Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.sys.mac.system > #23636 > unrolled thread
| Started by | Michelle Steiner <michelle@michelle.org> |
|---|---|
| First post | 2012-04-11 08:28 -0700 |
| Last post | 2012-04-15 17:24 +0000 |
| Articles | 20 on this page of 119 — 29 participants |
Back to article view | Back to comp.sys.mac.system
Has your credit card number been compromised? Michelle Steiner <michelle@michelle.org> - 2012-04-11 08:28 -0700
Re: Has your credit card number been compromised? Fred Moore <fmoore@gcfn.org> - 2012-04-11 14:34 -0400
Re: Has your credit card number been compromised? JF Mezei <jfmezei.spamnot@vaxination.ca> - 2012-04-11 17:08 -0400
Re: Has your credit card number been compromised? Michelle Steiner <michelle@michelle.org> - 2012-04-11 15:20 -0700
Re: Has your credit card number been compromised? JF Mezei <jfmezei.spamnot@vaxination.ca> - 2012-04-11 20:04 -0400
Re: Has your credit card number been compromised? Michelle Steiner <michelle@michelle.org> - 2012-04-11 17:26 -0700
Re: Has your credit card number been compromised? "Geoffrey S. Mendelson" <gsm@mendelson.com> - 2012-04-12 07:14 +0000
Re: Has your credit card number been compromised? John McWilliams <jpmcw@comcast.net> - 2012-04-11 15:24 -0700
Re: Has your credit card number been compromised? Davoud <star@sky.net> - 2012-04-11 20:53 -0400
Re: Has your credit card number been compromised? "Thomas R. Kettler" <tkettler@blownfuse.net> - 2012-04-11 22:43 -0400
Re: Has your credit card number been compromised? Davoud <star@sky.net> - 2012-04-11 23:17 -0400
Re: Has your credit card number been compromised? JF Mezei <jfmezei.spamnot@vaxination.ca> - 2012-04-11 23:24 -0400
Re: Has your credit card number been compromised? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-12 14:22 -0400
Re: Has your credit card number been compromised? nospam <nospam@nospam.invalid> - 2012-04-12 17:28 -0400
Re: Has your credit card number been compromised? dorayme <dorayme@optusnet.com.au> - 2012-04-13 07:43 +1000
Re: Has your credit card number been compromised? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-12 19:27 -0400
Re: Has your credit card number been compromised? dorayme <dorayme@optusnet.com.au> - 2012-04-13 10:20 +1000
Re: Has your credit card number been compromised? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-12 19:23 -0400
Re: Has your credit card number been compromised? Davoud <star@sky.net> - 2012-04-12 21:25 -0400
Re: Has your credit card number been compromised? Kurt Ullman <kurtullman@yahoo.com> - 2012-04-13 04:30 -0400
Re: Has your credit card number been compromised? "John Varela" <newlamps@verizon.net> - 2012-04-14 00:05 +0000
Re: Has your credit card number been compromised? News <News@Group.Posts> - 2012-04-14 10:08 -0400
Re: Has your credit card number been compromised? "John Varela" <newlamps@verizon.net> - 2012-04-15 19:43 +0000
Re: Has your credit card number been compromised? JF Mezei <jfmezei.spamnot@vaxination.ca> - 2012-04-12 17:30 -0400
Re: Has your credit card number been compromised? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-12 19:24 -0400
Re: Has your credit card number been compromised? Wayne Marsh <waynegmarsh@mac.com> - 2012-04-22 13:17 -0500
Re: Has your credit card number been compromised? Chris Blunt <mail@nospam.com> - 2012-04-23 10:16 +0800
Re: Has your credit card number been compromised? *Hemidactylus* <ecphoric@hotmail.com> - 2012-04-22 22:52 -0400
Re: Has your credit card number been compromised? George Kerby <ghost_topper@hotmail.com> - 2012-04-23 08:25 -0500
Re: Has your credit card number been compromised? nospam <nospam@nospam.invalid> - 2012-04-23 07:29 -0700
Re: Has your credit card number been compromised? JF Mezei <jfmezei.spamnot@vaxination.ca> - 2012-04-23 00:19 -0400
Re: Has your credit card number been compromised? Davoud <star@sky.net> - 2012-04-23 09:08 -0400
Re: Has your credit card number been compromised? George Kerby <ghost_topper@hotmail.com> - 2012-04-23 08:30 -0500
Re: Has your credit card number been compromised? George Kerby <ghost_topper@hotmail.com> - 2012-04-23 08:28 -0500
Re: Has your credit card number been compromised? HelpfulHarry@BusyWorking.com (Helpful Harry) - 2012-04-23 18:36 +1200
Re: Has your credit card number been compromised? Warren Oates <warren.oates@gmail.com> - 2012-04-23 07:57 -0400
Re: Has your credit card number been compromised? HelpfulHarry@BusyWorking.com (Helpful Harry) - 2012-04-24 09:13 +1200
Re: Has your credit card number been compromised? nospam <nospam@nospam.invalid> - 2012-04-23 14:33 -0700
Re: Has your credit card number been compromised? Chris Blunt <mail@nospam.com> - 2012-04-24 10:26 +0800
Re: Has your credit card number been compromised? nospam <nospam@nospam.invalid> - 2012-04-23 20:03 -0700
Re: Has your credit card number been compromised? DevilsPGD <boogabooga@crazyhat.net> - 2012-04-23 21:25 -0600
Re: Has your credit card number been compromised? HelpfulHarry@BusyWorking.com (Helpful Harry) - 2012-04-24 16:21 +1200
Re: Has your credit card number been compromised? DevilsPGD <boogabooga@crazyhat.net> - 2012-04-23 22:50 -0600
Re: Has your credit card number been compromised? HelpfulHarry@BusyWorking.com (Helpful Harry) - 2012-04-24 18:19 +1200
Re: Has your credit card number been compromised? Warren Oates <warren.oates@gmail.com> - 2012-04-24 07:25 -0400
Re: Has your credit card number been compromised? Paul Sture <paul@sture.ch> - 2012-04-24 14:07 +0200
Re: Has your credit card number been compromised? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-26 19:02 -0400
Re: Has your credit card number been compromised? "Geoffrey S. Mendelson" <gsm@mendelson.com> - 2012-04-27 06:44 +0000
Re: Has your credit card number been compromised? Paul Sture <paul@sture.ch> - 2012-04-27 14:15 +0200
Re: Has your credit card number been compromised? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-27 21:55 -0400
Re: Has your credit card number been compromised? Paul Sture <paul@sture.ch> - 2012-04-28 12:44 +0200
Re: Has your credit card number been compromised? Warren Oates <warren.oates@gmail.com> - 2012-04-27 08:56 -0400
Re: Has your credit card number been compromised? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-27 21:58 -0400
Re: Has your credit card number been compromised? russotto@grace.speakeasy.net (Matthew Russotto) - 2012-05-08 03:27 +0000
Re: Has your credit card number been compromised? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-27 16:44 -0400
Re: Has your credit card number been compromised? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-27 21:52 -0400
Re: Has your credit card number been compromised? Paul Sture <paul@sture.ch> - 2012-04-28 12:51 +0200
Re: Has your credit card number been compromised? HelpfulHarry@BusyWorking.com (Helpful Harry) - 2012-04-29 10:02 +1200
Re: Has your credit card number been compromised? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-28 18:24 -0400
Re: Has your credit card number been compromised? Warren Oates <warren.oates@gmail.com> - 2012-04-28 07:35 -0400
Re: Has your credit card number been compromised? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-28 10:55 -0400
Re: Has your credit card number been compromised? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-28 13:28 -0400
Re: Has your credit card number been compromised? "Geoffrey S. Mendelson" <gsm@mendelson.com> - 2012-04-28 17:49 +0000
Re: Has your credit card number been compromised? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-28 14:22 -0400
Re: Has your credit card number been compromised? "Geoffrey S. Mendelson" <gsm@mendelson.com> - 2012-04-28 18:29 +0000
Re: Has your credit card number been compromised? "Geoffrey S. Mendelson" <gsm@mendelson.com> - 2012-04-28 18:44 +0000
Re: Has your credit card number been compromised? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-28 14:46 -0400
Re: Has your credit card number been compromised? Paul Sture <paul@sture.ch> - 2012-04-28 22:37 +0200
Re: Has your credit card number been compromised? HelpfulHarry@BusyWorking.com (Helpful Harry) - 2012-04-29 10:04 +1200
Re: Has your credit card number been compromised? Michelle Steiner <michelle@michelle.org> - 2012-04-28 15:35 -0700
Re: Has your credit card number been compromised? TaliesinSoft <taliesinsoft@me.com> - 2012-04-23 22:12 -0500
Re: Has your credit card number been compromised? JF Mezei <jfmezei.spamnot@vaxination.ca> - 2012-04-23 23:42 -0400
Re: Has your credit card number been compromised? Warren Oates <warren.oates@gmail.com> - 2012-04-24 07:29 -0400
Re: Has your credit card number been compromised? JF Mezei <jfmezei.spamnot@vaxination.ca> - 2012-04-24 18:30 -0400
Re: Has your credit card number been compromised? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-25 17:33 -0400
Re: Has your credit card number been compromised? nospam <nospam@nospam.invalid> - 2012-04-23 07:28 -0700
Re: Has your credit card number been compromised? HelpfulHarry@BusyWorking.com (Helpful Harry) - 2012-04-24 09:17 +1200
Re: Has your credit card number been compromised? nospam <nospam@nospam.invalid> - 2012-04-23 14:37 -0700
Re: Has your credit card number been compromised? HelpfulHarry@BusyWorking.com (Helpful Harry) - 2012-04-24 13:33 +1200
Re: Has your credit card number been compromised? JF Mezei <jfmezei.spamnot@vaxination.ca> - 2012-04-23 23:28 -0400
Re: Has your credit card number been compromised? nospam <nospam@nospam.invalid> - 2012-04-23 20:37 -0700
Re: Has your credit card number been compromised? DevilsPGD <boogabooga@crazyhat.net> - 2012-04-23 22:50 -0600
Re: Has your credit card number been compromised? HelpfulHarry@BusyWorking.com (Helpful Harry) - 2012-04-24 18:21 +1200
Re: Has your credit card number been compromised? nospam <nospam@nospam.invalid> - 2012-04-24 00:07 -0700
Re: Has your credit card number been compromised? Paul Sture <paul@sture.ch> - 2012-04-24 10:53 +0200
Re: Has your credit card number been compromised? Patty Winter <patty1@wintertime.com> - 2012-04-23 16:30 +0000
Re: Has your credit card number been compromised? Warren Oates <warren.oates@gmail.com> - 2012-04-23 13:09 -0400
Re: Has your credit card number been compromised? nospam <nospam@nospam.invalid> - 2012-04-23 11:03 -0700
Re: Has your credit card number been compromised? Patty Winter <patty1@wintertime.com> - 2012-04-23 21:06 +0000
Re: Has your credit card number been compromised? DevilsPGD <boogabooga@crazyhat.net> - 2012-04-23 20:28 -0600
Re: Has your credit card number been compromised? HelpfulHarry@BusyWorking.com (Helpful Harry) - 2012-04-24 16:16 +1200
Re: Has your credit card number been compromised? DevilsPGD <boogabooga@crazyhat.net> - 2012-04-23 22:50 -0600
Re: Has your credit card number been compromised? HelpfulHarry@BusyWorking.com (Helpful Harry) - 2012-04-24 18:27 +1200
Re: Has your credit card number been compromised? Barry Margolin <barmar@alum.mit.edu> - 2012-04-24 02:35 -0400
Re: Has your credit card number been compromised? HelpfulHarry@BusyWorking.com (Helpful Harry) - 2012-04-24 19:21 +1200
Re: Has your credit card number been compromised? Paul Sture <paul@sture.ch> - 2012-04-24 10:37 +0200
Re: Has your credit card number been compromised? Kurt Ullman <kurtullman@yahoo.com> - 2012-04-12 08:30 -0400
Re: Has your credit card number been compromised? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-12 14:33 -0400
Re: Has your credit card number been compromised? Zaidy036 <Zaidy036@isp.spam> - 2012-04-12 23:02 -0400
Re: Has your credit card number been compromised? HelpfulHarry@BusyWorking.com (Helpful Harry) - 2012-04-13 18:19 +1200
Re: Has your credit card number been compromised? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-13 15:41 -0400
Re: Has your credit card number been compromised? Tim McNamara <timmcn@bitstream.net> - 2012-04-12 14:17 -0500
Re: Has your credit card number been compromised? Kurt Ullman <kurtullman@yahoo.com> - 2012-04-12 15:59 -0400
Re: Has your credit card number been compromised? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-12 19:25 -0400
Re: Has your credit card number been compromised? Tim McNamara <timmcn@bitstream.net> - 2012-04-14 01:18 -0500
Re: Has your credit card number been compromised? me@home.spamsucks.ca (Király) - 2012-04-14 00:14 +0000
Re: Has your credit card number been compromised? Chris Blunt <mail@nospam.com> - 2012-04-14 11:38 +0800
Re: Has your credit card number been compromised? me@home.spamsucks.ca (Király) - 2012-04-14 16:13 +0000
Re: Has your credit card number been compromised? Chris Blunt <mail@nospam.com> - 2012-04-16 15:32 +0800
Re: Has your credit card number been compromised? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-13 19:00 -0400
Re: Has your credit card number been compromised? News <News@Group.Posts> - 2012-04-14 10:09 -0400
Re: Has your credit card number been compromised? Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-12 00:13 -0400
Re: Has your credit card number been compromised? Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-12 14:20 -0400
Re: Has your credit card number been compromised? "Geoffrey S. Mendelson" <gsm@mendelson.com> - 2012-04-12 07:19 +0000
Re: Has your credit card number been compromised? nospam <nospam@nospam.invalid> - 2012-04-12 06:12 -0400
Re: Has your credit card number been compromised? "Geoffrey S. Mendelson" <gsm@mendelson.com> - 2012-04-12 11:04 +0000
Re: Has your credit card number been compromised? nospam <nospam@nospam.invalid> - 2012-04-12 09:19 -0400
Re: Has your credit card number been compromised? Paul Sture <paul@sture.ch> - 2012-04-15 18:31 +0200
Re: Has your credit card number been compromised? "Geoffrey S. Mendelson" <gsm@mendelson.com> - 2012-04-15 17:24 +0000
Page 5 of 6 — ← Prev page 1 2 3 4 [5] 6 Next page →
| From | nospam <nospam@nospam.invalid> |
|---|---|
| Date | 2012-04-23 20:37 -0700 |
| Message-ID | <230420122037160708%nospam@nospam.invalid> |
| In reply to | #24297 |
In article <4f961dd5$0$1257$c3e8da3$f017e9df@news.astraweb.com>, JF Mezei <jfmezei.spamnot@vaxination.ca> wrote: > NFC has greater odds of success for public transit (instead of current > RFID cards). coming soon: <http://www.theverge.com/2012/4/23/2968565/mbta-masabi-mobile-rail-ticke ting-system>
[toc] | [prev] | [next] | [standalone]
| From | DevilsPGD <boogabooga@crazyhat.net> |
|---|---|
| Date | 2012-04-23 22:50 -0600 |
| Message-ID | <7bbcp7l1ijhrhmad0mpbe3gcj2u2tt1maf@4ax.com> |
| In reply to | #24297 |
In the last episode of <4f961dd5$0$1257$c3e8da3$f017e9df@news.astraweb.com>, JF Mezei <jfmezei.spamnot@vaxination.ca> said: >With more and more purchases (and fraud) happening on the internet, >changing physical card technology may not do much. The NFC trials are >neat concepts but I doubt they will really take hold. Imagine the >hassles of switching phones. What hassle? You already have to do a reasonable amount of configuration on any modern smartphone to transfer your data, activating NFC is just one more thing. A bigger question is why existing technologies like Bluetooth aren't being used. The pairing process can be simplified with an application (or OS support) that allows a capable device and POS system to identify each other. The POS system would display a QR Code and/or a transaction ID (6 digit number would be sufficient) to kick off the process, the user would confirm the transaction on their phone based on software-configurable rules, using BT to complete the connection. By using both the phone's camera and Bluetooth you can ensure that the user is aware (so drive-by attacks aren't possible, nor could compromised software on the phone approve transactions without any user action at all). Similarly, by using Bluetooth to allow two-way data flow, a challenge/response interchange can avoid allowing replay attacks (so even if an attacker observes the entire session or controls the POS system, you still don't collect enough information to fake a transaction), nor do you need the device to have real-time internet access. -- This signature was randomly selected
[toc] | [prev] | [next] | [standalone]
| From | HelpfulHarry@BusyWorking.com (Helpful Harry) |
|---|---|
| Date | 2012-04-24 18:21 +1200 |
| Message-ID | <HelpfulHarry-2404121821370001@203-118-187-98.dsl.dyn.ihug.co.nz> |
| In reply to | #24306 |
In article <7bbcp7l1ijhrhmad0mpbe3gcj2u2tt1maf@4ax.com>, DevilsPGD <boogabooga@crazyhat.net> wrote: > In the last episode of > <4f961dd5$0$1257$c3e8da3$f017e9df@news.astraweb.com>, JF Mezei > <jfmezei.spamnot@vaxination.ca> said: > > > >With more and more purchases (and fraud) happening on the internet, > >changing physical card technology may not do much. The NFC trials are > >neat concepts but I doubt they will really take hold. Imagine the > >hassles of switching phones. > > What hassle? You already have to do a reasonable amount of configuration > on any modern smartphone to transfer your data, activating NFC is just > one more thing. > > A bigger question is why existing technologies like Bluetooth aren't > being used. The pairing process can be simplified with an application > (or OS support) that allows a capable device and POS system to identify > each other. > > The POS system would display a QR Code and/or a transaction ID (6 digit > number would be sufficient) to kick off the process, the user would > confirm the transaction on their phone based on software-configurable > rules, using BT to complete the connection. > > By using both the phone's camera and Bluetooth you can ensure that the > user is aware (so drive-by attacks aren't possible, nor could > compromised software on the phone approve transactions without any user > action at all). Similarly, by using Bluetooth to allow two-way data > flow, a challenge/response interchange can avoid allowing replay attacks > (so even if an attacker observes the entire session or controls the POS > system, you still don't collect enough information to fake a > transaction), nor do you need the device to have real-time internet > access. I haven't looked into how it works, but there was a TV advert earlier today where people could "bump" their phones to transfer money and I think one was using an iPhone. Helpful Harry :o)
[toc] | [prev] | [next] | [standalone]
| From | nospam <nospam@nospam.invalid> |
|---|---|
| Date | 2012-04-24 00:07 -0700 |
| Message-ID | <240420120007126698%nospam@nospam.invalid> |
| In reply to | #24309 |
In article <HelpfulHarry-2404121821370001@203-118-187-98.dsl.dyn.ihug.co.nz>, Helpful Harry <HelpfulHarry@BusyWorking.com> wrote: > I haven't looked into how it works, but there was a TV advert earlier > today where people could "bump" their phones to transfer money and I think > one was using an iPhone. <http://news.cnet.com/8301-13772_3-57406137-52/with-bump-pay-sending-mon ey-is-easier-than-ever/>
[toc] | [prev] | [next] | [standalone]
| From | Paul Sture <paul@sture.ch> |
|---|---|
| Date | 2012-04-24 10:53 +0200 |
| Message-ID | <n86i69-ldk.ln1@news.sture.ch> |
| In reply to | #24297 |
On Mon, 23 Apr 2012 23:28:20 -0400, JF Mezei wrote: > When you look at EFTPOS systems, they are very national in nature with > ATM cards usable for purchases only in the country of origin. So a > canadian can't use his ATM card to make purchases at an australian store > despite each country having its own national EFTPOS system where all > national banks participate. Europe has the Maestro network which is convenient for those of us who can regularly nip across a border to do some shopping. -- Paul Sture
[toc] | [prev] | [next] | [standalone]
| From | Patty Winter <patty1@wintertime.com> |
|---|---|
| Date | 2012-04-23 16:30 +0000 |
| Message-ID | <4f9583b4$0$16164$742ec2ed@news.sonic.net> |
| In reply to | #24241 |
In article <HelpfulHarry-2304121836160001@203-118-187-222.dsl.dyn.ihug.co.nz>, Helpful Harry <HelpfulHarry@BusyWorking.com> wrote: > >> On Sun, 22 Apr 2012 13:17:37 -0500, Wayne Marsh <waynegmarsh@mac.com> >> wrote: >> >> >Now I scratch out the 3-digit "validation code" on the back of my cards. >> >I suppose the thieves can still get all the info they need if they have >> >a scanner, but it'll stop anyone who just writes down the numbers off >> >the card and tries to make an Internet purchase. > >That's good if someone steals the card or maybe for places like a >restaurant that takes the card away to process, but you sometimes have to >tell the "security code" to people when ordering stuff via phone or >Internet form ... so that person can simply write down your "security >code" and details anyway. The security code isn't designed to protect your account in that situation. It's for stopping people who get hold of your account number but not the actual card. The latter used to be easier when receipts included full CC numbers; now they just have the last few digits. Monthly statements still have the full numbers and could potentially be stolen, but I suspect that most CC# theft these days is done electronically rather than physically. And once a few years ago when a spurious purchased turned up on one of my CC accounts, the CSR told me that it didn't mean that anyone had actually gotten the number somewhere; they could just be trying random numbers to see which ones worked. They would have "ordered" something from a front operation that wouldn't require the security code to process the purchase. Patty
[toc] | [prev] | [next] | [standalone]
| From | Warren Oates <warren.oates@gmail.com> |
|---|---|
| Date | 2012-04-23 13:09 -0400 |
| Message-ID | <4f958ccf$0$1754$c3e8da3$92d0a893@news.astraweb.com> |
| In reply to | #24260 |
In article <4f9583b4$0$16164$742ec2ed@news.sonic.net>, Patty Winter <patty1@wintertime.com> wrote: > they could just be trying random numbers to > see which ones worked. Generating "valid" credit card numbers is fairly trivial (ones where the numbers generate the right checksum for the specific company, or however it's done now. I recall that it was one of the examples in an old assembly language book I had). I can see how The Bad Guys could generate a whole bunch of them and just try them out. They also have to guess at an expiry date, though. -- ... do not cover a warm kettle or your stock may sour. -- Julia Child
[toc] | [prev] | [next] | [standalone]
| From | nospam <nospam@nospam.invalid> |
|---|---|
| Date | 2012-04-23 11:03 -0700 |
| Message-ID | <230420121103536560%nospam@nospam.invalid> |
| In reply to | #24262 |
In article <4f958ccf$0$1754$c3e8da3$92d0a893@news.astraweb.com>, Warren Oates <warren.oates@gmail.com> wrote: > Generating "valid" credit card numbers is fairly trivial (ones where the > numbers generate the right checksum for the specific company, or however > it's done now. I recall that it was one of the examples in an old > assembly language book I had). it's shockingly simple. > I can see how The Bad Guys could generate a whole bunch of them and just > try them out. They also have to guess at an expiry date, though. not just bad guys. you can too: <http://www.gliderspen.net/cgi-bin/ccard.cgi> <http://www.darkcoding.net/credit-card-numbers/>
[toc] | [prev] | [next] | [standalone]
| From | Patty Winter <patty1@wintertime.com> |
|---|---|
| Date | 2012-04-23 21:06 +0000 |
| Message-ID | <4f95c46d$0$16133$742ec2ed@news.sonic.net> |
| In reply to | #24262 |
In article <4f958ccf$0$1754$c3e8da3$92d0a893@news.astraweb.com>, Warren Oates <warren.oates@gmail.com> wrote: > >Generating "valid" credit card numbers is fairly trivial (ones where the >numbers generate the right checksum for the specific company, or however >it's done now. I recall that it was one of the examples in an old >assembly language book I had). > >I can see how The Bad Guys could generate a whole bunch of them and just >try them out. They also have to guess at an expiry date, though. Don't most credit cards have about a two-year renewal? So they'd probably only have to try about 24 expiry dates per CC number. Patty
[toc] | [prev] | [next] | [standalone]
| From | DevilsPGD <boogabooga@crazyhat.net> |
|---|---|
| Date | 2012-04-23 20:28 -0600 |
| Message-ID | <j53cp7hv3jnq1jhg6sm0fsbte9uo0j27uc@4ax.com> |
| In reply to | #24241 |
In the last episode of <HelpfulHarry-2304121836160001@203-118-187-222.dsl.dyn.ihug.co.nz>, HelpfulHarry@BusyWorking.com (Helpful Harry) said: >The whole idea of it being a "security code", and yet printed on the back >and has to be given out to people always sruck me as incredibly stupid and >virtually useless as any form of "security". You're missing the point. The key is that this number can't be captured by swiping the card, so hacked readers or compromised POS equipment can't capture this code. It's also prohibited to retain the CVV2 code, although it certainly does happen. The magnetic stripe has some extra checksum digits/codes too that aren't printed on the card for the same reason (namely, that an electronic transaction no longer provides enough information to reproduce the card) Is it perfect? No, of course not. But it's better than not having/verifying it at all. -- This signature was randomly selected
[toc] | [prev] | [next] | [standalone]
| From | HelpfulHarry@BusyWorking.com (Helpful Harry) |
|---|---|
| Date | 2012-04-24 16:16 +1200 |
| Message-ID | <HelpfulHarry-2404121616430001@203-118-187-202.dsl.dyn.ihug.co.nz> |
| In reply to | #24292 |
In article <j53cp7hv3jnq1jhg6sm0fsbte9uo0j27uc@4ax.com>, DevilsPGD <boogabooga@crazyhat.net> wrote: > In the last episode of > <HelpfulHarry-2304121836160001@203-118-187-222.dsl.dyn.ihug.co.nz>, > HelpfulHarry@BusyWorking.com (Helpful Harry) said: > > >The whole idea of it being a "security code", and yet printed on the back > >and has to be given out to people always sruck me as incredibly stupid and > >virtually useless as any form of "security". > > You're missing the point. The key is that this number can't be captured > by swiping the card, so hacked readers or compromised POS equipment > can't capture this code. > > It's also prohibited to retain the CVV2 code, although it certainly does > happen. > > The magnetic stripe has some extra checksum digits/codes too that aren't > printed on the card for the same reason (namely, that an electronic > transaction no longer provides enough information to reproduce the card) > > Is it perfect? No, of course not. But it's better than not > having/verifying it at all. But for phone or Internet orders you're not using the magnetic strip. When you make such an order you are sometimes asked for the "security code", so all it takes is for the person on the other end to write it down along with the other details, and then it can be used by someone else for phone / Internet orders ... meaning it's worthless as any form of "security" measure. The fact that retaining the code may be illgeal isn't going to make the slightest difference to a criminal. Of course, even if they don't ask for that code, simply having the card number, name and expiry date is enough for a criminal to start making phone / Internet orders at many places. Helpful Harry :o)
[toc] | [prev] | [next] | [standalone]
| From | DevilsPGD <boogabooga@crazyhat.net> |
|---|---|
| Date | 2012-04-23 22:50 -0600 |
| Message-ID | <3sbcp7h3scfag6r2mped14fd8fui3b8i5a@4ax.com> |
| In reply to | #24301 |
In the last episode of <HelpfulHarry-2404121616430001@203-118-187-202.dsl.dyn.ihug.co.nz>, HelpfulHarry@BusyWorking.com (Helpful Harry) said: >But for phone or Internet orders you're not using the magnetic strip. When >you make such an order you are sometimes asked for the "security code", so >all it takes is for the person on the other end to write it down along >with the other details, and then it can be used by someone else for phone >/ Internet orders ... meaning it's worthless as any form of "security" >measure. The fact that retaining the code may be illgeal isn't going to >make the slightest difference to a criminal. Right -- It doesn't solve *that* problem. It's not supposed to. Just because a specific security feature doesn't solve every security problem doesn't make it useless. There's little you can do to prevent a malicious merchant from gaining enough information to complete other online orders. The CVV2 code prevents a compromised magnetic stripe card reader from providing enough information to complete online orders. It does that. By requiring merchants not store it, you can help ensure that in the event a merchant's database is compromised, the attacker still doesn't have enough information to complete transactions. That's it. It's not designed or intended to prevent a malicious merchant (or anyone with physical access to the card) from being able to use the card. It's a layer of security, and a moderately effective one when it comes to that specific threats it's design to prevent. Short of adding replay-attack prevention (something possible on the chip based cards that most of the modern world are using), you simply can't block a malicious merchant. That's okay though, because pattern recognition systems employed by the payment processors can help to identify a trend of compromised cards being used at specific merchants. -- This signature was randomly selected
[toc] | [prev] | [next] | [standalone]
| From | HelpfulHarry@BusyWorking.com (Helpful Harry) |
|---|---|
| Date | 2012-04-24 18:27 +1200 |
| Message-ID | <HelpfulHarry-2404121827040001@203-118-187-98.dsl.dyn.ihug.co.nz> |
| In reply to | #24307 |
In article <3sbcp7h3scfag6r2mped14fd8fui3b8i5a@4ax.com>, DevilsPGD <boogabooga@crazyhat.net> wrote: > In the last episode of > <HelpfulHarry-2404121616430001@203-118-187-202.dsl.dyn.ihug.co.nz>, > HelpfulHarry@BusyWorking.com (Helpful Harry) said: > > > >But for phone or Internet orders you're not using the magnetic strip. When > >you make such an order you are sometimes asked for the "security code", so > >all it takes is for the person on the other end to write it down along > >with the other details, and then it can be used by someone else for phone > >/ Internet orders ... meaning it's worthless as any form of "security" > >measure. The fact that retaining the code may be illgeal isn't going to > >make the slightest difference to a criminal. > > Right -- It doesn't solve *that* problem. It's not supposed to. Just > because a specific security feature doesn't solve every security problem > doesn't make it useless. There's little you can do to prevent a > malicious merchant from gaining enough information to complete other > online orders. > > The CVV2 code prevents a compromised magnetic stripe card reader from > providing enough information to complete online orders. It does that. Not really - many Internet / phone purchases don't even ask for the extra code anyway. Personally I haven't run across that many which actually do ask for it. There was a legitimate, long established Internet mail-order company in Australia that only a couple of years ago asked for the front and back of the credit card be faxed to them to confirm online orders (it was stated as so in their terms and conditions). Helpful Harry :o)
[toc] | [prev] | [next] | [standalone]
| From | Barry Margolin <barmar@alum.mit.edu> |
|---|---|
| Date | 2012-04-24 02:35 -0400 |
| Message-ID | <barmar-EB4E86.02350124042012@news.eternal-september.org> |
| In reply to | #24310 |
In article <HelpfulHarry-2404121827040001@203-118-187-98.dsl.dyn.ihug.co.nz>, HelpfulHarry@BusyWorking.com (Helpful Harry) wrote: > In article <3sbcp7h3scfag6r2mped14fd8fui3b8i5a@4ax.com>, DevilsPGD > <boogabooga@crazyhat.net> wrote: > > The CVV2 code prevents a compromised magnetic stripe card reader from > > providing enough information to complete online orders. It does that. > > Not really - many Internet / phone purchases don't even ask for the extra > code anyway. Personally I haven't run across that many which actually do > ask for it. I think 50-75% of the Internet retailers I've used ask for it. -- Barry Margolin Arlington, MA
[toc] | [prev] | [next] | [standalone]
| From | HelpfulHarry@BusyWorking.com (Helpful Harry) |
|---|---|
| Date | 2012-04-24 19:21 +1200 |
| Message-ID | <HelpfulHarry-2404121921440001@203-118-187-98.dsl.dyn.ihug.co.nz> |
| In reply to | #24311 |
In article <barmar-EB4E86.02350124042012@news.eternal-september.org>, Barry Margolin <barmar@alum.mit.edu> wrote: > In article > <HelpfulHarry-2404121827040001@203-118-187-98.dsl.dyn.ihug.co.nz>, > HelpfulHarry@BusyWorking.com (Helpful Harry) wrote: > > > > In article <3sbcp7h3scfag6r2mped14fd8fui3b8i5a@4ax.com>, DevilsPGD > > <boogabooga@crazyhat.net> wrote: > > > The CVV2 code prevents a compromised magnetic stripe card reader from > > > providing enough information to complete online orders. It does that. > > > > Not really - many Internet / phone purchases don't even ask for the extra > > code anyway. Personally I haven't run across that many which actually do > > ask for it. > > I think 50-75% of the Internet retailers I've used ask for it. For me it would be more like 5% that DO ask for it. One of my jobs recently has been to help process credit card donations for one client which come through via post. Their forms do not ask for the security code and the credit card processing website doesn't ask for it either (it's been a while since I did some, but there may be an optional box on the website for it). Helpful Harry :o)
[toc] | [prev] | [next] | [standalone]
| From | Paul Sture <paul@sture.ch> |
|---|---|
| Date | 2012-04-24 10:37 +0200 |
| Message-ID | <hb5i69-ldk.ln1@news.sture.ch> |
| In reply to | #24241 |
On Mon, 23 Apr 2012 18:36:16 +1200, Helpful Harry wrote: > t's always been equally silly that banks send out material (whether it's > a new card, new cheque book, bank statements, etc.) in an envelope > emblazoned with their logo - that makes it very easy for a criminal > postman or someone looking in mailboxes to steal it. In the UK they learned that lesson the hard way when credit cards were first introduced. In old large houses which have been converted into several apartments the mail for the whole house typically sits on a table in the entrance hall, and many helped themselves to those attractive looking envelopes. I don't think I've ever had a card arrive in anything except a plain envelope. However, even those envelopes are easy to recognise once you've seen them. -- Paul Sture
[toc] | [prev] | [next] | [standalone]
| From | Kurt Ullman <kurtullman@yahoo.com> |
|---|---|
| Date | 2012-04-12 08:30 -0400 |
| Message-ID | <N9OdnTcc2b5WVxvSnZ2dnUVZ_gadnZ2d@earthlink.com> |
| In reply to | #23677 |
In article <110420122317226888%star@sky.net>, Davoud <star@sky.net> wrote: > Davo > usually measured in minutes or hours--especially now, when there is no > way that my bank is going to authorize a transaction in Eastern Europe > out of the blue without contacting me first. I know this because I get > e-mails and phone calls from my bank from time to time questioning > out-of-pattern purchases that I have made. And it seems to be getting stricter and stricter. If I don't tell my CC company I am going to FL they have put a stop on the card. Despite the fact I have been going there every year for the past 25 and drive down using the card for gas, food and hotels along the way. -- People thought cybersex was a safe alternative, until patients started presenting with sexually acquired carpal tunnel syndrome.-Howard Berkowitz
[toc] | [prev] | [next] | [standalone]
| From | Alan Browne <alan.browne@FreelunchVideotron.ca> |
|---|---|
| Date | 2012-04-12 14:33 -0400 |
| Message-ID | <_PudncNAL_GMvRrSnZ2dnUVZ_qidnZ2d@giganews.com> |
| In reply to | #23716 |
On 2012-04-12 08:30 , Kurt Ullman wrote:
> In article<110420122317226888%star@sky.net>, Davoud<star@sky.net>
> wrote:
>
>> Davo
>> usually measured in minutes or hours--especially now, when there is no
>> way that my bank is going to authorize a transaction in Eastern Europe
>> out of the blue without contacting me first. I know this because I get
>> e-mails and phone calls from my bank from time to time questioning
>> out-of-pattern purchases that I have made.
>
> And it seems to be getting stricter and stricter. If I don't tell my CC
> company I am going to FL they have put a stop on the card. Despite the
> fact I have been going there every year for the past 25 and drive down
> using the card for gas, food and hotels along the way.
This seems to be more an issue with US issued cards (I had one some
years ago and had to tell them if I was off to Europe or Asia) than the
Canadian cards I have.
One difference may be the chipped cards (require PIN) v. the old mag
striped only cards that are prevalent in the US.
--
"I was gratified to be able to answer promptly, and I did.
I said I didn't know."
-Samuel Clemens.
[toc] | [prev] | [next] | [standalone]
| From | Zaidy036 <Zaidy036@isp.spam> |
|---|---|
| Date | 2012-04-12 23:02 -0400 |
| Message-ID | <jm84vn$174$1@dont-email.me> |
| In reply to | #23732 |
On 4/12/2012 2:33 PM, Alan Browne wrote: > On 2012-04-12 08:30 , Kurt Ullman wrote: >> In article<110420122317226888%star@sky.net>, Davoud<star@sky.net> >> wrote: >> >>> Davo >>> usually measured in minutes or hours--especially now, when there is no >>> way that my bank is going to authorize a transaction in Eastern Europe >>> out of the blue without contacting me first. I know this because I get >>> e-mails and phone calls from my bank from time to time questioning >>> out-of-pattern purchases that I have made. >> >> And it seems to be getting stricter and stricter. If I don't tell my CC >> company I am going to FL they have put a stop on the card. Despite the >> fact I have been going there every year for the past 25 and drive down >> using the card for gas, food and hotels along the way. > > This seems to be more an issue with US issued cards (I had one some > years ago and had to tell them if I was off to Europe or Asia) than the > Canadian cards I have. > > One difference may be the chipped cards (require PIN) v. the old mag > striped only cards that are prevalent in the US. > Citi (American Air) now offers "chipped" cards if you call them up. Unfortunately then there is no space for your picture but it is a good idea if traveling to Europe. -- Zaidy036
[toc] | [prev] | [next] | [standalone]
| From | HelpfulHarry@BusyWorking.com (Helpful Harry) |
|---|---|
| Date | 2012-04-13 18:19 +1200 |
| Message-ID | <HelpfulHarry-1304121819210001@203-118-187-39.dsl.dyn.ihug.co.nz> |
| In reply to | #23755 |
I wouldn't worry about. Cards are "old tech" and are in the process of being replaced by using your mobile phones as a wallet instead. (Not very useful for placing orders by phone though.) There has actually been a couple of news stories this month with people stealing card information here in New Zealand. Some via skimmers on automatic teller machines / ATMs / money machines and some where they actually swapped an in-store device for their own (by distracting staff). Helpful Harry :o)
[toc] | [prev] | [next] | [standalone]
Page 5 of 6 — ← Prev page 1 2 3 4 [5] 6 Next page →
Back to top | Article view | comp.sys.mac.system
csiph-web