User Controls

Chip And Pin Bypassed

  1. #1
    SBTlauien African Astronaut
    So as you all know, I have this retail gig that I've been at for about six months now. This allows me to look at people's driver's licenses, checks, credit cards, even hear customer's SSN occasionally.

    A few months back the store changed out all of the card readers so that they can read the new chip cards. Basically, if someone tries to swipe a card, it may ask for them to insert their card so the chip can be read. Apparently, this seems to be based on the issuer, and according to customers, is random(but they could be full of shit).

    I had a customer attempt to pay for about $15 worth of items using his chip card. The register read "CARD ERROR". So the customer said, "I'll try to swipe it instead." After swiping it, it said "PLEASE INSERT CARD". I asked a manager what I should do, and he said to just type in the card info. So I went through the process, which had me type in the card number, expiration date, and the 3 digit security code on the back of the card, and it went through.

    So basically, if you have the card's number, expiration date, and three digit security code, you could just print out a card with a damaged chip, and spend away.
    The following users say it would be alright if the author of this post didn't die in a fire!
  2. #2
    Sophie Pedophile Tech Support
    Noice, very noice.
  3. #3
    I have thought about it here in the UK too, the cards rip quite easily where the chip is and sometimes don't slide in ok, but I have never paid for something swiping like ever, so I don't want to try it and fuck it up and look a right cunt.

    But OP some places won't allow that, I have seen in some shops the chip was dirty and they refused purchase ('go to the bank, get cash and come back')
  4. #4
    I
  5. #5
    I wanna get some track data and give it a go
  6. #6
    SBTlauien African Astronaut
    But OP some places won't allow that, I have seen in some shops the chip was dirty and they refused purchase ('go to the bank, get cash and come back')

    Maybe that's how it'll end up here...

    Another thing, is that the purchase was small. So maybe a large purchase would have been rejected. Most of the reactions the machines have to cards regard the issuer and their standard of procedures. The store/company doesn't actually have much do do with it.
  7. #7
    Over here sometimes the full amount is not taken until a later day.

    Example Petrol/gas stations - you put in your card type in the pin and top up.

    When you check your online bank it says only £1 pending the full amount gets taken a few days later even if you have no cash in the account
  8. #8
    Merlin Houston
    A few months back the store changed out all of the card readers so that they can read the new chip cards. Basically, if someone tries to swipe a card, it may ask for them to insert their card so the chip can be read. Apparently, this seems to be based on the issuer, and according to customers, is random(but they could be full of shit).
    I just got one and it made it seem like if there was a chip reader I would have to swipe it AND put it into the reader. I fail to see how this will really help anything. Doesn't most fraud involve buying things on the internet? (inb4 every computer comes with a closed source chip reader required to make any purchases).
  9. #9
    SBTlauien African Astronaut
    From what I've read, it that each time you use the chip, a number is generated based on an algorithm that the banks hold, and this number is held for the next transaction. So if someone skims your card data when you use the card and then later sells it, if you used your card since it was skimmed, that number will have changed and the buyer of the data won't be able to successfully purchase goods.

    I'm not 100% clear on how it all works though. Is this number put back onto the card itself each time a transaction is made?
  10. #10
    SBTlauien African Astronaut
    Doesn't most fraud involve buying things on the internet? (inb4 every computer comes with a closed source chip reader required to make any purchases).


    No, the chip is to stop people from actually using cards in stores. I read that they expect online card fraud and bank fraud to rise due to the chip.
  11. #11
    I just got one and it made it seem like if there was a chip reader I would have to swipe it AND put it into the reader. I fail to see how this will really help anything. Doesn't most fraud involve buying things on the internet? (inb4 every computer comes with a closed source chip reader required to make any purchases).

    3D Secure for online is like the chip and pin in real time
  12. #12
    Bradley victim of incest
    is sbtlaurient still around?

    i would like to have this thread revisited.
  13. #13
    aldra JIDF Controlled Opposition
    I think he's misterigh or whatever now

    this is from when paypass/paywave etc first rolled out and stores had confusing processes to accommodate
  14. #14
    RIPtotse victim of incest [my adversative decurved garbo]
    Quality thread
  15. #15
    Limit is $100 on no-PIN transactions.
    The following users say it would be alright if the author of this post didn't die in a fire!
  16. #16
    Speedy Parker Black Hole [my absentmindedly lachrymatory gazania]
    The real SBTlauien is much smarter than OP
  17. #17
    Also, I believe that after so many consecutive no-PIN transactions within a certain time frame, the PIN is then required to continue, until the time frame renews.
  18. #18
    SBTlauien African Astronaut
    So I made this thread back in the day. Now that I work at a bank, I know that banks will authorize smaller amounts via mag but will eventually block it. The transaction also has to be in the cardholders state.

    Right now it's Instant Credit with new apps that I see as an issue. You can use a digital wallet and use a certain percentage of your credit line before receiving the card. There are some requirements but a phishing campaign would likely net a worthwhile yield.
    The following users say it would be alright if the author of this post didn't die in a fire!
  19. #19
    SBTlauien African Astronaut
    In addition, if you can set up a digital wallet on an existing cardholders account, when a fraud claim is filed and the card is closed out, most customers answer yes when you ask them if they have possession of their device, which usually transfers the new card to the digital wallet, thus allowing more fraud on the new card.
  20. #20
    Speedy Parker Black Hole [my absentmindedly lachrymatory gazania]
    The real SBTlauien was much smarter
Jump to Top