit card. It is only there to show that you've agreed to the terms of the contract you signed when you activated the card. Now retailers may take issue with no signature on the card meaning you dont accept the terms of use of the card, which may make them liable for taking the card knowing that fact, however I've seen a few websites now where people run around signing their CC reciepts all sorts of names and junk thinking they can go back later and dispute charges. No matter what you signed, the fact is, you signed for it, it's yours. I'm sure court of law would also agree.
These people need to read their CC contracts to understand what it really is they signed in the first place, instead of trying to be an idiot and sign their recipts, Mickey Mouse or something else rediculous.
http://www.spychips.com/press-releases/flawed-cred it-card-security.html
. html?ref=business
1 023_CARD/techreport.pdf
FOR IMMEDIATE RELEASE
October 23, 2006
CONSUMER WATCHDOGS DEMAND RECALL OF SPYCHIPPED CREDIT CARDS
CASPIAN Advises Consumers to Immediately Remove Cards from Wallets
Consumer watchdog group CASPIAN is demanding a recall of millions of RFID-equipped contactless credit cards in light of serious security flaws reported today in the New York Times. The paper reports that a team of security researchers has found that virtually every one of these cards tested is vulnerable to unauthorized charges and puts consumers at risk for identity theft.
Radio Frequency Identification (RFID) is a controversial technology that uses tiny microchips to transmit information at a distance. These RFID microchips have earned the nickname "spychips" because the data they contain can be read silently and invisibly by radio waves without an individual's knowledge or consent. The technology has long been the target of criticism by privacy and civil liberties groups.
"For these financial institutions to put RFID in credit cards, one of the most sensitive items we carry, is absolute lunacy," said Dr. Katherine Albrecht, founder and director of CASPIAN, a consumer group with over 12,000 members in 30 countries worldwide.
Researchers are showing how a thief could skim information from the cards right through purses, backpacks and wallets. This information includes the cardholder's name, credit card number, expiration date and other data that would be sufficient to make unauthorized purchases. They say the information could even be used to identify and track people, a scenario Albrecht and co-author Liz McIntyre lay out in their book, "Spychips: How Major Corporations and Government Plan to Track Your Every Purchase and Watch Your Every Move."
Despite earlier assurances by the issuing companies that the data contained in the credit cards would be secure, researchers found that the majority of cards they tested did not use encryption or protect the data in any way. The information on them was readily available to unauthorized parties using equipment that could be assembled for as little as $50, the researchers said.
"We cautioned companies against using item-level RFID, and they didn't heed us. Now the credit card industry is facing an unprecedented PR and financial disaster," says McIntyre, who is also a former bank examiner. She points to the astronomical cost to replace the cards, not to mention the potential financial losses, litigation expenses, and erosion of consumer trust.
Albrecht and McIntyre are calling on the industry to issue a public alert detailing the dangers of the cards they've issued, institute an active recall, and make safe versions without RFID available to concerned consumers.
"This recall has to be very clear and very directed since consumers may not know their cards contain RFID tags," says Albrecht. "The industry has repeatedly resisted calls to clearly label the cards. Rather, they've given the cards innocent-sounding names like 'Blink.'"
CASPIAN is advising consumers to immediately remove the credit cards from their wallets and call
the 800 number on the back to insist on an RFID-free replacement card. The group is cautioning consumers not to mail the cards back or simply throw them away due to the risk of their personal information being skimmed.
Today's New York Times article by John Schwartz can be found here: http://www.nytimes.com/2006/10/23/business/23card
A research report detailing the findings can be found here:
http://www.nytimes.com/packages/pdf/business/2006
Help achieve Liberty in your lifetime - join the Free State Project - http://www.freestateproject.org
Just a thought, but couldn't this technique be used for something more covert, like passively recording the info from the rf card keys in someone's pocket to gain access to secure places? hehe
If you mail the card back, it can be read without even opening the envelope. If you cut the card in 2 (or 4 or 8), the mag stripe is unlikely to be able to be easily read. The only thing the tiny rfid chip needs is to be intact... it's that small. I cut a card open and it's about 1mm square, embedded in the card.
Want to know if your card has a chip?: does the signature lines go all the way across the card, or stop early? If it stops early, that's a chipped card. The chip is at/near the part that would be sig lined.
And finally: someone should steal your identity and keep you busy instead.. Oh wait, they DID, Mr Anonymous Coward. Talk about ironic: someone afraid to post his own identity complaining when others are concerned about their own. If I didn't know better, I'd suspect you were a shill for the RFID folks. We know they troll like that... go read Katherine's book where she documents the slimy stuff they've done.
Help achieve Liberty in your lifetime - join the Free State Project - http://www.freestateproject.org
Yeah, I see what he meant now. I was thinking that CC companies are allowed to charge a user upto $50 per disputed charge if they want, but they never do. I wasn't looking at it in the bigger picture like was originally meant.
How many fulltime jobs can one man have?
Like I said in my response to the other reply, I misunderstood you and assumed you meant that a person was specifically charged for their disputed charges. I now see you meant in a large view of the entire process. My bad.
How many fulltime jobs can one man have?
Everyone talks about a tin foil wallet as a fix but all a dedicated scammer would need to do is hang around checkout lanes where people open their wallets to harvest large numbers of cards if these become common enough. If it can be read for purchase, it can be read by anyone who wants it. Hell, you could leave one that was disguised as a harmless object at the checkout lane and just stop by later and pick it up out of the last and found bin. Voila, a big list of victims.
When my credit card number was stolen years ago, I only had to check my receipts to know where I had been during the period when it was stolen. After reporting it to the police, they got security cameras which showed in full view the vile little worm at the gas station who had copied down the number while his back was turned to me. And though the card was protected against fraud, it still took many of hours of my time to prove it was fraud, and then argue with the bank that the purchases were indeed fraudulent. Not only that, but because it was a debit card tied to my checking account, in the mean time my account had been cleaned out and some of my checks bounced. I had to argue for a long time with the bank to get them to take back the overdraft charges which had amounted to hundreds of dollars. They couldn't seem to fathom the fact that if the fraudulent charges hadn't occurred, nothing would have bounced.
Two lessons I took from this:
1. Never, ever use a debit card. Ever.
2. Banks will try to screw you even after you prove that charges were fraudulent.
I stick mostly to hard currency now.
I tried that with HSBC, they don't make the old non-RFID cards anymore. I finally got on the phone with a technical person there who basically gave me a "It's completely safe and we know what we're doing" sales pitch. Grrr.../
"goodbye and hello, as always" ~Prince Corwin, from Zelazny's Amber series
Allay RFID privacy concerns by letting the end user decide when it transmits
There is a concern that RFID tags embedded in credit cards may make the presence of such cards detectable by anyone with an RFID reader.
To answer that concern, we have an easy way to make RFID tagged cards normally invisible, but active when you want them to be.
Background: RFID tags are appearing everywhere. They can be embedded in plastic cards such as credit cards, id cards, passports and other places. There are privacy concerns about these tags being read without the owners knowledge.
Solution: "RFID Shield" lets you choose when your tags are readable.
Information about the RFID Shield is at: http://smarttools.home.att.net/rfshield.htm
Smart Tools Send comments, suggestions to: smarttools@att.net
You sign the back of the card to indicate that you agree to be bound by the terms of the credit agreement.
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
Moderation -1
100% Flamebait
Telling people about Bush's plan for insecure IDs and secret torture prisons isn't "Flamebait", unless you're some Bush stormtrooper with an "enemy combatant", an otherwise boring job in a dungeon, and some soldering irons with time to kill.
--
make install -not war