Sign in to follow this  
Followers 0
cyb3r-dan

credit card cloning

10 posts in this topic

hi

recently someone i knows credit card has had lots of money taken from it, we were told that credit card chips cant be cloned, or theres no way of getting his pin, is this true?

thankyou daniel

0

Share this post


Link to post
Share on other sites
hi

recently someone i knows credit card has had lots of money taken from it, we were told that credit card chips cant be cloned, or theres no way of getting his pin, is this true?

thankyou daniel

from the card itself or the account?

0

Share this post


Link to post
Share on other sites

It is definitely possible to copy the magstrip on the card, and getting the pin is quite trivial in comparison. Once you have them, you would need a cash point that won't check the chip on the card. Copying the chip would be more problematic. As I understand it chip and pin uses a challenge along with a link to the bank to check if the card is genuine. Check the below links for details:

http://en.wikipedia.org/wiki/Chip_and_PIN

http://en.wikipedia.org/wiki/EMV

http://www.lightbluetouchpaper.org/2008/02...simple-attacks/

The other thing to consider is that all you need to use the card online or over the phone can be gotten in the space of about 10 seconds using a mobile with a camera by taking photos of both sides. If your friend has ever given the card to a waiter in a restaurant who has taken it out back to get the pin pad then brought it back then that may be where it has been done from.

0

Share this post


Link to post
Share on other sites

It's quite common here in Ireland for criminals to fit fake covers over the card slot on atm's which clone the mag strip and install a camera to record you entering your pin.

0

Share this post


Link to post
Share on other sites

There is a method of credit card cloning which involves a machine like a credit card reader that takes your data and stores it. Someone who has the necessary equipment to produce a card can produce an exact copy of the card that had the stolen information on it.

As far as RFID chips, you can steal that right out of the ether with an RFID scanner. Makes identify fraud much easier doesn't it? The position of the U.S. State Department is "those who can afford such technology are entitled to the information." Well, anyone can afford it if they know where to look.

I suggest you wrap your cards in tin foil. They have "secure sleeves" but they are ussually open on one end, and when they demo the sleeves they only test the covered parts. The signal can still transmit through openings.

I'm going to get a bag or purse that is lined with foil and stick my wallet in there. It might look gay, but at least my cards won't be hijacked because some dickheads in NYC and DC think that anyone who can afford a scanner is entitled to my information.

0

Share this post


Link to post
Share on other sites
I'm going to get a bag or purse that is lined with foil and stick my wallet in there. It might look gay, but at least my cards won't be hijacked because some dickheads in NYC and DC think that anyone who can afford a scanner is entitled to my information.

Careful with that.. That's how many shoplifters are steeling tagged goods. It's conceivable a bag lined with foil will soon be considered a burglary tool.

0

Share this post


Link to post
Share on other sites

Right, in this police state you probably would be considered suspicious for protecting yourself. Especially considering 87% of Sheeple enjoy being raped and fleeced and cheated. They love it.

0

Share this post


Link to post
Share on other sites

Or you could just go the way I have and refuse to accept a card with RFID in it. Nothing drives a bad product off the market faster than a failure to adopt.

As far as fraud goes, I'd be willing to say it's far far more likely your friend's card info was not stolen via RFID but by bad practices.

You can run a CC transaction with as little information as the card number and expiration date. All the additional CVV data is just so the merchant can get a better rate for their transactions (less fraud potential = lower transaction rates, go figure). Of course, CVV data doesn't provide that much extra security anyway. CVV2 data is printed right on the card, so as previously mentioned a digital camera (or decent cellphone camera) is all you need to steal a card for online or mail-order purposes. CVV1 data is stored in the mag stripe (track 2 and/or 3 data) and is only harder to steal and duplicate because it requires equipment. This equipment, however, is neither expensive nor difficult to build. The expertise required may not be within the reach of your average 7-11 clerk, but all it takes is one clever person with a few well-placed dollars to put the proverbial two and two together.

Debit is a bit tougher since it requires both the track 1/2 data from the card and a PIN. Plus debit numbers are never seen un-encrypted by the merchant (PINpads always carry their own encryption keys, set by the processing company - which is why a simple 10-key pad needs to be so bulky and always seems to be made by the same people). Of course if you're cloning someone's card in the back room of a restaurant, shoulder-surfing a PIN entry should not be very problematic.

Of course even if a merchant and all their employees are straight-laced honest folks, there's always the standard issue "guy in the starbucks parking lot with a laptop" security problems.

Bottom line, your card isn't safe unless you never use it, so if you're that paranoid just use cash (and never get it from an ATM either)... PayPal's one-time credit cards (via firefox/ie plugin) are pretty nice too.

Oh, and as far as "tools of a crime" goes, I think by virtue of having found this forum we've all got more to worry about than a tinfoil-lined bag. I'd much rather explain RFID to a mall security guard than try to convince the nice men with badges that Ettercap can be used for legitimate purposes. ;)

0

Share this post


Link to post
Share on other sites

Do you need a pin to order stuff online?

0

Share this post


Link to post
Share on other sites
Do you need a pin to order stuff online?

No, you can't order online with Debit because the processor requires an encrypted PIN from one of their own PINpads as well as the Track 1/2 data from the Mag Strip. Debit is, by definition, an in-person transaction method.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0