Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: How Do You Keep Your Credit Card Secure?

Posted by EditorDavid on from the chip-vs-RFID dept.

It's easy to pontificate about the best security practices -- but the real test is what we do with our own money. Long-time Slashdot reader Keybounce writes: So, like most of you, I recently got a new credit card with a chip in it. I was not worried about that -- I know the chips are harder to copy and counterfeit. But I recently discovered that the card is also a radio card -- swiping it near the screen caused an message to show up on the reader. In this case, it told me to use the chip reader instead, but this means it has an active radio signal, and could be "hacked" -- stolen by someone with the right device.

How can I prevent this? Is there anything I can do that will disable the radio signal and still leave the chip functioning?
At least 200 million RFID credit cards were in circulation by 2012, even though their signals could be easily intercepted, prompting the introduction of RFID-blocking wallets and sleeves. But what's the alternative? A recent article in Quartz argued that America's transition to chip cards has been an utter disaster (since the banks dispensed with PIN numbers altogether and now validate with only an electronic signature). Is the answer to just use a mobile wallet like Apple Pay or Android Pay -- or to always pay with cash?

So leave your own answer in the the comments. How are you keeping your own credit card secure?

50 of 385 comments (clear)

  1. Shielding, jamming by stevel · · Score: 4, Interesting

    Currently I use an envelope that claims to be RFID shielding. No idea if it works or not.

    I have backed on Kickstarter an interesting "jamming" solution, Vaultcard, which looks promising.

    The current RFID cards - Visa PayWave is one brand - provide the "Track 2" data plus an authentication code from the EMV chip. Quite usable for fraud.

    1. Re:Shielding, jamming by ls671 · · Score: 4, Funny

      I am already using Vaultcard but since I carry the cards close to my genitals, I decided to add a layer of protective gearing constituted of a lead casing. It ended up requiring an additional belt that I wear under my clothes so it is not apparent. It is a little heavy and uncomfortable but in the end I feel safe in all regards and proud to be using the latest technologies.

      --
      Everything I write is lies, read between the lines.
    2. Re:Shielding, jamming by swd99999999 · · Score: 2

      I got a similar style Aplpine-Swiss about a year ago. It's a good wallet but takes several months for the smell to go away. I bought it for RFID shielding but none of my new chip cards have RFID as far as I can tell. I think RFID cards are a stupid idea and should be eliminated. You might want to check your cards first before investing in RFID protection.

    3. Re:Shielding, jamming by ArmoredDragon · · Score: 5, Insightful

      I wouldn't even fret over it at all, and indeed those little sleeves are a total waste of money.

      Current credit card laws limit your liability for fraudulent transactions to $50. But that's not all: Every bank that isn't shitty takes that a step further by making you liable for nothing at all. Really, I haven't even seen a credit card offer that has a non-zero liability clause. I'm sure they exist, but you'd have to have downright awful credit to have one of them as your only option.

      That said, a much bigger risk (indeed by far the biggest risk) of getting your credit card information stolen is when you use it to buy something on the internet and the merchant's PCI database is compromised. This has happened numerous times to me, by the way, and you know what it has cost me in my entire lifetime? Not a single red cent.

      Typically it goes like this: My bank calls me and notifies me that somebody all the way on the other side of the country in a state that I've never been to tried to buy something expensive on my card within minutes of me buying chips from a vending machine. Obviously something wrong there, so they call me and list the most recent 5 or so transactions and ask me if I made any of them. If the answer is yes, then there's no problem. If the answer is no, they deactivate my card and send me a new one, and have me fill out a form telling them which transactions showed up on my bill that are ones I didn't make. I just tell them which ones aren't mine, and they simply remove them from my statement.

      That's it, no problems. The only inconvenience is that I'm out of a credit card for a few days, but that's ok because in addition to my mastercard that I use practically everywhere, I also have an Amex card that I occasionally use for its occasional incentives, and I can continue using it until my new mastercard arrives in the mail.

      No need to waste money on a sleeve, and no need to have to pull it in and out of the sleeve when I need to use it.

    4. Re:Shielding, jamming by AmiMoJo · · Score: 3, Interesting

      Do you really think that the banks would have added a feature that makes fraud as easy as pointing an antenna at people walking past? Where are the crime waves of people draining accounts with concealed card readers? How come it's been in use for over a decade in some parts of the world and they haven't noticed this massive flaw in their security?

      Unless US banks are uniquely incompetent with their card design I think this is just paranoia, whipped up by click-bait articles.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    5. Re:Shielding, jamming by coofercat · · Score: 3, Informative

      Indeed - all that fraud just gets passed on to the vendor/retailer. Unfortunately, those retailers have absolutely no way to measure the 'fraudiness' of a card transaction, so can't decide to decline something on their own - they have to ask the Bank to make that choice for them. When the bank makes the wrong choice, the retailer pays.

      In the UK we have some (relatively new) financial industry rules that include 'treating the customer fairly'. I wonder how long it will be before some credit card banks get held to account on that basis, but until then, banks control everything and pay for nothing.

    6. Re:Shielding, jamming by stevel · · Score: 3, Insightful

      Do you really think that the banks would have added a feature that makes fraud as easy as pointing an antenna at people walking past? Where are the crime waves of people draining accounts with concealed card readers?

      Why yes, I do. It has been demonstrated numerous times, and is easy to reproduce on your own with inexpensive equipment. The specs are public (have you read them? I have.) Even EMV chips send your card information in plaintext - any encryption needs to be added by the terminal. You may not have read much about it as RFID cards are still uncommon in the US, but that is changing. The specs for this and EMV are more than a decade old and were designed for the banks' convenience, not your protection.

      US banks have shown a singular unwillingness to invest in technology that helps their customers. In the US they fall back on "zero liability" terms that mostly shield customers from direct financial losses but then pass on the cost of billions of dollars of fraud to all consumers and merchants.

    7. Re:Shielding, jamming by stevel · · Score: 4, Interesting

      But consider what happened to me last year on the first day of a two-week international vacation. I got a notice from my primary card bank (Chase) that my card had been compromised and that they would cancel it and send a new one. The problem was that I was depending on this card (which has no foreign transaction fees) and I would be moving around every two days meaning that it would be difficult to get a new card to me quickly. They did offer a compromise - disable any card-not-present transactions and had me list which countries I would be in, until I could return home. I had several online purchases outstanding so I had to scramble to fix those, and even then I missed one of the countries I would be in and had my card declined twice before I figured out the problem.

      I am sure this case was a leak from a merchant that stored card data insecurely, or maybe a skimmer somewhere. That card did not have RFID. We really do need to move quicker to a tokenized system. Even so, it was more than a minor annoyance to me.

    8. Re:Shielding, jamming by jafiwam · · Score: 2

      Disable "card not present" should be available to end user as a check box in their online account settings.

      That, and single use numbers for online transactions.

      Of course, the banks don't give a shit about security so don't offer that stuff (for the most part.)

      I fail to see why _I_ should care if some retailer gets fucked. Maybe the retailer should be pressuring the banks to fix it.

    9. Re:Shielding, jamming by AmiMoJo · · Score: 2

      So in the US you have vast amounts of walk-by contactless card fraud? How come it doesn't get reported?

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  2. Tinfoil by dimethylxanthine · · Score: 3, Informative

    Tinfoil around the inside of the wallet. And don't forget the hat!

  3. Turn it off by Mikkeles · · Score: 3, Interesting

    We just asked our bank to have it deactivated and they did.

    --
    Great minds think alike; fools seldom differ.
    1. Re:Turn it off by stevel · · Score: 3, Informative

      That does very little good. The info that can be obtained with a reader is still usable for making charges to your account.

    2. Re:Turn it off by Wrath0fb0b · · Score: 4, Informative

      Not even remotely true. The information that can be obtained with a reader does not contain the actual keys (!) that would be used to sign a transaction.

      You could actually read about EMV, the specification is public. It's fairly clear you haven't.

    3. Re:Turn it off by mjwx · · Score: 3, Interesting

      Not even remotely true. The information that can be obtained with a reader does not contain the actual keys (!) that would be used to sign a transaction.

      You could actually read about EMV, the specification is public. It's fairly clear you haven't.

      Actually, it contains your card number, name and expiry date.

      Everything you need to start making transactions online.

      I have to wonder why people still think that card cloning is a credible threat these days... Card fraud moved online years ago, far better return on effort.

      --
      Calling someone a "hater" only means you can not rationally rebut their argument.
    4. Re:Turn it off by Anonymous Coward · · Score: 5, Informative

      It doesn't include the CVV2 that will be requested even by very low risk online retailers. You might be thinking, "But this field right here is labelled CVV" and it is, but there are like four CVVs for a modern card, and that's the wrong one. The one you need online is CVV2, which is the one written on the back of the card but not stored on the card itself.

      This happened because cards _used_ to have just one CVV, baked into the magstripe, so you could tell you had a "real" magstripe read, not one based on just reading the digits off the card, but if people got the CVV elsewhere they'd fake that out. So the "fix" was to have a different value for CVV in each place, and check you got the right one. So there's a CVV for EMV chip transactions, a CVV for the magstripe and one written on the card for online.

    5. Re:Turn it off by Anonymous Coward · · Score: 2, Insightful

      You MUST read your statements because any VISA retailer, anywhere in the world, can tell VISA "Oh, this 16 digit card was used in my store, and I want $100" and they will just add that to your statement and bill you unless you protest. VISA does not give a shit whether there is even the slightest evidence the charge is legitimate _unless_ you say you didn't do it.

      Credit Cards have two separate processes. Authorization is the first, it's the one with chips and PINs, and CVVs and checking your address matches, and a typical retailer wants nothing to do with you unless they can successfully complete Authorization. This step exists _purely_ for the retailer to obtain proof you authorized the transaction, the VISA network doesn't need it, doesn't care about it, unless you dispute.

      Settlement is the second step, it has no security whatsoever, it's purely on the word of the acquirer and it's the step where your money is taken. All they need to provide are the card numbers and the amounts they want to get paid. If there's Authorization but no Settlement, you don't pay a penny in the end. But if there's Settlement but no Authorization, your money is GONE unless you say "Hey! I never agreed to pay that".

      For a huge fraction of transactions nobody has any actual proof. Even if it's a legit transaction where you presented your card, often they screwed up and threw away the proof, or they typed in the wrong amount and then later "fixed" it and billed you a different amount. And because Settlement has no security, they get their money anyway. UNLESS you say you didn't agree to pay, and then VISA sighs and says "Hey, where's the proof?" and the retailer says "Oh, whoops, we don't have it" and you pay NOTHING.

      So, that's the only thing you need to know about Credit Cards, READ every statement, DISPUTE anything you're concerned about.

    6. Re:Turn it off by stevel · · Score: 2, Interesting

      Pretty much every week I place online orders with merchants that don't ask for CVV2. While it is true that the RFID data doesn't include CVV2 (it has a digital signature code created by the EMV chip), what is sent is MORE than enough to commit wide-scale fraud.

  4. Don't care, not my card, card issuer's problems. by Anonymous Coward · · Score: 5, Insightful

    I could care less. If I see fraudulent transactions I call AmEx and I get a replacement card next morning. No need for me to go out of my way to keep a card that provides access to someone else's money secure.

  5. I don't by Pulzar · · Score: 4, Informative

    It's really not my job to go the extra distance to improve their security. The card is the way it is, and if it's good enough for the banks, it's good enough for me.

    I've had the card cloned a couple of time in the last five years, and it was never more than a minor inconvenience. Call the number in the back, tell them that I didn't spend $2000 on a strip club in Mexico, and they send me a new one.

    --
    Never underestimate the bandwidth of a 747 filled with CD-ROMs.
    1. Re:I don't by JoeMerchant · · Score: 3, Informative

      Same here, I secure my card by handing it to waiters in restaurants who disappear with it, using it in retail stores where employee turnover is atrocious, and shopping on the internet. About once every 4 years (on average) we get a charge we didn't make on the bill, we tell the company ASAP and it gets reversed and we get a new card number.

      We were included in the recent Target and Home Depot attacks, nothing happened until about a month ago, then we got a $900 charge from COSTCO - impressive since we don't have a membership.

    2. Re:I don't by ShanghaiBill · · Score: 5, Funny

      Don't they kick you out when the transaction is denied?

      If you are paying $2000 in Mexico, you are going to the wrong strip clubs. Try walking more than 1 block from the border.

    3. Re:I don't by uncqual · · Score: 3, Funny

      Just make sure to remember to put your plane ticket to Mexico on another card!

      --
      Why is there an "insightful" mod and why isn't it "-1"? If I wanted insight, I wouldn't be reading /.
  6. Re:Easy by Lord+Crc · · Score: 5, Interesting

    If you cannot afford to buy something with cash, then you can do without it.

    There have been serious suggestions here in Norway to forbid cash payments for various things. This includes buying tickets from bus drivers, paying at restaurants and for purchases above some threshold (think 2000 USD and such).

    The bus drivers don't want to have cash because of robberies, the tax administration wants to make it harder for restaurant owners to cheat, and the police wants to make it harder to launder money.

    We're not there yet, but I'd say it's coming soon.

  7. Hole punch by NiteMair · · Score: 3, Interesting

    When I last had a card like this, I just took a hole punch and punched out the RFID chip. they're pretty easy to locate (small square divot, usually right near the RFID symbol printed on the back of the card). You can also pry them out easily with a razor blade if you don't want a hole all the way through the card.

    Snipping out the RFID chip shouldn't affect the smart card chip in any way, since they should be totally unrelated mechanisms. I could be wrong though - I haven't seen an RFID included in a modern chip card yet.

    1. Re:Hole punch by stevel · · Score: 4, Interesting

      Snipping out the RFID chip shouldn't affect the smart card chip in any way, since they should be totally unrelated mechanisms. I could be wrong though - I haven't seen an RFID included in a modern chip card yet.

      You are mistaken - the RFID chip is connected to the EMV chip - may even be the same chip nowadays. This wasn't always the case, but is now. The RFID data includes an EMV-derived authentication code like the CVV.

      This had all been theoretical for me until Costco replaced my Amex card with a Visa that had PayWave (RFID). I did a LOT of reading then!

    2. Re:Hole punch by lucm · · Score: 4, Interesting

      PayWave is awesome. You just tap the card on the terminal (or near it) to pay, no pin, no signature.

      Of course some people will freak out, just like they freaked out when chips came out ("what the devilry is this!"), but it's hugely convenient. Credit cards companies already have very customer-friendly policies for fraud and scams, this is just making things even easier with no risk for the card holders.

      I've learned from past experience to have 3 credit cards: 2 in my wallet, 1 at home, that way if one gets compromised I have options until I get a new card. That's a minor price to pay for the convenience.

      --
      lucm, indeed.
  8. Re:Don't care, not my card, card issuer's problems by mattwarden · · Score: 4, Informative

    Exactly. Why is this my problem? I am not liable for fraudulent charges.

  9. Why? by AK+Marc · · Score: 4, Insightful

    I don't bother. The number of attacks in the wild is still essentially zero, and I'm indemnified against all loss. It might be inconvenient, but it's not a loss. So it's not worth my time and trouble guarding against.

    I might worry about it if I were to go to the Olympics or something else with lots of international tourists, the best ones to skim, but for regular everyday use, the chance of you being skimmed rounds to zero, and if it does happen, you are blameless.

    --
    Learn to love Alaska
  10. but this means ... or does it? by frovingslosh · · Score: 4, Interesting

    ...swiping it near the screen caused an message to show up on the reader. .... but this means it has an active radio signal

    Maybe you are not presenting your experience with proper English, but if you swiped the card and were then told to use the chip reader, that does not imply that the card has any RFID capability. It simply means that the swipe passed along enough information that the reader learned that there was also a chip. I've seen this on multiple credit cards and have confirmed that the card has no RFID. Maybe you shouldn't have used the word swipe and only mean to say that you were told to use the chip when you got the card near the card reader, but if you actually swiped it then you know nothing about if RFID is present. It does not seem to be as common as many fear mongering commercials for cheap crappy wallets would have you believe.

    As to what to do if your card really does have RFID, I suggest doing the same thing that I do with my card without RFID, keep a close eye on your charges and alert the issuing bank if there are any discrepancies. Beyond that, don't worry. It is the problem of the idiots who put RFID chips in the cards if their cards get sniffed, and it is the problem of the issuing bank if they accept bogus charges on your card. Your only issue is to not be completely stupid and pay the credit card bill without checking it for accuracy (and there are certainly some people who do).

    --
    I'm an American. I love this country and the freedoms that we used to have.
  11. Get a credit card which notifies on each charge by glomph · · Score: 4, Insightful

    The 16-digit system is ridiculous. If you're going to use your card online, or in restaurants, etc. your card number is quasi-public.

    Two of my cards have an option which sends email and/or SMS and/or app-notifications upon every transaction, accepted or denied.

    I caught a bogus attempted charge last month - this saved a lot of exposure & aggravation. It also informed me last week when my personal activity caused my card to be suspended ( several international charges, different countries in the same hour). CapitalOne, Discover, & Chase offer this, and I assume some other competitors do so as well.

  12. Citibank does ok. by minstrelmike · · Score: 2

    I let Citibank manage it.
    It ain't perfect but they have about as much interest in it that I do, on a statistacial basis. In a very personal perspecitve, it may seem like they don't give a shit. But thinkg about it. It ain't worth spending 1% of your money to stop thieves from stealing 0.5% of your money, just like it ain't worth crawling under a car for a dime or quarter or dollar you dropped in the parking lot (depending on circumstances).

    Problem with perspective is that the folks stealing from citibank aren't stealing 0.5 % from each customer, which would be "allowed" or ignored at least, they are stealing everything (identity theft and all bank accounts) from 118 specific people--who are really pissed off for excellent reasons.

  13. Re:Don't care, not my card, card issuer's problems by ShanghaiBill · · Score: 5, Funny

    I am not liable for fraudulent charges.

    Sometimes you are. I was fraudulently charged $19/month for several months by Travelocity. I disputed the charges through Bank of America, and BOA told me that Travelocity was their "marketing partner" so the fraudulent transactions could not be reversed. I cancelled the credit card, closed all my BOA accounts, and switched to Wells Fargo (the only other bank within bicycle distance of my house). I also never again used Travelocity for anything. I periodically go into the local BOA branch and steal their ink pens.

  14. Identity Theft Victim Here with My Insight by Proudrooster · · Score: 4, Informative

    Here is how to stay out of trouble.

    1. DO NOT USE YOUR ATM CARD ANYWHERE, EXCEPT AT THE BANK THAT ISSUED IT IN THE LOBBY.
    2. Feel free to use your credit card anywhere, AS LONG AS YOU CHECK THE MONTHLY STATEMENT AND DISPUTE ANY CHARGES.
    3. Anywhere especially seedy, PAY CASH or use a Green Dot Card from Walmart money card loaded with the exact amount.
    4. Only use checks for re-occuring variable bills like phone, gas, electric so an error can no clean out your bank account. Some phone cable and phone companies occasionally have problems with sending customers erroneous $1000 monthly bills.
    5. Do not use online banking. Make sure you have it turned off.
    6. Make sure you have an ATM only card that can not be used as a debit card. This means it only works at ATM machines.
    7. Setup all fixed cost bills, mortgage, car, insurance, student loan for auto pay so you don't need to use online banking or write a check.
    8. Do not let money pile up in your PayPal account. Paypal is not a real financial institution and can play games with your money and you have very little protection.
    9. Bank with a real bank, an 800 lb. gorilla like Chase that has 24-hour fraud people.
    10. Keep a copy or scan of all documents/cards in your wallet. If you wallet gets stolen you can quickly cancel everything, instead of trying to figure out what was in your wallet.
    11. Pay your credit card off EVERY MONTH, no exceptions. 20% interest is for suckers. If you can't control yourself, set you limit for what you are able to pay. NEVER carry credit card debt. NEVER.

    The safest forms of payment are:
    1. CASH / Walmart Green Dot Money Card
    2. Credit Card
    3. Check
    4. ATM Card

    Why do I make these recommendations?

    1. Cash can't be hacked.
    2. VISA provides you with protections to dispute charges. That means if you get hit with a charge, you can dispute it and during the dispute period you aren't out any money, unlike bank fraud. If a vendor is getting a lot of chargebacks from VISA, they will figure out they have a hole in their system and fix it or go out of business.
    3. Your ATM card connects directly to real money. If you have Autopay setup and someone hacks your ATM/Debit card, you could be in a world of hurt because your account might get emptied out and there would not be any funds available to pay your bills. This is a bad, expensive situation.
    4. Your checks have a magnetic toner on the bottom with your bank routing number and bank account number. With these numbers, someone could possibly access your account. Only use checks for variable payments like phone, gas, electric.
    5. If you need to buy something that you don't want associated with you directly, get a Walmart Green Dot Card. This is great in case you are in need of a burner phone or other untraceable payment. By law you are supposed to register these cards but Green Dot will still allow you to use it but will deny you a personalized card. Many illegal/undocumented immigrants use these cards. These cards can be sketchy and prone to fraud, so buy it, load it, and spend it as soon as possible.

    If you have any questions, let me know and I will check this thread again. Be smart. Guard your privacy, credit score, and your hard earned money.

    1. Re:Identity Theft Victim Here with My Insight by Dan+East · · Score: 4, Insightful

      Sheesh. Apparently you omitted the part where you hire an armed security force and an assistant who carries your cash in a briefcase handcuffed to his wrist.

      No way I would live that way. Keep most of your money in an account separate from the one you pay stuff out of day to day. That should do it.

      --
      Better known as 318230.
    2. Re:Identity Theft Victim Here with My Insight by apoc.famine · · Score: 2, Insightful

      Yeah, you're a paranoid fuckwit. Bank with a non-abusive company and don't be a dumbass.
       
      If you're using a bank, you're using an institution that is probably trying to fuck you. Don't do that. Pick a local credit union instead. Better service, better rates, less ass-fucking. My wife and I both push a monthly amount to a joint account which is tied to our bills and debit cards. I noticed fraud on that account recently. Went to the credit union at lunch, told them that I didn't know what card it was on, they figured it out, (mine) put the money back, shredded the card, printed me a new one, and I walked out of there 15 minutes later.
       
      Their online banking is the shit. We do our banking through their portal most of the time. And that includes their free, scheduled, repeating if necessary bill payments where they format a check with your account number on it and mail it out. And do electronic transfers with some companies. "Only use checks" lol, how quaint. We have our payees set up in the web portal. Log in, click "Utilities", enter the amount, click send. Done. Check is in the mail the next morning. Same with mortgage, student loans, cell phone, etc.
       
      I used to use big banks, but they spammed me, fucked me, and generally treated me like shit. I moved to a local friendly place, and they treat me like a king. It's amazing that you recommend using fucking Walmart and pre-paid cards and cash. Those can be lost and stolen. And if they are, you're SOL. And pre-paid cards have overhead.

      If you have any questions, let me know

      If anyone does, it's going to be why you aren't taking your meds. The fuck is wrong with you? How did your world get so broken?

      --
      Velociraptor = Distiraptor / Timeraptor
  15. Re:The PNOs are clueless by ShanghaiBill · · Score: 3, Insightful

    Honestly, the best you can do is to use a system (like Apple Pay) that uses a device specific PAN for your transactions.

    Or you could use a PIN, with is how chip+pin was designed to be used, and how it is used in other countries that have far less CC fraud than America.

  16. Re:The PNOs are clueless by fustakrakich · · Score: 2

    CC fraud in the US is more likely an inside job. We should be very suspicious of all these stories about hacks and breaches into their systems and so-called "stolen" money, such things make very effective electronic "drop points". They leave the door open and tell the cops someone came and stole all your shit. Every little glitch, "Oops, so sorry, your balance has been corrected. By the way, we are raising our fees a bit to cover our new 'anti-fraud' features." We know the nature of their business.

    It's time for the Post Office to get back into it..

    --
    “He’s not deformed, he’s just drunk!”
  17. Re:Easy by ls671 · · Score: 2

    Not going to work in all cases. Some people would revert back to things like gold or some digital currency for trading. As long as you can bribe people to launder the profits for you, it keeps on going. A better approach could be to fix the system and the people keeping it in its current version.

    --
    Everything I write is lies, read between the lines.
  18. Re:Don't care, not my card, card issuer's problems by Dahamma · · Score: 3, Insightful

    Then why are you trying to explain how they work?

    A responsible credit card user pays their bills at the end of the month and doesn't rack up interest of fees. And, no, they do not raise the fees to the vendor, in fact they have recently lowered them since they have had their ass reamed in lawsuits for overcharging.

    Yes, VISA, etc charges a small fee for transactions, they make a (sometimes too healthy) profit, but fraud protection is one of the major FEATURES of using a credit card. Go pay cash to a shady person for something and then try to get your money back later when you got screwed. Use a credit card? If it was the vendor's fault you will get your money back.

  19. Re:Easy by godel_56 · · Score: 4, Insightful

    If you cannot afford to buy something with cash, then you can do without it.

    There have been serious suggestions here in Norway to forbid cash payments for various things. This includes buying tickets from bus drivers, paying at restaurants and for purchases above some threshold (think 2000 USD and such).

    The bus drivers don't want to have cash because of robberies, the tax administration wants to make it harder for restaurant owners to cheat, and the police wants to make it harder to launder money.

    We're not there yet, but I'd say it's coming soon.

    A card-only system is the perfect surveillance solution. Not only does it reveal everything that you've purchased and from whom, but the time and location as well.

    Presidents Putin and Erdogan recommend them!

  20. Re: Easy by slashrio · · Score: 5, Insightful

    The moment the cashless society is a fact you will regret that you didn't fight it.

    --
    "Trump!!", the new Godwin.
  21. My card leaks visible spectrum radio signal also! by vortex2.71 · · Score: 5, Funny

    I recently found out that my card was leaking radio waves in the visible spectrum! This is really nefarious because the radio waves do not actually originate from the card itself. When a store, hacker, or other third party sends radio waves in the visible spectrum towards my credit card, the card returns the signal back to a wide range of locations with the user's name, the credit card number, and even the cvv code on the back!

    The worst part is that there are even visible spectrum enhancers on the market, which turn the radio signal, which is usually only decipherable at 2-3 ft, into a signal that can be deciphered from 30-100 ft. I can't even believe that these things are legal, or that the card returns these radio waves in the visible spectrum!

    The world is going to hell in a handbag!

  22. Shielding, jamming... Nope, try disabling. by mjwx · · Score: 4, Interesting

    The current RFID cards - Visa PayWave is one brand - provide the "Track 2" data plus an authentication code from the EMV chip. Quite usable for fraud.

    Forget track 2 data, the card gives out your name, card number and expiry date wirelessly to anything that asks. That's enough for anyone to start making transactions.

    The first thing I do when I get an NFC enabled card is disable the wireless. I do this using a Stanley knife. If you look at your card over a bright light, you can see the induction loop, It then becomes a simple matter of making a small incision into the card to sever the induction loop. No loop, no wireless, card still behaves nicely with Chip and Pin terminals.

    I've tested this with an app on my Android phone (here but it hasn't been updated in a while and doesn't work with my Nexus 5x). Its also been tested many times by vendors who don't seem to get that yes, it's disabled now stick it in the machine so I can press savings.

    Personally I wouldn't bother with trying to shield or jam it as malicious devices are most likely to be placed on terminals, ATM's and other places where you'll have your card unshielded. If you don't want your card to be exposed, disable it completely.

    --
    Calling someone a "hater" only means you can not rationally rebut their argument.
  23. Re:Easy by Anonymous Coward · · Score: 2, Informative

    It is already like that in Sweden. Many forms of transportation only allows card payment or you have to pre-pay with cash at some other place (like a 7-eleven etc.). Some restaurants are also cash-free (accepting payment through credit/debit card or by phone. Direct transfer of funds for via phone number is easy to set up in Sweden and free for private users, it's kinda like paypal but with your phone number instead of email address)

  24. Re:My card leaks visible spectrum radio signal als by smallfries · · Score: 3, Funny

    You're overreacting. The technology to block that portion of the spectrum has been integrated into wallets for centuries. It's quite neat tech - google for leather.

    --
    Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
  25. Re:Easy by TheRaven64 · · Score: 2

    What has being able to afford it got to do with anything? I buy pretty much everything with a credit card that's paid off automatically by direct debit. I get 1% of everything I spend directly as cashback, I get 15-45 days of interest-free loan so that the money that I've earned can be sitting in an interest-earning account for longer, and I get various forms of consumer protection (the card company will reverse transactions if the seller doesn't comply with various regulations regarding after-sale support, for example). I can afford to buy everything that I buy with my card in cash, but I'd end up with less money if I did.

    Oh, and the way the banking system is set up, having a credit card and paying it off every month helps build credit rating. When we applied for a mortgage recently on a new house the bank was willing to lend us about double what we wanted to borrow.

    --
    I am TheRaven on Soylent News
  26. Re: Don't care, not my card, card issuer's problem by grqb · · Score: 2

    Exactly! I see all of these concerns about credit cards. WHO CARES! You'll never be responsible for paying a fraudulent charge. The hardest thing you have to do is read over your bill at the end of the month and most times your card company will notify you of sketchy activity.

    IMHO credit cards are more secure than cash. It's easier to keep track of spending, if you lose your card you get a new one, if somebody steals it you get a new one. Same is not true for cash.

  27. Re: Don't care, not my card, card issuer's proble by grqb · · Score: 2

    It's not even necessary to have a bank account with the same company that you have a credit card with. So your bank account is not linked to your credit card. You still need a convenient way to pay off your credit card, like electronic payments from your account to your credit card or whatever works for you.

    * at least this is how it works in Canada, but for whatever reason we seem to be ahead of the US in terms of credit card technology based on what I've been reading (no pin? no tap payments? You still need signatures? Wtf?)

  28. CVV2 by Khashishi · · Score: 2

    CCV2. Isn't that the number you give to EVERY MERCHANT you buy from, along with number, name, and expiration date? How in the world are thieves ever going to get a hold of that VERY SECRET number?