dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1459
share rss forum feed


I_H8_Spam

join:2004-03-10
St Catharines, ON

[Serious] Chip Cards: Credit/Debit

Just received one of my credit card statements today and included was a note about important changes, included was a new card holder agreement.

Under the new agreement, if your PIN was used the transaction is consider authorized and cannot be disputed as unauthorized, you are bound to pay the charge.

So no longer is TD zero liability, if your skimmed and pin stolen; you are on the hook
--
AFK: Attack, fight, kill!! The healer is telling you to go pull mobs.
WTF: Way to fight! The healer is applauding your tactical genius

LondonOntGuy

join:2004-05-12
London, ON
Is that what that meant? I got the same thing. I love how it arrived only last week, but it said that if I have any outstanding balance after July 1, 2012 that I agree to the terms laid out in the pamphlet. - It was June 30 that I paid my Teksavvy bill via credit card. So according to TD, I agree with these terms, even though it sounds like a load of shit.

Perhaps it's time to look for another bank and credit card provider.

Robrr

join:2008-04-19
Guelph, ON
reply to I_H8_Spam
said by I_H8_Spam:

Just received one of my credit card statements today and included was a note about important changes, included was a new card holder agreement.

Under the new agreement, if your PIN was used the transaction is consider authorized and cannot be disputed as unauthorized, you are bound to pay the charge.

So no longer is TD zero liability, if your skimmed and pin stolen; you are on the hook

And now you know the real reason behind CHIP cards

Oh! By the way, they figured out in 2007 how to compromise Chip and Pin machines.

HoboJ

join:2008-03-27
Cornwall, ON
kudos:1
reply to I_H8_Spam
I'm so glad I've still got the old style. No chip n' pin for me for some time yet...


Mashiki
Balking The Enemy's Plans

join:2002-02-04
Woodstock, ON
kudos:1
reply to I_H8_Spam
Yeah pretty sure that's not gonna fly under the CPA.


rogerssmoger

@start.ca
reply to HoboJ
said by HoboJ:

I'm so glad I've still got the old style. No chip n' pin for me for some time yet...

You will have one by 2013 I believe that is the deadline.


rogerssmoger

@start.ca
reply to I_H8_Spam
I see no issue with this.

And whoever posted you can skim a chip card by all means post proof.


thebaron
Premium
join:2003-12-09
Stittsville, ON
said by rogerssmoger :

I see no issue with this.

And whoever posted you can skim a chip card by all means post proof.

»www.h-online.com/security/news/i···382.html

Need more? all it takes is a quick Google search and there are a ton of examples.


thebaron
Premium
join:2003-12-09
Stittsville, ON
reply to I_H8_Spam
I had my MasterCard compromised the weekend of July 20th.

Someone spent $111 using the PIN on the 21st.

My 2 biggest issues:
1. MasterCard never contacted me to tell me they cancelled my card. I tried using the card on the 23rd and it was declined, making me look like a deadbeat that doesn't pay his bills. They should call you as soon as they cancel your card.

2. MasterCard wouldn't tell me where the card had been compromised, I wanted to know, not so I could go confront them, but so that I could simply avoid going there in the future.


urbanriot
Premium
join:2004-10-18
Canada
kudos:3
Reviews:
·Cogeco Cable
reply to rogerssmoger
said by rogerssmoger :

I see no issue with this.

And whoever posted you can skim a chip card by all means post proof.

LOL I don't blame you for posting anonymously, you may have missed that this is happening locally, in Toronto.

Since some people worship the ground Schneier walks on - »www.schneier.com/blog/archives/2···t_1.html

quote:
Note that this attack works despite any customer-focused security, like chip-and-pin systems.


Stewy
Premium
join:2007-12-12
Kitchener, ON
reply to thebaron
said by thebaron:

I had my MasterCard compromised the weekend of July 20th.

Someone spent $111 using the PIN on the 21st.

Using your card perhaps, using your card and secure code maybe, using you card with your PIN I highly doubt that.


Black Box

join:2002-12-21
reply to thebaron
Some nice video here too.
--
Keep It Safe, Stupid!
Yes, I CanChat. Can You?


thebaron
Premium
join:2003-12-09
Stittsville, ON
reply to Stewy
said by Stewy:

said by thebaron:

I had my MasterCard compromised the weekend of July 20th.

Someone spent $111 using the PIN on the 21st.

Using your card perhaps, using your card and secure code maybe, using you card with your PIN I highly doubt that.

Well, when I called MasterCard on the 23rd to ask why my card was being declined, he told me it was compromised and then started listing the most recent transactions.

He mentioned the one on the 21st, and I told him I never used my card on that day, he said "well, sir, it was authorized by PIN".

Also note: The transaction was done on a weekend, possibly because they don't show up on the online statement until the next business day, giving them more time.


I_H8_Spam

join:2004-03-10
St Catharines, ON
reply to Robrr
said by Robrr:

And now you know the real reason behind CHIP cards

Oh! By the way, they figured out in 2007 how to compromise Chip and Pin machines.

Been expecting it, back in the 2009 thread I posted about the shift of liability, Europe's been that way since 06. In the EU system your liable unless you can prove without doubt it wasn't you, and you didn't release your pin purposefully. Good luck with that.

said by rogerssmoger :

I see no issue with this.

And whoever posted you can skim a chip card by all means post proof.

While not definative proof, pretty interesting read on the subject from 2011.

»dev.inversepath.com/download/emv···2011.pdf

No matter the encryption they employ, with 99999 or 9999 possibilities obtaining the key is not a challenge.
--
AFK: Attack, fight, kill!! The healer is telling you to go pull mobs.
WTF: Way to fight! The healer is applauding your tactical genius

MaynardKrebs
Heave Steve, for the good of the country
Premium
join:2009-06-17
kudos:4

1 recommendation

reply to I_H8_Spam

The Great Canadian Liability Transfer

Read my comments (several to read) at this link
»Re: RFID chip in credit cards -anything changed?

and these articles
»www.moneyville.ca/article/1010962
»www.theglobeandmail.com/globe-in···e583383/
I don't know the disposition of this case, but if it was settled outside court you can bet that the person in question is under a gag agreement to not disclose anything to anyone.

»www2.macleans.ca/2011/07/07/cred···-tricks/

The banks are 'selling' a known defective system and shoving ALL the liability of its use down your throat through their coercive power. Your only recourse to not be exposed to this defective system is to not use their cards.

It's just like a mobster selling you glass breakage 'insurance' -- "Nice plate glass window you have at the front of your store. Shame if something was to happen to it."

There IS a workaround for several Canadian bank C&P cards that let you enter a bogus PIN and the transaction will still be accepted.


urbanriot
Premium
join:2004-10-18
Canada
kudos:3
Reviews:
·Cogeco Cable
Yea, it's like everyone forgot that security people brought it to our attention that this system can be less secure than our previous system...

Signature? Driver's license? Forget it... just punch in a 4 digit code into our little device right here...


loosedobbs

join:2006-06-13
Toronto
reply to Robrr

Re: [Serious] Chip Cards: Credit/Debit

said by Robrr:

said by I_H8_Spam:

Just received one of my credit card statements today and included was a note about important changes, included was a new card holder agreement.

Under the new agreement, if your PIN was used the transaction is consider authorized and cannot be disputed as unauthorized, you are bound to pay the charge.

So no longer is TD zero liability, if your skimmed and pin stolen; you are on the hook

And now you know the real reason behind CHIP cards

Oh! By the way, they figured out in 2007 how to compromise Chip and Pin machines.

I don't like what TD is doing. Look like they are putting burden or liability on customers and not banks in case of the fraud.

So I see two issues. One is security and other TD (or any other bank) washing their hands. I don't like 4 digits PIN for CC.
But we have been using TD bank cards with same PIN for years. So how this is different than CC implementing the security measures?

I would take Misha Glenny's words over any of the users in Forums.
And I am not saying against you Robrr particularly. I just using your comment about security.

This is the link for TVO discussion. Part 1
Forward to time 25:35. Or watch from at 23:00 till end.
"US and Canadian banks are slow to implement chip technology as they see THIS FRAUD as manageable expenses. Banks exactly know the total amount in such frauds."

Roofer

join:2010-11-24
reply to I_H8_Spam
The shift of liability for PIN transactions was the reason why I asked my MBNA Mastercard limit to be lowered from $25,000 to $5,000. My PCF Mastercard has a chip, but they haven't yet implemented PINs, so I kept my limit on that one.

balur

join:2010-04-28
kudos:1
reply to urbanriot

Re: The Great Canadian Liability Transfer

said by urbanriot:

Signature? Driver's license? Forget it... just punch in a 4 digit code into our little device right here...

And how often have cashiers actually checked signatures or ID? I don't think it ever happened to me, maybe once or twice at maximum. I'll stick with a passcode. 4 digits though that just silly.


milnoc

join:2001-03-05
H3B
kudos:2
reply to I_H8_Spam

Re: [Serious] Chip Cards: Credit/Debit

Getting someone's PIN is easy. Just use a dummy card terminal that emulates the user interface, but records the card number along with the PIN. Or anchor a real terminal on the counter, and use a hidden camera to see the card number and the PIN.

These security measures are all smoke and mirrors. They're designed to allow credit card companies to waive all responsibility for their own blatant incompetence and sheer inability to adequately protect their own products.

Now I need to punch out the RFID chip inside my card. Talk about a major security hole! Those cards can be read from a few feet away with the right equipment!
--
Watch my future television channel's public test broadcast!
»thecanadianpublic.com/live

peterboro
Avatars are for posers
Premium
join:2006-11-03
Peterborough, ON

1 recommendation

reply to I_H8_Spam
Yet when I post in here over the years I only use cash unless travelling some of you get your little panties in a knot.

IamGimli

join:2004-02-28
Canada
kudos:2
reply to milnoc
said by milnoc:

Getting someone's PIN is easy. Just use a dummy card terminal that emulates the user interface, but records the card number along with the PIN. Or anchor a real terminal on the counter, and use a hidden camera to see the card number and the PIN.

A card number and a PIN are absolutely useless. You can't make a chip using only the card number and PIN. There's other information located on the chip that is required to reproduce it.


urbanriot
Premium
join:2004-10-18
Canada
kudos:3
Reviews:
·Cogeco Cable
reply to peterboro
said by balur:

said by urbanriot:

Signature? Driver's license? Forget it... just punch in a 4 digit code into our little device right here...

And how often have cashiers actually checked signatures or ID? I don't think it ever happened to me, maybe once or twice at maximum. I'll stick with a passcode. 4 digits though that just silly.

They didn't check enough and that was a problem... It's still a problem.

Decades ago I worked at a place where a respectable looking guy bought about $7,000 worth of product and the sales person didn't ask to see his ID. The guy used a stolen credit card and the company I worked for had to cover the costs since they didn't ID the guy.

said by peterboro:

Yet when I post in here over the years I only use cash unless travelling some of you get your little panties in a knot.

LOL I was thinking the same thing earlier in the thread.

peterboro
Avatars are for posers
Premium
join:2006-11-03
Peterborough, ON
said by urbanriot:

said by peterboro:

Yet when I post in here over the years I only use cash unless travelling some of you get your little panties in a knot.

LOL I was thinking the same thing earlier in the thread.

There are threads over in the Security forum all the time about people being F-ed over when using credit and debit cards.

That and the fact I constantly stand in line while they fumble around with the swipe machine. Hopefully the system crashes permanently and everyone has to use cash.


J E F F
Whatta Ya Think About Dat?
Premium
join:2004-04-01
Kitchener, ON
kudos:1
Reviews:
·Rogers Portable ..
reply to thebaron
said by thebaron:

I had my MasterCard compromised the weekend of July 20th.

Someone spent $111 using the PIN on the 21st.

According to the article you posted:

quote:
However, in order to use the harvested PIN, the skimmer must either steal the customer's card or read out the card's magnetic strip and clone the card. The latter solution will only work with cards that aren't protected via an "iCVV" code which will signal to the card issuer that the magnetic strip has been tampered with.
So while I don't doubt someone used your card, it's not possible to replicate your chip.
--
If you can't explain it simply, you don't understand it well enough. - Albert Einstein


thebaron
Premium
join:2003-12-09
Stittsville, ON
said by J E F F:

said by thebaron:

I had my MasterCard compromised the weekend of July 20th.

Someone spent $111 using the PIN on the 21st.

According to the article you posted:

quote:
However, in order to use the harvested PIN, the skimmer must either steal the customer's card or read out the card's magnetic strip and clone the card. The latter solution will only work with cards that aren't protected via an "iCVV" code which will signal to the card issuer that the magnetic strip has been tampered with.
So while I don't doubt someone used your card, it's not possible to replicate your chip.

Keep on reading

Not sure if that's what happened or not, to be honest I have no clue whatsoever what or how it happened. Just relaying what the nice gentleman in India told me.


J E F F
Whatta Ya Think About Dat?
Premium
join:2004-04-01
Kitchener, ON
kudos:1
Reviews:
·Rogers Portable ..
What am I looking for? They haven't been able to replicate the actual chip card, just magnetic strip, which is nothing new. Or did I miss something?

The reason why they are going to the chip card is because magnetic strips are too easy to replicate, and with hidden cameras, these mafia's can make millions in a matter of days.

I do, though, have issues with the banks saying they are not responsible for 'authorized' purchases. At least my credit card still has zero liability. (it's a chip card)
--
If you can't explain it simply, you don't understand it well enough. - Albert Einstein


Wolfie00
My dog is an elitist
Premium
join:2005-03-12
kudos:8
reply to peterboro
said by peterboro:

said by urbanriot:

said by peterboro:

Yet when I post in here over the years I only use cash unless travelling some of you get your little panties in a knot.

LOL I was thinking the same thing earlier in the thread.

There are threads over in the Security forum all the time about people being F-ed over when using credit and debit cards.

That and the fact I constantly stand in line while they fumble around with the swipe machine. Hopefully the system crashes permanently and everyone has to use cash.

Fortunately, no one ever gets stung by cash, such as by losing it, getting it stolen, or getting counterfeits. Which is why every store is just thrilled to accept $100 bills!

I'm going to assume that to go along with the fear of electronic payment systems you also have a bomb shelter in the basement stocked with canned food, water, guns'n'ammo, and a little bit of gold. Actually, the gold may come in handy -- when we inevitably phase out cash altogether, you can start using that! And there's never any worries about using gold as currency -- I understand you verify its authenticity just by biting into it!
--
"We must change our lives so that it will be possible to live by the assumption that what is good for the world will be good for us. And that requires that we make the effort to know the world and learn what is good for it."
Wendell Berry


urbanriot
Premium
join:2004-10-18
Canada
kudos:3
Reviews:
·Cogeco Cable
reply to peterboro
^ see what happens.

said by peterboro:

Yet when I post in here over the years I only use cash unless travelling some of you get your little panties in a knot.



corster
Premium
join:2002-02-23
Gatineau, QC
reply to rogerssmoger
said by rogerssmoger :

said by HoboJ:

I'm so glad I've still got the old style. No chip n' pin for me for some time yet...

You will have one by 2013 I believe that is the deadline.

I have one last non-chip card in my wallet with an expiry of 2015. From my cold dead hands!