[PLUG-TALK] Debit card fraud

wes plug at the-wes.com
Sat Sep 26 20:55:11 UTC 2015 

On Sat, Sep 26, 2015 at 10:21 AM, Denis Heidtmann <denis.heidtmann at gmail.com
> wrote:

> On Sat, Sep 26, 2015 at 8:59 AM, Michael Rasmussen <michael at jamhome.us>
> wrote:
>
>> On Sat, Sep 26, 2015 at 08:49:16AM -0700, Rich Shepard wrote:
>> > On Sat, 26 Sep 2015, Michael Rasmussen wrote:
>> >
>> > > The issuer (not my employer!!) is saying that in absence of a card
>> being
>> > > lost or stolen I'm responsible. Discussions are continuing.
>> >
>> >    Seems to me, Michael, that your card number was stolen. Doesn't that
>> > count?
>>
>> It can. That's why discussions are continuing.
>> However, there are items on the stripe that identify the card that won't
>> be
>> present if the card is forged just from the account num, exp date, and
>> CIC number.
>> The issuer seems to think this was a legitimate copy of the card.
>>
>>
>> --
>>       Michael Rasmussen, Portland Oregon
>
>
> If "those items" are known to the issuer to have been on the forged card,
> then the scanning machine must have read "those items".  If the scanning
> machine read those items, then the compromised machine which gleaned the
> necessary information could have gleaned "those items" just as well as the
> rest of the stuff.
>
> Please let us know how the discussions go.
>
> -Denis
>
>
Wouldn't it be great if the "chip" in these "chip and pin" cards had a
little counter which incremented with each swipe of the card? That way, we
can more quickly and closely narrow down exactly where a given card was
compromised.

Let's say I used my card at a gas station, which had a scanning device
placed in front of the slot. This swipe was #1493. The scanner read the
#1493 and will imprint this onto the new forged card. In the mean time, I
have gone on to swipe a number of times after, bringing my card's counter
up to #1550. Someone then uses the forged card claiming #1493, and we
instantly know that wherever I had used the legit card for the 1493rd swipe
is where it was compromised.

Even if they're smart enough to change the counter, it'll still be out of
sequence and obviously fraudulent.

What could possibly go wrong???

-wes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.pdxlinux.org/pipermail/plug-talk/attachments/20150926/2bc8291b/attachment.html>

More information about the PLUG-talk mailing list