Discussion Topic |
|
This thread has been locked |
| Messages 1 - 25 of total 25 in this topic |
NutAgain!
Trad climber
South Pasadena, CA
|
|
|
Topic Author's Original Post - Oct 3, 2017 - 10:46pm PT
|
Summary warning signs:
1. Look for a broken sticker/seal on the pump that indicates it may have been tampered with.
2. If you have a smartphone, turn on Bluetooth and look for connections near the pumps with the ID "HC-05". This is a tell-tale sign (but probably not the only one) of a skimmer device designed to steal credit card numbers
Good reading here for those technically inclined.
https://learn.sparkfun.com/tutorials/gas-pump-skimmers
Note this is an easy attack a hacker can do in 30 seconds to compromise a gas pump. They basically open the pump case and put a device in-line with the credit card reader (nothing externally visible), and then later come back to harvest all the credit card numbers over a bluetooth connection.
|
|
L
climber
Tiptoeing through the chilly waters of life
|
|
Oh god...do I have to do this sort of stuff?
I have enough trouble just pumping gas.
|
|
Norton
climber
The Wastelands
|
|
wow, good advice, NutAgain
|
|
Reilly
Mountain climber
The Other Monrovia- CA
|
|
How do you open the pump case without a key and do all that in 30 seconds?
Paying with cash is the safest but, of course, the gubmint wants to do away with cash. They've already started to in Europe.
|
|
clinker
Trad climber
Santa Cruz, California
|
|
How do you open the pump case without a key and do all that in 30 seconds?
Ethan Hunt
TFPU Nut
|
|
phylp
Trad climber
Upland, CA
|
|
I think one of the easiest things to do is to have one credit card with a low limit that you only use in "suspect" places - new to you internet sites, smaller restaurants, and gas stations in general.
And keep your "main" credit card for exclusive use for your reoccurring monthly charges and trusted vendors. And yes, my credit cards are stored in a RFID blocking sleeve.
|
|
rottingjohnny
Sport climber
Sands Motel , Las Vegas
|
|
Senator Milktoast from California...Nice ring to it...
|
|
clinker
Trad climber
Santa Cruz, California
|
|
Governor DMT
I'll vote.
|
|
kunlun_shan
Mountain climber
SF, CA
|
|
Unfortunately, Bluetooth is just one of many methods used to transmit data from skimmers. Text messaging, infrared, connections using transfer rods.....
Covering your hand when you input your PIN can protect it, as long as the keypad doesn't have an "overlay".
Brian Krebs has lots of details on these methods:
https://krebsonsecurity.com/?s=skimmer&x=6&y=12
https://krebsonsecurity.com/page/2/?s=skimmer&x=6&y=12
VVVV JIm has a great solution! Just make sure you get your cash from a teller or from a safe ATM in a bank.... and thebravecowboy is ahead of us all when it comes to personal security.
|
|
zBrown
Ice climber
|
|
I don't even pay for gas. I just display my piece and say, politely, this is on the house right?
Or sometimes
Esto es libremente correcto
|
|
zBrown
Ice climber
|
|
If everybody was packin' when entering into a commercial transaction then there would be a lot more money going 'round to enable further gun purchases
|
|
crusher
climber
Santa Monica, CA
|
|
I use the charge cards for the particular gas station ( I.e. Chevron and 76 cards) - they don't have high limits and if frauded don't foul up my regular credit cards.
|
|
Jon Beck
Trad climber
Oceanside
|
|
You are never liable for fraudulent charges on a credit card, ever. So I fail to see what politicians and bullet trains have to do with this discussion. Debit cards do not have as much protection, although some banks do extend protection to them. I use a credit card that emails me every time I use my card, so I know what is going on real time.
For online transactions I use Paypal (tied to my credit card) when available because the seller does not get your card number.
|
|
10b4me
Mountain climber
Retired
|
|
Pay cash money for everything.
I only pay cash for gasoline.
|
|
Jon Beck
Trad climber
Oceanside
|
|
Dingus, are you suggesting the bullet train is unconstitutional, I am confused. I did survive Con Law and other than tossing around some phrases, your comments are impossible to understand.
We all know you hate the bullet train, and like to raise it but it is irrelevant to this issue. The state's should not be the regulator of credit reporting and security, the Federal government does have the authority under the Commerce clause to mandate better security. As it is credit card companies make so much money off CC transactions that they absorb the losses. The market is working without regulation.
|
|
zBrown
Ice climber
|
|
You are never liable for fraudulent charges on a credit card, ever.
This raises the interesting question of what happens when charges are made on your credit card (by you) due to fraudulent misreprentation.
Don't forget that charges must be disputed timely.
When does the clock start tolling?
Do you have to "sue the bastards"? Probably so.
And what about all the clauses in those tiny little prints that accompany every statement which you may or not read or even receive that say you waive your right to sue an must accept (loaded in favor of the industry) arbitration; that mere continued utilization of the card implies your acceptance.
Is the consumer screwed in all this?
Why yes.
|
|
i'm gumby dammit
Sport climber
da ow
|
|
^^Got a link for that. Without context it means nothing
|
|
k-man
Gym climber
SCruz
|
|
Merchants are spending over 20% of their operating budgets on fighting fraud.
Usually we don't think about the merchant getting dinged. There's the concept of 'card in hand.' If you buy groceries and use a CC, and the cashier can verify the card holder, then any fraud is pushed back to the CC company. However, if you purchase something where the merchant can't verify the card holder, such as an online txn, then the merchant must pay if it's fraud.
|
|
Jon Beck
Trad climber
Oceanside
|
|
This thread started out as how to protect yourself at the gas pump. Now that we have extended it to merchants (since consumers are not at risk) we will look at merchant protections.
For face to face transactions the merchant can protect themselves:
For the brick-and-mortar merchant, this is a card present (CP) transaction, meaning the cardholder, John Smith, is physically present with the card at the point of purchase. When a consumer makes an in-person transaction with a physical card, the merchant has the ability to not only inspect the card but to ask for identification (such as a driver’s licence) and obtain a signature from the consumer. In addition, merchants require a secure form of payment such as paying with a chip-enabled card. Chip-enabled cards generate unique transaction codes for each purchase, making the payment information much more secure. If the merchant follows proper procedure such as requiring a chip-enabled card for purchase and getting a signature, the merchant does not hold the liability on the transaction. Liability rests with the bank that issued the cardholder’s card, and if the purchase is later deemed to be fraudulent, the merchant is not responsible for refunding the customer. (However, if a merchant does not have a chip-enabled card reader, and accepts the transaction, they are held liable for that purchase, as they did not undertake the proper updated security procedures.)
For online orders (Card Not Present, CNP) it is much riskier for merchants. If a merchant blindly accepts CC orders without some verification then there is great risk of chargebacks. A common way to reduce risk is to only ship to the credit card address. I sell on Ebay and use Paypal, total protection if I can prove I shipped to the address provided through Paypal, I have never lost a dime. You do not have to sell through Ebay to use the Paypal system.
There is definitely room for improvement in digital transactions. With the proliferation of smart phones it would be easy to have a system that uses biometrics or passwords through the cell phone to confirm transactions real time. No additional hardware required at the merchant end, just an internet connection.
Card companies eat a lot of fraud
|
|
Ed Hartouni
Trad climber
Livermore, CA
|
|
Useless train-to-no-where idiot bullshit instead of mnadatory, national infrastructure, critical to commerce, instead of stroking one aging politicians massive ego.
I guess it's easy to see the future...
"A vast program thrown together, imperfectly conceived and grossly mismanaged, and in due course becoming a veritable playground for extravagance, waste and corruption..."
WSJ 1958
|
|
Jon Beck
Trad climber
Oceanside
|
|
Idiotic. Borrowing billions to pay for a train that will never show a return on investment
There are no transit systems in the states that show a return on investment. The NYC subway, generally packed to the gills, only returns 50 cents on every operational dollar, but it supports an economy worth billions.
Air and car travel have massive subsidies that are hidden. Rail subsidies are more visible.
Here is a chart of subsidies for Boston transit.
|
|
Splater
climber
Grey Matter
|
|
It's not that hard to see that a strong case can be made for urban transit subsidies, used mostly by commuters, and estimates can be made of how much impact is made on time lost due to traffic, lower pollution, land used, smart growth, etc.
No one can make a good case for the bullet train to nowhere.
|
|
NutAgain!
Trad climber
South Pasadena, CA
|
|
|
Topic Author's Reply - Oct 5, 2017 - 02:01pm PT
|
Wherever the train stops, real estate speculators will get rich first, and then maybe new economies will arise from these digital watering holes? New suburbs for LA and SF.
|
|
| Messages 1 - 25 of total 25 in this topic |
|
SuperTopo on the Web
|
Let us know!