Author Topic: "FU^%ING" Credit-Cards!!!  (Read 13265 times)

0 Members and 1 Guest are viewing this topic.

Offline TimFox

  • Super Contributor
  • ***
  • Posts: 8995
  • Country: us
  • Retired, now restoring antique test equipment
Re: "FU^%ING" Credit-Cards!!!
« Reply #100 on: July 01, 2020, 03:55:23 pm »
Just remember that if you convert these dollar percentages into decibels, you must use the factor 10, since money is power.
 
The following users thanked this post: SilverSolder

Offline duckduck

  • Frequent Contributor
  • **
  • Posts: 420
  • Country: us
  • 20Hz < fun < 20kHz, and RF is Really Fun
Re: "FU^%ING" Credit-Cards!!!
« Reply #101 on: July 02, 2020, 12:37:00 am »
Another issue with cards is geo-fencing. Or rather the lack of it. Surley it would not kill the IT guys at your card processor to issue cards that can only be used in a given territory? Or at least, a transaction would not be authorized out of bounds?

I sure wish that card issuers / banks would join the modern world and make MFA (Multi-Factor Authentication) available. You stick your card in the payment terminal thing at the grocery store and your mobile phone prompts you "Authorize payment of $83.53 to Fat Goose Groceries and Wine? Authorize / Decline / Report Fraud". Yes, I understand there are problems with implementing that but use of machine learning could auto-approve your nightly pint at the pub, weekly laundry at your dry-cleaners, but then prompt you when you buy airline tickets or jewelry.

It might take an upgrade to the payment terminals but they could use OTP (One Time Password), like those RSA fobs that display a different numeric code every 60 seconds, or the Google Authenticator app on your phone. You put your credit card in the payment terminal, click OK on the terminal, and then the terminal prompts you for the code from your phone app, which could be done via scanning a 2D barcode on your phone like your boarding pass when you fly. That would prevent problems related to "I can't get a cell signal at the checkout".

MFA would stop remote credit card theft cold because without the cardholder's phone, the credit card would be useless. Card issuers / banks know all this but they've run the numbers and tens of thousands of transactions from stolen credit cards every year (and the heartburn that it creates for the victims) is cheaper for them. Now you've got me ranting about the banks.

"Why is it that everyone that knows how this country should be run is cutting hair or driving a cab?"
« Last Edit: July 02, 2020, 12:40:48 am by duckduck »
 

Offline greenpossum

  • Frequent Contributor
  • **
  • Posts: 408
  • Country: au
Re: "FU^%ING" Credit-Cards!!!
« Reply #102 on: July 02, 2020, 12:57:59 am »
I sure wish that card issuers / banks would join the modern world and make MFA (Multi-Factor Authentication) available.

Or join the even more modern world and use a phone app together with NFC, obviating the card.

Saw a US project for sanitising the number pad on card terminals with UV. Around here contactless payment has been around for a while and boosted by C-19.
 

Offline themadhippy

  • Super Contributor
  • ***
  • Posts: 3264
  • Country: gb
Re: "FU^%ING" Credit-Cards!!!
« Reply #103 on: July 02, 2020, 02:07:29 am »
Quote
and your mobile phone prompts you
And if dont have a mobile phone? Thats the problem with the system recently introduced in the uk,some banks do offer an email option,but not all.
 

Offline Rick Law

  • Super Contributor
  • ***
  • Posts: 3490
  • Country: us
Re: "FU^%ING" Credit-Cards!!!
« Reply #104 on: July 02, 2020, 04:35:56 am »
Quote
and your mobile phone prompts you
And if dont have a mobile phone? Thats the problem with the system recently introduced in the uk,some banks do offer an email option,but not all.

Keep my coffee warm, I will run home to reply to my email to authorize this payment.   Really, I will be right back because I really need my caffeine fix.  Really ... I'll be back...
 
The following users thanked this post: Larryc001

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23099
  • Country: gb
Re: "FU^%ING" Credit-Cards!!!
« Reply #105 on: July 02, 2020, 08:14:22 am »
Quote
and your mobile phone prompts you
And if dont have a mobile phone? Thats the problem with the system recently introduced in the uk,some banks do offer an email option,but not all.

With Santander here. If you make a big CC purchase you have to auth it with your phone. Works nicely. They do SMS as well but having 2FA for transactions is a damn good thing.

In 2020 if you don’t own a phone then you’re running a self inflicted social disadvantage IMHO
 

Offline SilverSolder

  • Super Contributor
  • ***
  • Posts: 6126
  • Country: 00
Re: "FU^%ING" Credit-Cards!!!
« Reply #106 on: July 02, 2020, 12:16:34 pm »

I prefer SMS over an app, in all honesty.  I can't guarantee what phone will be at the end of my phone number at all times,  but I can guarantee it will be able to do SMS!

 

Offline DrG

  • Super Contributor
  • ***
  • !
  • Posts: 1199
  • Country: us
Re: "FU^%ING" Credit-Cards!!!
« Reply #107 on: July 03, 2020, 01:03:34 am »
BTW: I was recently informed of a new rebate opportunity on a card that I do not use very often.

Code: [Select]
Use your card to earn 10% back as a statement credit, up to $25, through 09/30/2020 on eligible purchases¹ you make at:

    Restaurants: including takeout meals and curbside pickup orders
    Grocery stores: including curbside pickup and online delivery
    Gas Stations
    Drugstores: including prescription orders made online
    Mass Transit & Commuter Transportation Vendors

A 10% rebate! Now, it maxs it out at $25, but I think it qualifies as a, 'just reach down and pick it up'
- Invest in science - it pays big dividends. -
 

Offline Bassman59

  • Super Contributor
  • ***
  • Posts: 2501
  • Country: us
  • Yes, I do this for a living
Re: "FU^%ING" Credit-Cards!!!
« Reply #108 on: July 03, 2020, 04:41:54 pm »
Quote
and your mobile phone prompts you
And if dont have a mobile phone? Thats the problem with the system recently introduced in the uk,some banks do offer an email option,but not all.

With Santander here. If you make a big CC purchase you have to auth it with your phone. Works nicely. They do SMS as well but having 2FA for transactions is a damn good thing.

In 2020 if you don’t own a phone then you’re running a self inflicted social disadvantage IMHO

My wife and I have tried to explain 2FA to my mother-in-law several times, and she still doesn't get it. And it's not because she's stupid. She's had a smartphone for several years, uses an iPad all the time and knows how those all work, but 2FA for an 80-year-old is baffling. And I can understand that.

I just wish there was a better way of authenticating transactions.

It's a conundrum to be sure. But to call it a "self-inflicted social disadvantage" says more about you than about her.
 

Offline Bassman59

  • Super Contributor
  • ***
  • Posts: 2501
  • Country: us
  • Yes, I do this for a living
Re: "FU^%ING" Credit-Cards!!!
« Reply #109 on: July 03, 2020, 04:54:18 pm »
It might take an upgrade to the payment terminals ...

There is the rub, right there.

And why aren't those upgrades happening? Because it costs money. New terminals aren't free. I bet the terminal vendors charge for upgrades, too. So businesses are loathe to spend the money on new terminals, and they've done the math and are willing to absorb the cost of fraud.

As of a couple of years ago, all POS card terminals in the US were supposed to have chip readers. The banks would no longer compensate vendors if systems were compromised by a magstripe reader terminal. Yet many businesses still don't have chip readers. (And those that do? NONE require a PIN, so the system is as insecure as a stripe.) And why? They did the math. Say a Bad Guy comes into the hardware store with a cloned credit card and he spends $1,000. Sure, that sounds like a lot of money, but how much does it cost to replace the entire point-of-sale system in that store? Likely a whole lot more than $1,000. Now of course the fraudulent charges will be uncovered soon enough and the card canceled. The true owner of the card doesn't have to worry as the charges will be removed from the account. But the store that sold $1,000 worth of goods? If the terminals were magstripe only, they're outta luck. But as Cosmo Kramer tells Jerry Seinfeld, "they'll just write it off!"

I've noticed that the local taquerias and coffee shops are the first to add more secure POS terminals and allow Apple Pay and other NFC pay systems. But for them it's only a handful of terminals, and sometimes the terminal vendors provide the hardware for free because they charge 3% on each transaction.

The big stores are looking at millions of dollars to roll out new POS systems across dozens or hundreds of stores, and they balk. An exception: Target was famously hacked and all of the data for their in-house credit cards were stolen. They rolled out chip-based POS terminals in record time, and then to get customers to use their in-house card again the cards were all re-issued and when you use it, you get a 5% discount.
 

Offline Bassman59

  • Super Contributor
  • ***
  • Posts: 2501
  • Country: us
  • Yes, I do this for a living
Re: "FU^%ING" Credit-Cards!!!
« Reply #110 on: July 03, 2020, 04:55:19 pm »
Saw a US project for sanitising the number pad on card terminals with UV. Around here contactless payment has been around for a while and boosted by C-19.

Some of the contactless payment terminals here still require the customer to tap "OK" on a screen, so it's not as contactless as one would like.
 

Offline Rick Law

  • Super Contributor
  • ***
  • Posts: 3490
  • Country: us
Re: "FU^%ING" Credit-Cards!!!
« Reply #111 on: July 03, 2020, 07:56:47 pm »
With on-line purchases, your card (fake or not) is never present.  Couple that with credit card companies' own on-line log-in accounts that can manage profile, things get easy to hack -- even if every card is equipped with a chip.

I actually don't have a problem with mobile phone validation.  In fact, I rather like that.

I have a problem with society's over reliance on on-line stuff, from the damn HVAC thermostat that wants to get on-line, to the damn washer/dryer that wants to get on-line.  Hack, if you are home, it does you well to get off the couch to just check.  And if you are out, what's the point of knowing your wash is done anyway?
 

Offline themadhippy

  • Super Contributor
  • ***
  • Posts: 3264
  • Country: gb
Re: "FU^%ING" Credit-Cards!!!
« Reply #112 on: July 03, 2020, 08:15:53 pm »
One simple thing credit\debit card company's could do to cut down on  online purchase fraud is only deliver to the address the card is registered to.
 

Online Bud

  • Super Contributor
  • ***
  • Posts: 7276
  • Country: ca
Re: "FU^%ING" Credit-Cards!!!
« Reply #113 on: July 03, 2020, 08:37:42 pm »
With on-line purchases, your card (fake or not) is never present.  Couple that with credit card companies' own on-line log-in accounts that can manage profile, things get easy to hack -- even if every card is equipped with a chip.
For on-line card not present transactions you need to enter the CVC/CVV security code printed on the back of the card. So in general you still have to have a physical card. Chip plays no role in online transactions. You can't "hack" a CVC code, you need to have a copy of it (unless you know the issuing bank's encryption keys, a probability of which is near zero). Some companies such as Digikey or Amazon store the complete set of information about the customer's credit cards and that allows them to "offer better service" to the customers by not requiring re-enter card information every time a purchase is made. But that storage is The weak link and this is what is typically hacked, not the card itself.
Facebook-free life and Rigol-free shack.
 

Offline Rick Law

  • Super Contributor
  • ***
  • Posts: 3490
  • Country: us
Re: "FU^%ING" Credit-Cards!!!
« Reply #114 on: July 03, 2020, 09:10:15 pm »
With on-line purchases, your card (fake or not) is never present.  Couple that with credit card companies' own on-line log-in accounts that can manage profile, things get easy to hack -- even if every card is equipped with a chip.
For on-line card not present transactions you need to enter the CVC/CVV security code printed on the back of the card. So in general you still have to have a physical card. Chip plays no role in online transactions. You can't "hack" a CVC code, you need to have a copy of it (unless you know the issuing bank's encryption keys, a probability of which is near zero). Some companies such as Digikey or Amazon store the complete set of information about the customer's credit cards and that allows them to "offer better service" to the customers by not requiring re-enter card information every time a purchase is made. But that storage is The weak link and this is what is typically hacked, not the card itself.

As you pointed out every time you ordered on line, your security code is exposed.  They don't have to hack it from you.  They hack it from companies.   Hackers are no dummies, why would they hack your machine and get one or two cards that you have, or hack a company that might have tens of millions of card info stored.

Like walking on the side walk, you could get squashed like a bug by a drunk driver any day, any moment.  When I go out to walk as exercise, I get certain health benefits, and I am exposing myself to more risk.

We have to accept, security with credit cards, NFC payment, whatever, are never perfect.  The less we are exposed, the better.  Benefits must be commensurate with reward.  Every time I pay with a credit card, I get 1% back or whatever, but also exposed myself to a certain risk.    Risk and loss is all around us, and we are always paying for it one way or another.   One just has to think that way, or one is exposing oneself to risk and/or extra cost without proper consideration.  It is the lack of risk/cost consideration that is feeding the growth of the fraud/hack/data-theft industries.
 

Offline David Hess

  • Super Contributor
  • ***
  • Posts: 17427
  • Country: us
  • DavidH
Re: "FU^%ING" Credit-Cards!!!
« Reply #115 on: July 03, 2020, 09:12:11 pm »
After a run in with Google, my experience now is that two factor security which relies on email or phones (or security questions) is less secure.
 

Offline AlexJackson

  • Contributor
  • Posts: 27
  • Country: us
Re: "FU^%ING" Credit-Cards!!!
« Reply #116 on: July 04, 2020, 12:26:42 am »
A credit union I had years ago completely screwed me over for about 3 months. Had a card through them I used for a handful of purchases over the years. Suddenly one morning I wake up and see I'm -$3500 in 5 or so transactions. Called the bank and they were useless over the phone so I had to physically show up. Found out that my card was used all over the world in a 2 hour period and to prevent any issues with my bank, I had to "come up with the funds to cover the overage".

So when I'm 15 cents short (though my savings could cover it with their so-called overdraft protection), they deny the charge completely and still stick me with a $37 'insufficient fee', yet people who are very obviously not me can rack up several thousand $$$$ purchases over the course of a couple hours and the transaction sticks? Before they would even consider doing a fraud investigation they wanted me to get a police report (from Spain, Italy, Russia, India, & France) as that's where my card was used. Long story short after fighting them for nearly 3 months it got straightened out and they still wanted me to cover the 5 insufficient funds fees. That took another couple weeks for me to fight. That should've been my clue to change credit unions though I was with them for well over close to 2 decades.

Fast forward to my current bank, they call me if there's a questionable charge and ask for my next step, I'll have a new card in 6 business days and no 70 point increase on my blood pressure.
« Last Edit: July 04, 2020, 12:28:15 am by AlexJackson »
 

Offline SilverSolder

  • Super Contributor
  • ***
  • Posts: 6126
  • Country: 00
Re: "FU^%ING" Credit-Cards!!!
« Reply #117 on: July 04, 2020, 02:18:13 am »
After a run in with Google, my experience now is that two factor security which relies on email or phones (or security questions) is less secure.

Sounds ominous, what happened?
 

Offline David Hess

  • Super Contributor
  • ***
  • Posts: 17427
  • Country: us
  • DavidH
Re: "FU^%ING" Credit-Cards!!!
« Reply #118 on: July 04, 2020, 10:34:19 am »
After a run in with Google, my experience now is that two factor security which relies on email or phones (or security questions) is less secure.

Sounds ominous, what happened?

Google decided to require me to answer the security questions on an account which was old enough not to have them, locking me out of my own account.  That account was my "secure" account and used to secure many other systems, which I was then locked out of.
 
The following users thanked this post: SilverSolder

Offline GlennSpriggTopic starter

  • Super Contributor
  • ***
  • Posts: 1259
  • Country: au
  • Medically retired Tech. Old School / re-learning !
Re: "FU^%ING" Credit-Cards!!!
« Reply #119 on: July 04, 2020, 11:27:33 am »
Note, from the O.P.   :)
Her bank had contacted her the moment they suspected something wrong, after hours. Some may think it
is an intrusion of privacy, but they said they immediately noticed transactions out of the 'norm'. Her normal
'purchases' were for embroidery related things, from either local or 'specific' O.S. companies. I don't MIND
their level of 'tracking', otherwise we would put money in spaghetti tins and bury them n the back-yard!
Old card immediately blocked/cancelled, new card sent, to date 1/2 the money has been transferred back
into her account, and the rest shortly forthcoming. The banks team has tracked all the transfers, and is
working to trace all those involved without limits/boundaries, for THEIR good & for other customers.

Yes... We understand now that an actual 'Credit-Card' as opposed to a 'Debit-MasterCard' etc, means that
such 'perpetrators' are dealing with the 'Banks' money, instead of ours... however we DON'T all have such
options. As non-working pensioners, we do NOT have certain levels of 'Credit' available/open to us, and to
be honest, we don't want that any more, either!  We both 'owe' nothing in life now, and would never want
to go back to 'Owing many thousands' on various cards, ever again!  Companies want/need to see your
history though, and both of us 'owing nothing' for many years does NOT give us 'Credit' history!!   :o

For instance, simply wanting a Rental-Car for Local/OverSeas... SOME don't like our (lack-of!) history?
We can make FULL payments, and deposits etc, but they almost WANT someone who is a 'Risk', because
they have historical names/addresses to follow up on if/when there is a problem...   :o
Diagonal of 1x1 square = Root-2. Ok.
Diagonal of 1x1x1 cube = Root-3 !!!  Beautiful !!
 

Offline tooki

  • Super Contributor
  • ***
  • Posts: 13156
  • Country: ch
Re: "FU^%ING" Credit-Cards!!!
« Reply #120 on: July 04, 2020, 12:37:25 pm »
Just some info that may be helpful for current or prospective iPhone users:

- According to the conversation I had with the director of security of a state credit union (a type of bank in USA), Apple Pay (which is NFC) is far more secure than the actual cards it is a proxy for, better than the encryption in the chips on the card (both electrical and NFC), never mind the magstripe. It requires biometric authentication for each transaction.

Depending on the credit card issuer, when a card is configured for Apple Pay, you will get notifications for every transaction on the card, even transactions not performed with Apple Pay. (My American AmEx is like that. My Swiss MasterCard only gets notifications for its own Apple Pay transactions.)

- If you live in USA, the Apple Card credit card (aside from having pretty good conditions and a superb user interface) lets you order a physical card*, which is locked by default, and can be unlocked and locked at any time via the iPhone. (The physical card has no expiration date, and has no card number or CVV printed on it, either. And you can replace it, for free, any time you want, if it's been compromised, lost, or stolen.) Apple Card also maintains a separate set of info (card number, expiration, CVV) for use online, which can be changed at any time on the phone app.

*The card, by the way, is beautifully made out of titanium. Of course, like AmEx's Centurion card, too, this means you can't easily destroy it when you need to cut up a card! So you can mail it back to Apple for recycling.


(I don't know anything about Samsung Pay other than that it exists, so don't take this as any kind of comparison or dissing of it. Just passing on what I know about Apple's offering.)
« Last Edit: July 04, 2020, 12:39:38 pm by tooki »
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23099
  • Country: gb
Re: "FU^%ING" Credit-Cards!!!
« Reply #121 on: July 04, 2020, 01:25:08 pm »
Yep. I think I use Apple Pay for everything now. I actually forgot my PIN number the other day when I went to use my debit card for a car parking machine that the NFC had been vandalised on  :-DD
 
The following users thanked this post: tooki

Offline TimFox

  • Super Contributor
  • ***
  • Posts: 8995
  • Country: us
  • Retired, now restoring antique test equipment
Re: "FU^%ING" Credit-Cards!!!
« Reply #122 on: July 04, 2020, 03:02:31 pm »
Again, from a US perspective:  In the US it is much easier to rent a car or check into a hotel with a credit card than with a debit card. 
Now retired without salary income, we still have an excellent credit history, although we have never carried a balance on our credit cards, with only (now paid) house mortgage and car loans on our history, and we have never had a debit card.  Our ATM cards on our normal bank are separate from our credit cards.  We have had occasional fraudulent charges over the last 40 years, but the credit card companies (Visa and Amex) have been very efficient at flagging, stopping, and refunding them.  The frustrating thing is that, by policy, they never tell us what happened to the perpetrators.
I don't believe the credit bureaus' propaganda about how they rate accounts:  the month after we paid off our last car loan (on original schedule), our high credit score actually went down (still high).  The car loan was our only outstanding balance.
In the US, I would not recommend a debit card to anyone who can obtain a credit card.
 

Offline tooki

  • Super Contributor
  • ***
  • Posts: 13156
  • Country: ch
Re: "FU^%ING" Credit-Cards!!!
« Reply #123 on: July 04, 2020, 06:04:09 pm »
Why does it surprise you that your score went down after paying off your loan? That’s exactly what the formula would predict.

With my Amex, I can see my credit score at any time (it’s in the upper half of the “very good” bracket), and it tells me the reason my score isn’t higher is because of having too few accounts. (I don’t have any delinquent or late accounts and never have.) Here’s the screenshot of the info:
 

Offline TimFox

  • Super Contributor
  • ***
  • Posts: 8995
  • Country: us
  • Retired, now restoring antique test equipment
Re: "FU^%ING" Credit-Cards!!!
« Reply #124 on: July 04, 2020, 06:17:12 pm »
Yes, the actual agreement states that.  However, in propaganda about credit scores, I have seen statements (obviously not true) that paying off a debt does not decrease ones score. 
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf