Author Topic: "FU^%ING" Credit-Cards!!!  (Read 13279 times)

0 Members and 1 Guest are viewing this topic.

Offline rrinker

  • Super Contributor
  • ***
  • Posts: 2046
  • Country: us
Re: "FU^%ING" Credit-Cards!!!
« Reply #25 on: June 26, 2020, 05:18:58 pm »

[...] Use a credit card, just always pay it off the same day you put money on it so you never get hit with interest. [...]


You usually don't have to pay until the next statement - all interest free.  You only get hit with interest after the statement date.

 That's how mine works. You need too be disciplined so as to not spend more than you can pay off, but since I also get cash rewards on my credit card, I buy everything on my card and just pay it off. I also earn interest on my checking account at my credit union, so leaving the money in the entire month until I pay off the credit card gains interest that way. I'm sure the credit card company hates me, I keep earning cash back rewards but I haven't paid a dime in interest or fees since I got the card. But like I said - it takes discipline to live like that, it's too tempting for some to just keep on charging right up to the limit of their card.

 I've been hit twice on my card, both times very obviously fraud, and I was not responsible for a dime of it. Card was cancelled and a new card was sent to me overnight. In the one case, I made a purchase at a local retail store and something like 20 seconds a purchase was made in another city that is on a good day a 3 hour drive away. It wasn't compromised at that retail store I legitimately made a purchase at, it came from a few days earlier at a restaurant. Just coincidental that the thieves chose that time to test their ill-gotten information.

 Everywhere around me has readers, and has had them for a while. Maybe in some less populous areas of the US they still have only swipe machines. Even the gas pumps at the station I usually use has chip reader support, although it still can scan the stripe for people that still have cards without the chip. What I have trouble getting used to is the contactless option - my credit card has that, but usually I insert it in the chip reader out of habit. Many places here now have the contactless option as well as the chip. My bank debit card though only has a chip, no contactless option.


 
The following users thanked this post: SeanB

Offline greenpossum

  • Frequent Contributor
  • **
  • Posts: 408
  • Country: au
Re: "FU^%ING" Credit-Cards!!!
« Reply #26 on: June 26, 2020, 05:24:48 pm »
Another issue with cards is geo-fencing. Or rather the lack of it.

That already exists. Many card issuers require you to notify them of the dates you are away and where, otherwise it's liable to be flagged as fraud. Sometimes it slips up. I know of an incident where a user paid by card on a plane and this was billed in the home country of the carrier which set off the alarm and he couldn't use the card on landing.
 

Offline SilverSolder

  • Super Contributor
  • ***
  • Posts: 6126
  • Country: 00
Re: "FU^%ING" Credit-Cards!!!
« Reply #27 on: June 26, 2020, 05:40:19 pm »

[...] Use a credit card, just always pay it off the same day you put money on it so you never get hit with interest. [...]


You usually don't have to pay until the next statement - all interest free.  You only get hit with interest after the statement date.

 That's how mine works. You need too be disciplined so as to not spend more than you can pay off
[...]

It is like learning to not eat more than your body needs...   a life skill!   It can be tough going once heavy debt has been racked up, the interest rates are well into the kind of usury territory where even Jesus would find it hard to forgive them...
 

Online themadhippy

  • Super Contributor
  • ***
  • Posts: 3264
  • Country: gb
Re: "FU^%ING" Credit-Cards!!!
« Reply #28 on: June 26, 2020, 05:52:18 pm »
Quote
That already exists. Many card issuers require you to notify them of the dates you are away and where
And not only does it avoid fraud,it also stops  you using the wrong card on holiday after a pint or 6,that could have been an expensive mistake :phew:
It surprises me the number of people who enter there pin without making any effort to conceal it,why make life easy for scum,also it might be worth hitting random numbers on the keypad  after  youve entered the pin ,seems scum are using also  thermal cameras that can capture the heat signature on the keys  and work out the pin from how long the heat takes to fade from individual keys.
 

Offline Simon

  • Global Moderator
  • *****
  • Posts: 18118
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: "FU^%ING" Credit-Cards!!!
« Reply #29 on: June 26, 2020, 06:18:56 pm »


 That's how mine works. You need too be disciplined so as to not spend more than you can pay off, but since I also get cash rewards on my credit card, I buy everything on my card and just pay it off. I also earn interest on my checking account at my credit union, so leaving the money in the entire month until I pay off the credit card gains interest that way. I'm sure the credit card company hates me, I keep earning cash back rewards but I haven't paid a dime in interest or fees since I got the card. But like I said - it takes discipline to live like that, it's too tempting for some to just keep on charging right up to the limit of their card.




They charge the retailers a fee so they make money. They charge more than for debit cards. Several times I have had companies contact me including my own business bank to quote for card handling on my website and it can be as much as 20 quid or more a month and 8%!!!! which is mare than paypal or stripe.

So the retailer takes this into account in their pricing, nothing is free and the end customer always pays.
 

Offline DrG

  • Super Contributor
  • ***
  • !
  • Posts: 1199
  • Country: us
Re: "FU^%ING" Credit-Cards!!!
« Reply #30 on: June 26, 2020, 07:02:07 pm »


 That's how mine works. You need too be disciplined so as to not spend more than you can pay off, but since I also get cash rewards on my credit card, I buy everything on my card and just pay it off. I also earn interest on my checking account at my credit union, so leaving the money in the entire month until I pay off the credit card gains interest that way. I'm sure the credit card company hates me, I keep earning cash back rewards but I haven't paid a dime in interest or fees since I got the card. But like I said - it takes discipline to live like that, it's too tempting for some to just keep on charging right up to the limit of their card.




They charge the retailers a fee so they make money. They charge more than for debit cards. Several times I have had companies contact me including my own business bank to quote for card handling on my website and it can be as much as 20 quid or more a month and 8%!!!! which is mare than paypal or stripe.

So the retailer takes this into account in their pricing, nothing is free and the end customer always pays.

Yes, you are right, the customer always pays, but not all customers pay the same and you can balance convenience and how much you pay and how.

My favorite card lets me get cash advances at common places like grocery stores with NO cash advance fee or any kind of a bank fee. It is treated just as if I bought some bananas. It has literally eliminated the need for me to go to cash machines and play that "which network is my card and this machine on".

Yeah, I get a 1% rebate on all purchases and a higher percentage on various places on various months. I once used the card to buy a US Savings Bond AND I got the 1% rebate (absolutely unheard of). I spoke with them at length before the transaction and they couldn't believe it either. Shortly thereafter the Government stopped offering payment for them via a CC.

They are very customer-friendly about claims being filed. They offer a best price guarantee thing if you find an item cheaper. I bought a vacuum cleaner from a Dept. Store (that is now bankrupt). The online price was some $20 cheaper and advertised (and not with only good online). I discovered this when I went to buy it in the store. Even the clerks were surprised but could not charge me the lower price. I simply sent the lower price advert in a pdf  with a claim form and the CC honored the difference in a credit.

I ordered an expensive item through Amazon. Even though I was watching the stops on shipping day, it abruptly got damaged and was never delivered. Amazon wanted ME to cancel the order, which would produce a credit to my account, and then re-order. I said EFUUU, you entered the agreement, you honor it and I am not cancelling crap - give me my item...and I challenged the charge with the CC. They sent me the item which arrived the next day and I took an extra day before withdrawing the claim. For some reason after explaining to several Amazon employees in writing. the fundamentals of contractual agreements, they decided that I deserved a free multi-month Amazon Prime membership which they extended until it hit the if-then statement that said this guy isn't buying one.

On a few occasions they have asked for verification on a large purchase - I am fine with that. It rarely happens anymore because I think my patterns are well understood programmatically.

I don't carry a balance that incurs a finance charge ever. They don't care. Anybody who invests their money and carries credit card debt needs to ask themselves if their investments pay anywhere near what they are being charged for by the CC company, when they carry a balance. The answer is that they do not have safe investments that pay that much interest, period. The investment that the banks with the credit cards make is to borrow your money at something like 2% and then loan it out to you for something like 8%. Sweet angle if you can get it.

I don't use debit cards because my understanding is that each transaction is like writing a check and I worried that in the case of fraud, there would be multiple claims that I would have to make. Not sure I am right about that, but I have no reason to bother with a debit card.

The one fraudulent use case I remember was a different card and it basically got reversed using a phone menu and a simple form - that troubled me to realize how rampant the problem has become.

Yeah CCs are a racket but with some research, you can get them to work well for you.... *knock* on wood.
« Last Edit: June 26, 2020, 07:18:09 pm by DrG »
- Invest in science - it pays big dividends. -
 

Offline Simon

  • Global Moderator
  • *****
  • Posts: 18118
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: "FU^%ING" Credit-Cards!!!
« Reply #31 on: June 26, 2020, 07:11:24 pm »
Well it's a case of what we want. Who do you think pays for all that insurance that you get on a credit card? The merchants fees that you pay. The retailer would still have a cost to deal with the cash as it needs people to sort it and bank it and that costs money so a small fee on a card is good for them as it's banked and documented without human paid input.

Online is often cheaper. A friend saw a coat online that he liked. So he went to the shop to buy one only to find it £30 dearer. The manager assured him there was nothing ho could do about it, so he stood there in the shop, ordered it on his phone and collected a couple of days later. But the shops are a drag on the business, space to rent, people to pay, warehouses are cheap and run at optimum capacity, no one sitting around with nothing to do - ask amazon.....
 

Offline DrG

  • Super Contributor
  • ***
  • !
  • Posts: 1199
  • Country: us
Re: "FU^%ING" Credit-Cards!!!
« Reply #32 on: June 26, 2020, 07:21:35 pm »
Well it's a case of what we want. Who do you think pays for all that insurance that you get on a credit card? The merchants fees that you pay. The retailer would still have a cost to deal with the cash as it needs people to sort it and bank it and that costs money so a small fee on a card is good for them as it's banked and documented without human paid input.

Online is often cheaper. A friend saw a coat online that he liked. So he went to the shop to buy one only to find it £30 dearer. The manager assured him there was nothing ho could do about it, so he stood there in the shop, ordered it on his phone and collected a couple of days later. But the shops are a drag on the business, space to rent, people to pay, warehouses are cheap and run at optimum capacity, no one sitting around with nothing to do - ask amazon.....

Concur completely. I would only add that I have purchased at a brick and mortar place and simply offered to pay cash instead of a card if they cut the price - and they will sometimes do that (assuming a large purchase and a savvy clerk - like the owner).
- Invest in science - it pays big dividends. -
 

Offline Simon

  • Global Moderator
  • *****
  • Posts: 18118
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: "FU^%ING" Credit-Cards!!!
« Reply #33 on: June 26, 2020, 07:25:15 pm »
Well yes if it's a sensible size purchase and it's a small shop they won't put so much value on the time to handle cash, I'm thinking big shops like supermarkets that nationwide will be taking 1'000's per minute if not second. If they employed people to count all that money up and bank it they would find it more expensive that card levies as the bank will charge them to bank the cash as well.
 

Offline Stray Electron

  • Super Contributor
  • ***
  • Posts: 2253
Re: "FU^%ING" Credit-Cards!!!
« Reply #34 on: June 26, 2020, 08:52:21 pm »

Concur completely. I would only add that I have purchased at a brick and mortar place and simply offered to pay cash instead of a card if they cut the price - and they will sometimes do that (assuming a large purchase and a savvy clerk - like the owner).

   The problem is that most shops are actually operated by sales droids that don't have the initiative or the authority to make a deal. That's another reason the brick and mortar stores are rapidly disappearing.
 

Offline Simon

  • Global Moderator
  • *****
  • Posts: 18118
  • Country: gb
  • Did that just blow up? No? might work after all !!
    • Simon's Electronics
Re: "FU^%ING" Credit-Cards!!!
« Reply #35 on: June 26, 2020, 09:06:39 pm »

Concur completely. I would only add that I have purchased at a brick and mortar place and simply offered to pay cash instead of a card if they cut the price - and they will sometimes do that (assuming a large purchase and a savvy clerk - like the owner).

   The problem is that most shops are actually operated by sales droids that don't have the initiative or the authority to make a deal. That's another reason the brick and mortar stores are rapidly disappearing.

Yes to make them cheaper to try to compete with online. a work colleague went to a shop, found a nice buggy he wanted to buy for his granddaughter and then found the same one on amazon significantly cheaper. He told us how he could not understand how they would not accept the price that he decided he wanted to pay which was much less than theirs but not much more than amazon. He put no value on the fact that this shop rent premium retail space so that he can swanny in, pick the thing up, look at it try it out. They employ people on semi decent wages sitting on their backsides potentially but there ready when you want them and he can't see how that is more than £25 to achieve than amazon can who rent the cheapest space out of town where no one will drive to, crammed with goods you can't just go and look at paying packing staff the minimum to pack it with stupid targets to hit.
 

Offline bd139

  • Super Contributor
  • ***
  • Posts: 23099
  • Country: gb
Re: "FU^%ING" Credit-Cards!!!
« Reply #36 on: June 26, 2020, 10:04:10 pm »
Ironically perhaps I got fucked over by much respected con artists John Lewis buying a buggy. Got to test it in the store. Ok great. Ordered it to pick up from their collections point same day, got it, got it home and a part was missing. Phoned them up and was told to take it back. So I did. Waited in a queue for 40 minutes, got told that was the last one and that they’d need to ship another one from their warehouse. So three weeks later, no buggy. Phoned up, couldn’t get anyone to actually find out anything useful. Approached bank as it was a debit card transaction, filled in a load of forms and was refunded the money (HSBC). About three months later the money disappeared out of my account again because JL had told HSBC that they had dispatched it and provided evidence (yeah right). This knocked me over my overdraft limit, caused my cards to be blocked, charged £30 fees, couldn’t get a travel card that day, breached contract with the assholes I was working for and had to basically lick assholes not to be kicked on the street immediately.

Then there was the DVD player I bought in Argos and had to deal with a little hitler who accused me of breaking a £49 device which had eaten my dvd.

So fuck retail in the arse. That’s what you’re paying for. Up front service and nothing to back it up later. Once whatever you’ve been mugged for goes out the door they usually wouldn’t piss on you if you were on fire.

Credit cards and amazon get my first hit because genuinely it’s less risky. Last month, Apple TV. Well turns out my TV is shit and doesn’t like HDCP. Turfed it back in a box, Hermes collects it next day, amazon tell me ten minutes after it is collected they have issued a refund and job done. 900 transactions so far. No issues. Even clothes I buy on there. This works because they run low margins and factor return risk into their business unlike retail who knows it’s easy to make service impossible.

Trick with CC is get a zero interest card and pay the bill every month. No risk. All benefit. When it hits the interest period bin it and get another one. If you do manage to get yourself screwed with credit card in the UK just stop paying it. Your credit rating is probably already fucked so it’s in their interest to be nice. After 6 months they will bin the interest and come up with an payment plan. On shopping, use distance selling regulations to your advantage.
« Last Edit: June 26, 2020, 10:09:25 pm by bd139 »
 
The following users thanked this post: HobGoblyn

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 6120
  • Country: au
Re: "FU^%ING" Credit-Cards!!!
« Reply #37 on: June 27, 2020, 12:04:33 am »
So it's either an 'ATM' or a corrupt online purchase.

Or local restaurants, pretty easy to snap a picture of the card when eating out.

I'm pretty sure they put a stop to all that one chip cards became the norm. I haven't seen an EFTPOS machine in Australia for many, many years where manual entry is possible. Of course if they got the CVC as well, then I guess they could use it online? I obliterate the CVC on my cards once I've committed them to memory.

These days, you can't even use a magswipe if the card is chip-enabled unless you first insert the card and it determined there is a problem with the chip or it's unreadable, then it will fall-back to magstripe. If you try to swipe first, it will error out and force you to insert the card. This put an end to the traditional cloning of cards.
« Last Edit: June 27, 2020, 12:08:52 am by Halcyon »
 

Offline dr.diesel

  • Super Contributor
  • ***
  • Posts: 2214
  • Country: us
  • Cramming the magic smoke back in...
Re: "FU^%ING" Credit-Cards!!!
« Reply #38 on: June 27, 2020, 12:16:22 am »
I'm pretty sure they put a stop to all that one chip cards became the norm. I haven't seen an EFTPOS machine in Australia for many, many years where manual entry is possible. Of course if they got the CVC as well, then I guess they could use it online? I obliterate the CVC on my cards once I've committed them to memory.

These days, you can't even use a magswipe if the card is chip-enabled unless you first insert the card and it determined there is a problem with the chip or it's unreadable, then it will fall-back to magstripe. If you try to swipe first, it will error out and force you to insert the card. This put an end to the traditional cloning of cards.

Don't need a chip reader or a swipe to order online or over the phone.


Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 6120
  • Country: au
Re: "FU^%ING" Credit-Cards!!!
« Reply #39 on: June 27, 2020, 12:31:26 am »
I'm pretty sure they put a stop to all that one chip cards became the norm. I haven't seen an EFTPOS machine in Australia for many, many years where manual entry is possible. Of course if they got the CVC as well, then I guess they could use it online? I obliterate the CVC on my cards once I've committed them to memory.

These days, you can't even use a magswipe if the card is chip-enabled unless you first insert the card and it determined there is a problem with the chip or it's unreadable, then it will fall-back to magstripe. If you try to swipe first, it will error out and force you to insert the card. This put an end to the traditional cloning of cards.

Don't need a chip reader or a swipe to order online or over the phone.

Very true, but even then, you would have to hand your card over to someone. This almost never happens in Australia. I eat out quite a lot and I can't recall any time where someone else has physically taken hold of my card. Restaurants and retailers don't want to deal with that kind of liability. Either you use the terminal yourself on your way out or some places even bring a wireless terminal to your table. I can't think of any reason why someone else should be handling your credit or bank card, let alone taking it somewhere out of your sight. In fact, it would be in breach of most (if not all) credit card contracts to give your card to someone else (I don't have a credit card so I can't check the fine print).
« Last Edit: June 27, 2020, 12:34:20 am by Halcyon »
 

Offline dr.diesel

  • Super Contributor
  • ***
  • Posts: 2214
  • Country: us
  • Cramming the magic smoke back in...
Re: "FU^%ING" Credit-Cards!!!
« Reply #40 on: June 27, 2020, 12:38:46 am »
This almost never happens in Australia.

Here in the US is completely different, all restaurants take your card behind the counter, scan it and bring it back, completely out of sight often times.

At Wings Etc two days ago she had my card for 10 minutes before it was brought back.

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 6120
  • Country: au
Re: "FU^%ING" Credit-Cards!!!
« Reply #41 on: June 27, 2020, 12:50:25 am »
This almost never happens in Australia.

Here in the US is completely different, all restaurants take your card behind the counter, scan it and bring it back, completely out of sight often times.

At Wings Etc two days ago she had my card for 10 minutes before it was brought back.

To be fair, you guys also use cheques. I can count on one hand where I've ever had to write or cash a cheque in my entire life. Get with the times America ;-)

I barely even use cash anymore. I can honestly say I don't remember when I last paid for something, let alone handled cash. At a guess, I'd say 6 months or more?
 
The following users thanked this post: newbrain

Offline dr.diesel

  • Super Contributor
  • ***
  • Posts: 2214
  • Country: us
  • Cramming the magic smoke back in...
Re: "FU^%ING" Credit-Cards!!!
« Reply #42 on: June 27, 2020, 12:56:50 am »
To be fair, you guys also use cheques. I can count on one hand where I've ever had to write or cash a cheque in my entire life. Get with the times America ;-)

I barely even use cash anymore. I can honestly say I don't remember when I last paid for something, let alone handled cash. At a guess, I'd say 6 months or more?

I don't disagree, just the option of not having the number printed on the card would help a bunch.

And yeah checks are HORRIBLE, I always get stuck behind somebody slowly writing a check, especially at the farm/utility/hardware stores.

Offline Brumby

  • Supporter
  • ****
  • Posts: 12413
  • Country: au
Re: "FU^%ING" Credit-Cards!!!
« Reply #43 on: June 27, 2020, 01:24:53 am »
This almost never happens in Australia.

Here in the US is completely different, all restaurants take your card behind the counter, scan it and bring it back, completely out of sight often times.

At Wings Etc two days ago she had my card for 10 minutes before it was brought back.

I would refuse to let the card out of my possession, let alone out of my sight.  I would be quite prepared to go for a walk and use the machine myself - and if they had a problem with that, then payment of the bill will be problematic.
 

Offline gnif

  • Administrator
  • *****
  • Posts: 1716
  • Country: au
  • Views and opinions are my own
    • AMD
Re: "FU^%ING" Credit-Cards!!!
« Reply #44 on: June 27, 2020, 01:27:45 am »
No, it is not, the cards still have a mag strip on them but only for backwards compatibility with foreign countries. You can not use the strip in Australia.

Of course you still can. Lots of card terminals still have the magstripe reader. It's the second fall back after NFC and chip.

A colleague of mine works for a company that configures and services these units, unless it has been specifically requested, there is a valid reason for the request AND the bank authorizes it, by default the mag strip is no longer usable in Aus, even as a fallback. There is also an additional monthly fee and you wave protections as a merchant due to the lower security of the device as the responsibility is now on the merchant more than ever to prevent fraud. Many countries have also completely blocked the use of the mag strip specifically due to fraud and many POS machines today do not even have the ability to read the mag strip.
« Last Edit: June 27, 2020, 01:35:31 am by gnif »
 

Offline Brumby

  • Supporter
  • ****
  • Posts: 12413
  • Country: au
Re: "FU^%ING" Credit-Cards!!!
« Reply #45 on: June 27, 2020, 01:29:32 am »
.... and I can't recall any time where someone else has physically taken hold of my card. Restaurants and retailers don't want to deal with that kind of liability. Either you use the terminal yourself on your way out or some places even bring a wireless terminal to your table. I can't think of any reason why someone else should be handling your credit or bank card, let alone taking it somewhere out of your sight. In fact, it would be in breach of most (if not all) credit card contracts to give your card to someone else (I don't have a credit card so I can't check the fine print).

I spoke to a retailer once and their attitude is - If I don't touch the card, then I can't be held responsible for anything that requires holding the card.  This approach has made dealing with the COVID-19 situation a non-challenge.
 

Offline Brumby

  • Supporter
  • ****
  • Posts: 12413
  • Country: au
Re: "FU^%ING" Credit-Cards!!!
« Reply #46 on: June 27, 2020, 01:35:41 am »
No, it is not, the cards still have a mag strip on them but only for backwards compatibility with foreign countries. You can not use the strip in Australia.

Of course you still can. Lots of card terminals still have the magstripe reader. It's the second fall back after NFC and chip.

A colleague of mine works for a company that configures and services these units, unless it has been specifically requested, there is a valid reason for the request AND the bank authorizes it, by default the mag strip is no longer usable in Aus. Many countries have also completely blocked the use of the mag strip specifically due to fraud and many POS machines today do not even have the ability to read the mag strip.

I was in a retailer yesterday and there was a customer that tried to pay via NFC, but there was no response, so they tried the chip reader which had a "chip error" and the terminal told them to swipe - which worked.

I didn't know anything about the configuration policies until this ^^^.



Today, I have learned something.   :-+
 

Offline free_electron

  • Super Contributor
  • ***
  • Posts: 8550
  • Country: us
    • SiliconValleyGarage
Re: "FU^%ING" Credit-Cards!!!
« Reply #47 on: June 27, 2020, 01:38:02 am »
Use one-time numbers. Certain banks offer that. no chance of stealing that. your real card stays at home in the RF protected safe.
Professional Electron Wrangler.
Any comments, or points of view expressed, are my own and not endorsed , induced or compensated by my employer(s).
 

Offline gnif

  • Administrator
  • *****
  • Posts: 1716
  • Country: au
  • Views and opinions are my own
    • AMD
Re: "FU^%ING" Credit-Cards!!!
« Reply #48 on: June 27, 2020, 01:38:32 am »
I have often wondered if NFC has been exploited like they did to break into cars with a wireless link between two PCs and a SDR. That way NFC could be used internationally.

All that said, at the end of the day it could be an exploit against the actual bank. About 2 years ago I was contracted to work on a large deployment for a certain international financial institution where we were building a system to report lost & stolen credit cards (I was on infrastructure). What I saw while working there was abysmal, if it wasn't for bad security practices it was very poorly written software. This system allows the various banks around the world to log in and report and/or check details on credit cards and here is what one of the outsourced "developers" allowed to hit production.

Pesudo Code
Code: [Select]
static int userID = null;
void onLoad()
{
  if (userID == null)
    doAuth();

  do stuff...
}

Code review and testing didn't catch the fact that once a user logged into the system, they could access and use the details of the first user that logged in until the JBoss service was restarted. This is bad, but even worse then one would think as this is a central system to the banks around the globe, so if a user at one logged in, the users at any other competing bank could access and use the system as the other bank.

When I explained to the developer the issue (which wasn't my job BTW) and that it feels like he had used a `static` to store the auth token/id, etc... he blamed it on infrastructure and tried to have me and my colleague fired (he was already blaming us actually which is why I investigated). When he provided an updated fixed binary (jar file) he claimed his company spent 10s of hours writing workarounds for our infrastructure and charged accordingly. I decompiled the old and new versions and identified a single change... literally removed `static` from the declaration.

This company is still in use by the largest carrier of bank data on the planet to develop credit card applications even after exposing them, and this is one of MANY issues we had with this "development company". They didn't even know what Git or Subversion was, source control for them was a samba share over a VPN to developers in India and they insisted that they have direct access to the production servers and couldn't understand why we wouldn't let them.

And add to that, that many ATMs still run Windows NT 4... One company I know of when I was still working there had machines running Windows 98 still!

The banks work to make us think they protect our cards/cash, but looking out from the inside I can tell you that their security is abysmal.
« Last Edit: June 27, 2020, 02:05:39 am by gnif »
 

Offline free_electron

  • Super Contributor
  • ***
  • Posts: 8550
  • Country: us
    • SiliconValleyGarage
Re: "FU^%ING" Credit-Cards!!!
« Reply #49 on: June 27, 2020, 01:40:27 am »
And yeah checks are HORRIBLE, I always get stuck behind somebody slowly writing a check, especially at the farm/utility/hardware stores.
And those are the kind of people that invariably wait until they see the total to write in the other information. like date , who the check is for etc ...
I have to work very hard not to kick them so hard they bounce of the ceiling and when coming down bounce once more off the floor ... i hate check writers.
Professional Electron Wrangler.
Any comments, or points of view expressed, are my own and not endorsed , induced or compensated by my employer(s).
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf