Do you have adblock enabled?
 
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Gizmodo)   Unlike Leon, ATM skimmers are getting smaller. A lot smaller   (gizmodo.com ) divider line
    More: Scary, Mikko Hypponen, swipe card, card reader, research officer, Brian Krebs, keystrokes, cell signaling, data store  
•       •       •

5530 clicks; posted to Geek » on 01 Sep 2014 at 9:01 PM (1 year ago)   |   Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



40 Comments     (+0 »)
 
View Voting Results: Smartest and Funniest
 
2014-09-01 07:05:49 PM  
Meh, I've come full circle.  In the very early eighties, I embraced ATM's.  Now, I stop at the credit union as a walk-in person (f2f) once every two weeks.  (It's not far, and on my way to everywhere else.)
 
2014-09-01 08:16:09 PM  
I just get cash back when paying for items with my debit card at the grocery store.  No fees, no "press 1 for English", no "you really aughta bank here".
 
2014-09-01 09:25:06 PM  

enry: I just get cash back when paying for items with my debit card at the grocery store.  No fees, no "press 1 for English", no "you really aughta bank here".


Never use your debit/PIN at the grocery store, that's an even better way to get stolen. Those little terminals are even worse than ATMs.
 
2014-09-01 09:28:01 PM  
"Nothing is worse than having an itch you can never scratch!"

Ooops, wrong Leon.
 
2014-09-01 09:28:20 PM  
Just got done watching Airplane! Amazing timing.
 
2014-09-01 09:43:08 PM  

LeroyB: "Nothing is worse than having an itch you can never scratch!"

Ooops, wrong Leon.


"And stop saying "okay" all the time. Okay? "

Also wrong Leon
 
2014-09-01 09:44:21 PM  

Trocadero: enry: I just get cash back when paying for items with my debit card at the grocery store.  No fees, no "press 1 for English", no "you really aughta bank here".

Never use your debit/PIN at the grocery store, that's an even better way to get stolen. Those little terminals are even worse than ATMs.


Not everybody has a credit card.  It's even illegal for somebody in bankruptcy
 
2014-09-01 09:48:06 PM  
I actually use a Paypal debit card tied to my checking account. Such an arrangement came in handy a couple of years ago when I started getting automated email notifications from Paypal that I was making $1 donations to something called "Permanently Disabled Jockeys", $100 phone recharges in Egypt, $500 purchases to Nigeria, etc.). I was able to shut down the card with a  quick call to Paypal in the first 60 seconds and notified the bank to put a stop payment on certain amounts that Paypal had identified as dodgy. In short, this had bought me the buffer time I needed before these sociopathic hackers drained my bank account dry.

In the aftermath, no one tried to dispute any of the erroneous charges except that scumbag cell phone place in Egypt. That took about a week to clear up with Paypal and the asshole got zilch. I sent him an email through an anonymous emailer to tell him with a butthole he was and that I hope he gets ass cancer while he rages at not getting my money.
 
2014-09-01 09:50:39 PM  
uh... who's Leon in this ref. ?
 
2014-09-01 09:56:50 PM  
Maybe US banks should start issuing 'chipped' cards in place of the easily-exploitable magstrips.

You know, like every other country in the modern world has already done.
 
2014-09-01 09:57:01 PM  

TV's Vinnie: In the aftermath, no one tried to dispute any of the erroneous charges except that scumbag cell phone place in Egypt. That took about a week to clear up with Paypal and the asshole got zilch. I sent him an email through an anonymous emailer to tell him with a butthole he was and that I hope he gets ass cancer while he rages at not getting my money.


That was YOU?

utah dude: uh... who's Leon in this ref. ?


https://www.youtube.com/watch?v=PzZ4i8aWs_s
obligatory.
 
2014-09-01 10:05:54 PM  

poot_rootbeer: Maybe US banks should start issuing 'chipped' cards in place of the easily-exploitable magstrips.

You know, like every other country in the modern world has already done.


It will finally happen thanks to the Target screwup.  But fraud won't stop.  The simple reality is that the majority of payments are going to be online.  And that's a completely different ball game when it comes to fraud.
 
2014-09-01 10:17:32 PM  

poot_rootbeer: Maybe US banks should start issuing 'chipped' cards in place of the easily-exploitable magstrips.

You know, like every other country in the modern world has already done.


The problem with chip-and-PIN is that consumer protections disappear.

Yes the technology is better but it's not airtight and there was a big bust of chipped cards being cloned via hacked point-of-sale terminals and other vulnerabilities. http://securityaffairs.co/wordpress/25134/cyber-crime/chip-and-pin-cl o ning.html

The problem? Instead of all fraudulent charges being dropped, the banks will now tell you "the technology's foolproof" pay up. http://www.creditsesame.com/blog/credit-card-chip-and-pin-technology/

Little consolation for you now owing 7000 Euros to the bank with zero ability to dispute it.
 
2014-09-01 10:17:38 PM  

Smeggy Smurf: Not everybody has a credit card.  It's even illegal for somebody in bankruptcy


Citation needed.

It might go against a court's orders for most people in bankruptcy, but I doubt it's illegal.
 
2014-09-01 10:26:26 PM  
If the skimmers are getting that small and undetectable, that's another reason to get rid of cah
 
2014-09-01 10:30:08 PM  

LeroyB: "Nothing is worse than having an itch you can never scratch!"

Ooops, wrong Leon.


www.mostlymuppet.com

"Wake up!  Time to die."
 
2014-09-01 11:05:28 PM  

bingo the psych-o: LeroyB: "Nothing is worse than having an itch you can never scratch!"

Ooops, wrong Leon.

[www.mostlymuppet.com image 252x352]

"Wake up!  Time to die."


Leon, take your break at 2.
 
2014-09-01 11:17:24 PM  

lohphat: poot_rootbeer: Maybe US banks should start issuing 'chipped' cards in place of the easily-exploitable magstrips.

You know, like every other country in the modern world has already done.

The problem with chip-and-PIN is that consumer protections disappear.

Yes the technology is better but it's not airtight and there was a big bust of chipped cards being cloned via hacked point-of-sale terminals and other vulnerabilities. http://securityaffairs.co/wordpress/25134/cyber-crime/chip-and-pin-cl o ning.html

The problem? Instead of all fraudulent charges being dropped, the banks will now tell you "the technology's foolproof" pay up. http://www.creditsesame.com/blog/credit-card-chip-and-pin-technology/

Little consolation for you now owing 7000 Euros to the bank with zero ability to dispute it.


I guess it's good that the US is going chip and signature then.

/majority of my cards now have chips
 
2014-09-01 11:38:16 PM  

gingerjet: poot_rootbeer: Maybe US banks should start issuing 'chipped' cards in place of the easily-exploitable magstrips.

You know, like every other country in the modern world has already done.

It will finally happen thanks to the Target screwup.  But fraud won't stop.  The simple reality is that the majority of payments are going to be online.  And that's a completely different ball game when it comes to fraud.


So that's a completely different kind of fraud altogether?
 
2014-09-01 11:41:26 PM  
Diebold have an expensive solution for banks
http://youtu.be/OytcKPCQWZM (Warning: Advertisement for a Diebold product)

Where you insert your card 90degrees from the traditional method.
 
2014-09-01 11:55:41 PM  
Have the keypad randomized itself so the numbers are not consistent with their location.  Thus when you type in your pin, it will not be the same way all of the time.  Grandma would not like it but it would lessen the chances of someone getting a pin number.  (They still can tell if there are multiple digits, but ah well)

Gives you a reason to go in the bank now and flirt with the tellers.
 
2014-09-02 12:25:32 AM  

I_Can't_Believe_it's_not_Boutros: gingerjet: poot_rootbeer: Maybe US banks should start issuing 'chipped' cards in place of the easily-exploitable magstrips.

You know, like every other country in the modern world has already done.

It will finally happen thanks to the Target screwup.  But fraud won't stop.  The simple reality is that the majority of payments are going to be online.  And that's a completely different ball game when it comes to fraud.

So that's a completely different kind of fraud altogether?


So that's a completely different kind of fraud
 
2014-09-02 12:39:33 AM  
I watched a British TV show where they merely put up a kiosk on a busy street and had a guy sit inside it with a card scanner.  After the put the card in, he would duplicate it and record the PIN number.   They would give out money and return the card as to not be suspicious.
 
2014-09-02 12:49:10 AM  

TedCruz'sCrazyDad: I watched a British TV show where they merely put up a kiosk on a busy street and had a guy sit inside it with a card scanner.  After the put the card in, he would duplicate it and record the PIN number.   They would give out money and return the card as to not be suspicious.


https://www.youtube.com/watch?v=52ahfTQ5xIc&feature=youtu.be&t=6m7s
 
2014-09-02 12:56:24 AM  
That does it. From now on, I take paycheck to bank, deposit two-thirds, keep one-third in cash. If that ratio proves unwieldy or impractical, I'll adjust it.

I can literally watch my literal wallet easier than I can keep an eye on a so-called "balance."
 
2014-09-02 01:20:15 AM  
The most common PINs are close to the most common all 20 numeric passwords and it is getting worse as more people get smart phones.

It turns out guessing a PIN for a card is hard but guessing a PIN that will work for a card in a set of stolen cards is trivial.  If you hacked a grocery store, you can try pin "1234" for every card on Monday and try "0852" on Tuesday.  A few months and you will have PINs for 20% or so of the cards.

A good solution is to start using a 6 digit or larger PIN but if you use "123456" some of the point of sale terminals may work with "1234" or "3456" depending on which standard of brokenness they use assuming they can even cope with 6 digits.

The new Dibold ATMs that take the cards in will be fine for a while but it means someone will have to make a skimmer that reads each bit and that means they will have to switch to the magnetic sensors used in smart phones and use a large line of them which might just increase the reliability of the scans.  A better solution is have no mag stripe on the card at all but that isn't going to be viable for years.

In some parts of the world, some industries aren't allow to even use a PIN for small value purchases since they are industries where skimming happens.

The banks should have low-value and high-value PINs as well and the high value ones might just want to use two factor if I have never shopped there before but hte core networks just can't cope with that yet.
 
2014-09-02 02:18:03 AM  

utah dude: uh... who's Leon in this ref. ?


I think I must be, because I'm getting larger.
 
2014-09-02 06:15:45 AM  

lohphat: poot_rootbeer: Maybe US banks should start issuing 'chipped' cards in place of the easily-exploitable magstrips.

You know, like every other country in the modern world has already done.

The problem with chip-and-PIN is that consumer protections disappear.

Yes the technology is better but it's not airtight and there was a big bust of chipped cards being cloned via hacked point-of-sale terminals and other vulnerabilities. http://securityaffairs.co/wordpress/25134/cyber-crime/chip-and-pin-cl o ning.html

The problem? Instead of all fraudulent charges being dropped, the banks will now tell you "the technology's foolproof" pay up. http://www.creditsesame.com/blog/credit-card-chip-and-pin-technology/

Little consolation for you now owing 7000 Euros to the bank with zero ability to dispute it.


Umm, no. Obvious banks are scumbags and try and get away with everything they can, but strong consumer protections still exist in places with Chip and PIN. For example from the UK:

http://www.theguardian.com/money/2012/may/04/banks-pin-card-fraud

The Financial Services Authority's Banking Conduct of business states that a bank may only hold a customer liable ... where the customer has acted fraudulently, or has "intentionally, or with gross negligence, failed to comply with his or her obligations ... to take all reasonable steps to keep its personalised security features safe."

Emery argues that it is quite possible for a customer to keep the card and pin safe, but for a fraudster to obtain them - or just the card details - through other means, which they then use to perpetrate the fraud. In such cases, the bank must repay the customer in full, he says. The Financial Ombudsman Service, where lots of these cases end up, relies on the payment services directive, which came into force in November 2009.

It says that if someone is a victim of fraud, the bank must refund them immediately - unless it has good grounds to suspect that the cardholder has been negligent or acted fraudulently.

A spokesman told Money this week that use of the correct card and pin is not "evidence of negligence in itself. We have always made it clear to financial businesses that just because a pin has been used correctly in conjunction with a card, does not, in itself, mean that the cardholder should be found responsible for the debt.

"We expect to see all the evidence from the financial business demonstrating how it has investigated the disputed transactions and reached its conclusions. We then look at all the evidence from both sides - including the consumer's recollections - when resolving the dispute."
 
2014-09-02 06:28:49 AM  

images.allocine.fr
R.I.P. Léon

 
GBB
2014-09-02 06:57:56 AM  

DON.MAC: The most common PINs are close to the most common all 20 numeric passwords and it is getting worse as more people get smart phones.

It turns out guessing a PIN for a card is hard but guessing a PIN that will work for a card in a set of stolen cards is trivial.  If you hacked a grocery store, you can try pin "1234" for every card on Monday and try "0852" on Tuesday.  A few months and you will have PINs for 20% or so of the cards.

A good solution is to start using a 6 digit or larger PIN but if you use "123456" some of the point of sale terminals may work with "1234" or "3456" depending on which standard of brokenness they use assuming they can even cope with 6 digits.

The new Dibold ATMs that take the cards in will be fine for a while but it means someone will have to make a skimmer that reads each bit and that means they will have to switch to the magnetic sensors used in smart phones and use a large line of them which might just increase the reliability of the scans.  A better solution is have no mag stripe on the card at all but that isn't going to be viable for years.

In some parts of the world, some industries aren't allow to even use a PIN for small value purchases since they are industries where skimming happens.

The banks should have low-value and high-value PINs as well and the high value ones might just want to use two factor if I have never shopped there before but hte core networks just can't cope with that yet.


My luggage....
 
2014-09-02 08:56:40 AM  

dangelder: TV's Vinnie: In the aftermath, no one tried to dispute any of the erroneous charges except that scumbag cell phone place in Egypt. That took about a week to clear up with Paypal and the asshole got zilch. I sent him an email through an anonymous emailer to tell him with a butthole he was and that I hope he gets ass cancer while he rages at not getting my money.

That was YOU?

utah dude: uh... who's Leon in this ref. ?

https://www.youtube.com/watch?v=PzZ4i8aWs_s
obligatory.


much appreciated, thank you!
 
2014-09-02 10:17:04 AM  

I_Can't_Believe_it's_not_Boutros: gingerjet: poot_rootbeer: Maybe US banks should start issuing 'chipped' cards in place of the easily-exploitable magstrips.

You know, like every other country in the modern world has already done.

It will finally happen thanks to the Target screwup.  But fraud won't stop.  The simple reality is that the majority of payments are going to be online.  And that's a completely different ball game when it comes to fraud.

So that's a completely different kind of fraud flying altogether?


https://www.youtube.com/watch?v=0wxp-NxJny8
 
2014-09-02 10:20:58 AM  

DON.MAC: The most common PINs are close to the most common all 20 numeric passwords and it is getting worse as more people get smart phones.

It turns out guessing a PIN for a card is hard but guessing a PIN that will work for a card in a set of stolen cards is trivial.  If you hacked a grocery store, you can try pin "1234" for every card on Monday and try "0852" on Tuesday.  A few months and you will have PINs for 20% or so of the cards.

A good solution is to start using a 6 digit or larger PIN but if you use "123456" some of the point of sale terminals may work with "1234" or "3456" depending on which standard of brokenness they use assuming they can even cope with 6 digits.

The new Dibold ATMs that take the cards in will be fine for a while but it means someone will have to make a skimmer that reads each bit and that means they will have to switch to the magnetic sensors used in smart phones and use a large line of them which might just increase the reliability of the scans.  A better solution is have no mag stripe on the card at all but that isn't going to be viable for years.

In some parts of the world, some industries aren't allow to even use a PIN for small value purchases since they are industries where skimming happens.

The banks should have low-value and high-value PINs as well and the high value ones might just want to use two factor if I have never shopped there before but hte core networks just can't cope with that yet.


Meh,  a rolling pin synched to your account.  With near everyone having smart phones with wifi, you synch an ap with the banks computer and every transaction thereafter you use the phone to get a new pin to enter for dumb terminals or have the phone talk to the ATM/POS for the pin. There is still holes but we will end up with this in a few years.
 
2014-09-02 11:11:25 AM  

K3rmy: Have the keypad randomized itself so the numbers are not consistent with their location.  Thus when you type in your pin, it will not be the same way all of the time.  Grandma would not like it but it would lessen the chances of someone getting a pin number.  (They still can tell if there are multiple digits, but ah well)

Gives you a reason to go in the bank now and flirt with the tellers.


I've dealt with these for secure facility badges where the keypad lights up with a different number pattern each time. However, if they have a good pinhole camera for the ATM, I don't know if this is a viable solution. I like the idea of 2FA, but I understand it has its own weaknesses.
 
2014-09-02 12:15:17 PM  

xria: lohphat: poot_rootbeer: Maybe US banks should start issuing 'chipped' cards in place of the easily-exploitable magstrips.

You know, like every other country in the modern world has already done.

The problem with chip-and-PIN is that consumer protections disappear.

Yes the technology is better but it's not airtight and there was a big bust of chipped cards being cloned via hacked point-of-sale terminals and other vulnerabilities. http://securityaffairs.co/wordpress/25134/cyber-crime/chip-and-pin-cl o ning.html

The problem? Instead of all fraudulent charges being dropped, the banks will now tell you "the technology's foolproof" pay up. http://www.creditsesame.com/blog/credit-card-chip-and-pin-technology/

Little consolation for you now owing 7000 Euros to the bank with zero ability to dispute it.

Umm, no. Obvious banks are scumbags and try and get away with everything they can, but strong consumer protections still exist in places with Chip and PIN. For example from the UK:

http://www.theguardian.com/money/2012/may/04/banks-pin-card-fraud


Um no... A UK cardholder disputed a £2,100 charge and ended up having to pay $15,000 in court costs because the bank destroyed transaction logs by the time the case made it to court. Search for Job v. Halifax.

UK consumer protections are shiate in practise.
 
2014-09-02 12:30:24 PM  

lohphat: xria: lohphat: poot_rootbeer: Maybe US banks should start issuing 'chipped' cards in place of the easily-exploitable magstrips.

You know, like every other country in the modern world has already done.

The problem with chip-and-PIN is that consumer protections disappear.

Yes the technology is better but it's not airtight and there was a big bust of chipped cards being cloned via hacked point-of-sale terminals and other vulnerabilities. http://securityaffairs.co/wordpress/25134/cyber-crime/chip-and-pin-cl o ning.html

The problem? Instead of all fraudulent charges being dropped, the banks will now tell you "the technology's foolproof" pay up. http://www.creditsesame.com/blog/credit-card-chip-and-pin-technology/

Little consolation for you now owing 7000 Euros to the bank with zero ability to dispute it.

Umm, no. Obvious banks are scumbags and try and get away with everything they can, but strong consumer protections still exist in places with Chip and PIN. For example from the UK:

http://www.theguardian.com/money/2012/may/04/banks-pin-card-fraud

Um no... A UK cardholder disputed a £2,100 charge and ended up having to pay $15,000 in court costs because the bank destroyed transaction logs by the time the case made it to court. Search for Job v. Halifax.

UK consumer protections are shiate in practise.


That court case happened before the UK toughened their consumer protection laws. Also, once again, the US will never adopt PINs, so this unlikely scenario won't even be a possibility.
 
2014-09-02 01:42:06 PM  

themindiswatching:
That court case happened before the UK toughened their consumer protection laws. Also, once again, the US will never adopt PINs, so this unlikely scenario won't even be a possibility.


The UK isn't Europe. Each country has different rules and more often than not blame the consumer for leaking the PIN.

In other news this week. It's trivial to get someone's PIN with a thermal camera if you scan the keypad immediately after use.

We in the US expect consumer protection. In most other countries it's caveat emptor and that means you are liable for the fraud as the average citizen doesn't have the power to challenge a bank.
 
2014-09-02 01:57:41 PM  

lohphat: themindiswatching:
That court case happened before the UK toughened their consumer protection laws. Also, once again, the US will never adopt PINs, so this unlikely scenario won't even be a possibility.

The UK isn't Europe. Each country has different rules and more often than not blame the consumer for leaking the PIN.

In other news this week. It's trivial to get someone's PIN with a thermal camera if you scan the keypad immediately after use.

We in the US expect consumer protection. In most other countries it's caveat emptor and that means you are liable for the fraud as the average citizen doesn't have the power to challenge a bank.


No. From  http://europa.eu/rapid/press-release_MEMO-07-152_en.htm:

Limited liability: in the case of loss or theft of a payment instrument (e.g. a debit or credit card) the maximum liability of consumers is limited to EUR 150 (of course this does not apply for fraudulent behaviour). This amount may be reduced by Member States and there is no liability for unauthorised payments occurring after the user has properly notified his/her payment service provider.

Also, the US isn't Europe. I don't see how their implementation of chip cards is relevant for us, considering that every single one of my US issued chip cards so far requires me to sign when I visit a business that can read the chip. There's still going to be enough leeway that they can't really deny liability.
 
2014-09-02 03:53:45 PM  

Saiga410: Meh, a rolling pin synched to your account.


img.fark.net
Can I get it with a Bluetooth connection enabled?
 
2014-09-03 03:27:44 AM  

themindiswatching: (of course this does not apply for fraudulent behaviour)

THAT'S the issue. It's up the the consumer to defend the accusation the transaction was fraudulent.
 
Displayed 40 of 40 comments

View Voting Results: Smartest and Funniest

This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »
On Twitter






In Other Media


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report