Kansas Crimson

BasketballJayhawk wrote: ↑Sat Jun 05, 2021 9:06 pm

ousdahl wrote: ↑Sat Jun 05, 2021 6:55 pm How does somebody even use it at BB&B? I guess you can just punch in the card number and stuff?

That in itself seems a little fishy. You’d think a big box chain would have some policy to ask for ID or something when the card’s not present, but who knows.

Who eats that $7.99, anyway?

They can't just punch in the #.

Does your card have a chip?

Yes they can. It's called the internet. People type in their card numbers to buy stuff all the time, including at Bed, Bath & Beyond.

twocoach wrote: ↑Mon Jun 07, 2021 2:14 pm

BasketballJayhawk wrote: ↑Sat Jun 05, 2021 9:06 pm

ousdahl wrote: ↑Sat Jun 05, 2021 6:55 pm How does somebody even use it at BB&B? I guess you can just punch in the card number and stuff?

That in itself seems a little fishy. You’d think a big box chain would have some policy to ask for ID or something when the card’s not present, but who knows.

Who eats that $7.99, anyway?

They can't just punch in the #.

Does your card have a chip?

Yes they can. It's called the internet. People type in their card numbers to buy stuff all the time, including at Bed, Bath & Beyond.

Thinking back to my retail days, obviously they can use the internet (although can skim machines also grab the CVC codes?), but I can't imagine a physical retailer now letting anyone pay with a CC#/Exp. date without seeing the physical card. Granted, a lot of places still allow people to do that over the phone.

CrimsonNBlue wrote: ↑Mon Jun 07, 2021 2:19 pm

twocoach wrote: ↑Mon Jun 07, 2021 2:14 pm

BasketballJayhawk wrote: ↑Sat Jun 05, 2021 9:06 pm

They can't just punch in the #.

Does your card have a chip?

Yes they can. It's called the internet. People type in their card numbers to buy stuff all the time, including at Bed, Bath & Beyond.

Thinking back to my retail days, obviously they can use the internet (although can skim machines also grab the CVC codes?), but I can't imagine a physical retailer now letting anyone pay with a CC#/Exp. date without seeing the physical card. Granted, a lot of places still allow people to do that over the phone.

You cannot get the three digit code from a skimmer; those can only pick up the Track 2 data off the mag stripe. We caught a large group of Eastern European gang members a few years ago that were traveling around the Midwest adding skimmers and cameras to ATMs. The skimmers grab the account details off the card and they'd use the camera to capture the PIN. Both had a little RFID signal and the data would be captured by a criminal on a laptop in a nearby car. They had a mag stripe card printer set up right in the card and were sending guys out into the field with backpacks full of cards and would run them, until they emptied the account. They could drain an ATM in less than an hour or so. Fortunately we had just done an upgrade on our ATM monitoring application and had put some good threshold monitors in place and were able to get the police involved in time to catch them. You could see their team spread across town just watching the monitoring tools we had light up, it was crazy.

The best place for fraudsters to get the credit card data they need is to buy card data off the dark web after it has been stolen in a hack of a company's computer system. There are still a lot of retailers out there with pretty archaic systems that are routinely hacked. Home Depot and Target were two of the original Big Boys that forced card issuers to reprint millions of cards but they seem to have finally gotten serious about it in recent years.

I had someone charge $900 to 3 different Wal-Marts in Florida on my Amazon Chase card. It was weird because Chase called me and I was talking to them about the charges and on the other line he had some guy in Florida claiming to be me and wanting to add his girlfriend to the card...lol. Fvcking idiots. He couldn't provide my mother's maiden name.

Chase cleaned it up but now I have to use a PIN # anytime I use my Chase card, which I only use on Amazon anyway, so it's not a big deal. I'm guessing they somehow hacked my Amazon account and got the credit card info.

It wasn't me.

Ousdahl might have to wait and give the Nigerian royal family new bank data it sounds like. We may never know how he was scammed, but at least the 30 pounds of gold bullion will be safe now once monetized. God bless.

As for my funniest credit card fraud story, we had a quick thinking Fraud Analyst who was working an alert that came in on a cardholder account. The idiot fraudster took a stolen physical plastic into a Best Buy and tried to buy 5 cameras. We obviously declined the train because the card was already reported stolen. The analyst picked up the phone and called the store location and told the cashier to inform the fraudster that because of his purchase, he was eligible to receive a 6th camera for free so the moron happily stood there are waited for his free camera, which was actually just a stall for time so the cops to get there and arrest his dumb ass.

But dummies stealing individual cards trying individual fraudulent trans is a tiny little drop in the bucket compared to the professional fraudsters attacking our systems and cardholders on a daily basis.

shindig wrote: ↑Mon Jun 07, 2021 2:38 pm I had someone charge $900 to 3 different Wal-Marts in Florida on my Amazon Chase card. It was weird because Chase called me and I was talking to them about the charges and on the other line he had some guy in Florida claiming to be me and wanting to add his girlfriend to the card...lol. Fvcking idiots. He couldn't provide my mother's maiden name.

Chase cleaned it up but now I have to use a PIN # anytime I use my Chase card, which I only use on Amazon anyway, so it's not a big deal. I'm guessing they somehow hacked my Amazon account and got the credit card info.

Amazon is very leaky with their customer card information. So is Apple.

Once had someone buy $240 worth of legos from a toy store with my card info. I assumed it was from that rental car guy I did business with in Texas.

Walrus wrote: ↑Mon Jun 07, 2021 2:42 pm Once had someone buy $240 worth of legos from a toy store with my card info. I assumed it was from that rental car guy I did business with in Texas.

The most likely is that the rental car guy's system was hacked. The least likely is that he did it himself. That would be like robbing a house that you get a documented paycheck to clean. Pretty easy to catch.

CrimsonNBlue wrote: ↑Mon Jun 07, 2021 2:19 pm

twocoach wrote: ↑Mon Jun 07, 2021 2:14 pm

BasketballJayhawk wrote: ↑Sat Jun 05, 2021 9:06 pm

They can't just punch in the #.

Does your card have a chip?

Yes they can. It's called the internet. People type in their card numbers to buy stuff all the time, including at Bed, Bath & Beyond.

Thinking back to my retail days, obviously they can use the internet (although can skim machines also grab the CVC codes?), but I can't imagine a physical retailer now letting anyone pay with a CC#/Exp. date without seeing the physical card. Granted, a lot of places still allow people to do that over the phone.

on an $8 purchase they might, since I don't think a signature or PIN is required for a purchase that small (sorry for size shaming your amound of fraud Ousey).

twocoach wrote: ↑Mon Jun 07, 2021 2:42 pm

shindig wrote: ↑Mon Jun 07, 2021 2:38 pm I had someone charge $900 to 3 different Wal-Marts in Florida on my Amazon Chase card. It was weird because Chase called me and I was talking to them about the charges and on the other line he had some guy in Florida claiming to be me and wanting to add his girlfriend to the card...lol. Fvcking idiots. He couldn't provide my mother's maiden name.

Chase cleaned it up but now I have to use a PIN # anytime I use my Chase card, which I only use on Amazon anyway, so it's not a big deal. I'm guessing they somehow hacked my Amazon account and got the credit card info.

Amazon is very leaky with their customer card information. So is Apple.

Yeah, so now, anytime I log into Amazon, I have to receive a PIN # back from Amazon via txt and enter it as well. As long as it keeps some jackass from hacking into my stuff it's fine, just annoying.

shindig wrote: ↑Mon Jun 07, 2021 2:45 pm

twocoach wrote: ↑Mon Jun 07, 2021 2:42 pm

shindig wrote: ↑Mon Jun 07, 2021 2:38 pm I had someone charge $900 to 3 different Wal-Marts in Florida on my Amazon Chase card. It was weird because Chase called me and I was talking to them about the charges and on the other line he had some guy in Florida claiming to be me and wanting to add his girlfriend to the card...lol. Fvcking idiots. He couldn't provide my mother's maiden name.

Chase cleaned it up but now I have to use a PIN # anytime I use my Chase card, which I only use on Amazon anyway, so it's not a big deal. I'm guessing they somehow hacked my Amazon account and got the credit card info.

Amazon is very leaky with their customer card information. So is Apple.

Yeah, so now, anytime I log into Amazon, I have to receive a PIN # back from Amazon via txt and enter it as well. As long as it keeps some jackass from hacking into my stuff it's fine, just annoying.

Two factor authentication is the route many are going to now which helps a lot. There's no perfect safeguard that isn't going to be at least mildly annoying to the cardholder as they try to do legitimate transactions. It's a balancing act for card issuers that can be very difficult. My big ass project this year was to set up a text alert system similar to the one that alerted Oussie of this purchase. We're a little behind the massive issuers like Chase, US Bank Capital One etc... but it is working pretty smoothly so far. The biggest problem is getting cardholders to trust it and reply to the texts in a timely enough manner that we can catch them right after the initial tran declines.

PhDhawk wrote: ↑Mon Jun 07, 2021 2:45 pm

CrimsonNBlue wrote: ↑Mon Jun 07, 2021 2:19 pm

twocoach wrote: ↑Mon Jun 07, 2021 2:14 pm

Yes they can. It's called the internet. People type in their card numbers to buy stuff all the time, including at Bed, Bath & Beyond.

Thinking back to my retail days, obviously they can use the internet (although can skim machines also grab the CVC codes?), but I can't imagine a physical retailer now letting anyone pay with a CC#/Exp. date without seeing the physical card. Granted, a lot of places still allow people to do that over the phone.

on an $8 purchase they might, since I don't think a signature or PIN is required for a purchase that small (sorry for size shaming your amound of fraud Ousey).

As of April 2018, signatures are now now longer required on Visa credit transactions.

https://usa.visa.com/dam/VCOM/global/su ... 040518.pdf

The merchant may still require them because they didn't want to pay for their processor to update their software but they aren't needed and they don't provide any validation of any kind. PINS are still required for all amounts on a Visa-branded debit card.

Yep, that's what Chase did. They were txting my phone and asking me to call a certain number about some transactions that looked suspicious and that's when they told me they had the other guy on another line pretending to be me...lol.

twocoach wrote: ↑Mon Jun 07, 2021 3:13 pm

PhDhawk wrote: ↑Mon Jun 07, 2021 2:45 pm

CrimsonNBlue wrote: ↑Mon Jun 07, 2021 2:19 pm

Thinking back to my retail days, obviously they can use the internet (although can skim machines also grab the CVC codes?), but I can't imagine a physical retailer now letting anyone pay with a CC#/Exp. date without seeing the physical card. Granted, a lot of places still allow people to do that over the phone.

on an $8 purchase they might, since I don't think a signature or PIN is required for a purchase that small (sorry for size shaming your amound of fraud Ousey).

As of April 2018, signatures are now now longer required on Visa credit transactions.

https://usa.visa.com/dam/VCOM/global/su ... 040518.pdf

The merchant may still require them because they didn't want to pay for their processor to update their software but they aren't needed and they don't provide any validation of any kind. PINS are still required for all amounts on a Visa-branded debit card.

"right on que from the neighborhood knowitall."

-Michhawk

For Mich's sake, can those of us who know facts beyond what a layperson knows just stop posting about it.

I FEEL like I'll still need to sign for a purchase, so I'm going to ignore your information.





Oh, sorry, I thought this was the Covid19 thread.

I am interested to see what happens when contactless cards become more prevalent. If an RFID reader in a terminal can read your card then an RFID reader in a fraudster's pocket standing behind you can read your card. When they start putting contactless readers in gas pumps it will be a total shit show but Big Oil has been the only group big enough to push Visa and MasterCard around so I don't suspect we'll see those on gas pumps for at least 10 more years. They forced Visa and MasterCard to push off EMV chip reading terminal requirements for several years longer than the rest of the merchant world.

I only use Chase or Amex credit for purchases and it teems like at many places there is some kind of magic $25 threshold for requiring a signature.

It is still wild to me that in 2021 there is possibly retailers out there that will allow a customer to read off a paper or from memory a 16 digit number and then expiration date and not ask to see the actual card or any identification. Guessing there is some kind of mess for the retailer if the transaction gets later disputed.

twocoach wrote: ↑Mon Jun 07, 2021 3:18 pm I am interested to see what happens when contactless cards become more prevalent. If an RFID reader in a terminal can read your card then an RFID reader in a fraudster's pocket standing behind you can read your card. When they start putting contactless readers in gas pumps it will be a total shit show but Big Oil has been the only group big enough to push Visa and MasterCard around so I don't suspect we'll see those on gas pumps for at least 10 more years. They forced Visa and MasterCard to push off EMV chip reading terminal requirements for several years longer than the rest of the merchant world.

??? Are we talking the contactless payment with the NFC tech on the card itself or from a smartphone?

Because the NFC credit card contactless readers have been on gas pumps for at least a couple of years now.

CrimsonNBlue wrote: ↑Mon Jun 07, 2021 3:20 pm

twocoach wrote: ↑Mon Jun 07, 2021 3:18 pm I am interested to see what happens when contactless cards become more prevalent. If an RFID reader in a terminal can read your card then an RFID reader in a fraudster's pocket standing behind you can read your card. When they start putting contactless readers in gas pumps it will be a total shit show but Big Oil has been the only group big enough to push Visa and MasterCard around so I don't suspect we'll see those on gas pumps for at least 10 more years. They forced Visa and MasterCard to push off EMV chip reading terminal requirements for several years longer than the rest of the merchant world.

??? Are we talking the contactless payment with the NFC tech on the card itself or from a smartphone?

Because the NFC credit card contactless readers have been on gas pumps for at least a couple of years now.

Yes. There's a large difference between "exists" and "is required by Visa". Being required means that every single gas pump in American that accepts credit cards as a form of payment would be required to process these transactions. We are 2-3 years into the technology existing in the field and the last I read, less than 1% of gas pumps that accept payments have NFC readers on them. It will take billions of dollars to upgrade the other 99%.

And just because the pump has a picture of "wireless payment" on there doesn't mean that it is turned on and working.