Discussion Topic |
|
This thread has been locked |
NutAgain!
Trad climber
South Pasadena, CA
|
|
Topic Author's Original Post - Oct 3, 2017 - 10:46pm PT
|
Summary warning signs:
1. Look for a broken sticker/seal on the pump that indicates it may have been tampered with.
2. If you have a smartphone, turn on Bluetooth and look for connections near the pumps with the ID "HC-05". This is a tell-tale sign (but probably not the only one) of a skimmer device designed to steal credit card numbers
Good reading here for those technically inclined.
https://learn.sparkfun.com/tutorials/gas-pump-skimmers
Note this is an easy attack a hacker can do in 30 seconds to compromise a gas pump. They basically open the pump case and put a device in-line with the credit card reader (nothing externally visible), and then later come back to harvest all the credit card numbers over a bluetooth connection.
|
|
L
climber
Tiptoeing through the chilly waters of life
|
|
Oh god...do I have to do this sort of stuff?
I have enough trouble just pumping gas.
|
|
Norton
climber
The Wastelands
|
|
wow, good advice, NutAgain
|
|
Reilly
Mountain climber
The Other Monrovia- CA
|
|
How do you open the pump case without a key and do all that in 30 seconds?
Paying with cash is the safest but, of course, the gubmint wants to do away with cash. They've already started to in Europe.
|
|
clinker
Trad climber
Santa Cruz, California
|
|
How do you open the pump case without a key and do all that in 30 seconds?
Ethan Hunt
TFPU Nut
|
|
phylp
Trad climber
Upland, CA
|
|
I think one of the easiest things to do is to have one credit card with a low limit that you only use in "suspect" places - new to you internet sites, smaller restaurants, and gas stations in general.
And keep your "main" credit card for exclusive use for your reoccurring monthly charges and trusted vendors. And yes, my credit cards are stored in a RFID blocking sleeve.
|
|
rottingjohnny
Sport climber
Sands Motel , Las Vegas
|
|
Senator Milktoast from California...Nice ring to it...
|
|
clinker
Trad climber
Santa Cruz, California
|
|
Governor DMT
I'll vote.
|
|
kunlun_shan
Mountain climber
SF, CA
|
|
Unfortunately, Bluetooth is just one of many methods used to transmit data from skimmers. Text messaging, infrared, connections using transfer rods.....
Covering your hand when you input your PIN can protect it, as long as the keypad doesn't have an "overlay".
Brian Krebs has lots of details on these methods:
https://krebsonsecurity.com/?s=skimmer&x=6&y=12
https://krebsonsecurity.com/page/2/?s=skimmer&x=6&y=12
VVVV JIm has a great solution! Just make sure you get your cash from a teller or from a safe ATM in a bank.... and thebravecowboy is ahead of us all when it comes to personal security.
|
|
zBrown
Ice climber
|
|
I don't even pay for gas. I just display my piece and say, politely, this is on the house right?
Or sometimes
Esto es libremente correcto
|
|
zBrown
Ice climber
|
|
If everybody was packin' when entering into a commercial transaction then there would be a lot more money going 'round to enable further gun purchases
|
|
crusher
climber
Santa Monica, CA
|
|
I use the charge cards for the particular gas station ( I.e. Chevron and 76 cards) - they don't have high limits and if frauded don't foul up my regular credit cards.
|
|
Jon Beck
Trad climber
Oceanside
|
|
You are never liable for fraudulent charges on a credit card, ever. So I fail to see what politicians and bullet trains have to do with this discussion. Debit cards do not have as much protection, although some banks do extend protection to them. I use a credit card that emails me every time I use my card, so I know what is going on real time.
For online transactions I use Paypal (tied to my credit card) when available because the seller does not get your card number.
|
|
10b4me
Mountain climber
Retired
|
|
Pay cash money for everything.
I only pay cash for gasoline.
|
|
Jon Beck
Trad climber
Oceanside
|
|
Dingus, are you suggesting the bullet train is unconstitutional, I am confused. I did survive Con Law and other than tossing around some phrases, your comments are impossible to understand.
We all know you hate the bullet train, and like to raise it but it is irrelevant to this issue. The state's should not be the regulator of credit reporting and security, the Federal government does have the authority under the Commerce clause to mandate better security. As it is credit card companies make so much money off CC transactions that they absorb the losses. The market is working without regulation.
|
|
zBrown
Ice climber
|
|
You are never liable for fraudulent charges on a credit card, ever.
This raises the interesting question of what happens when charges are made on your credit card (by you) due to fraudulent misreprentation.
Don't forget that charges must be disputed timely.
When does the clock start tolling?
Do you have to "sue the bastards"? Probably so.
And what about all the clauses in those tiny little prints that accompany every statement which you may or not read or even receive that say you waive your right to sue an must accept (loaded in favor of the industry) arbitration; that mere continued utilization of the card implies your acceptance.
Is the consumer screwed in all this?
Why yes.
|
|
i'm gumby dammit
Sport climber
da ow
|
|
^^Got a link for that. Without context it means nothing
|
|
k-man
Gym climber
SCruz
|
|
Merchants are spending over 20% of their operating budgets on fighting fraud.
Usually we don't think about the merchant getting dinged. There's the concept of 'card in hand.' If you buy groceries and use a CC, and the cashier can verify the card holder, then any fraud is pushed back to the CC company. However, if you purchase something where the merchant can't verify the card holder, such as an online txn, then the merchant must pay if it's fraud.
|
|
|
SuperTopo on the Web
|