Post Reply ATM ‘Shimmers’ Target Chip-Based Cards
3453 cr points
Send Message: Send PM GB Post
Offline
Posted 2/6/17 , edited 2/6/17
New credit card threat circulating the Valley
https://www.youtube.com/watch?v=fynzfnpLRq0

so the new Chip credit cards are pretty much useless now ..

https://krebsonsecurity.com/2017/01/atm-shimmers-target-chip-based-cards/
]
qwueri 
21529 cr points
Send Message: Send PM GB Post
32 / M
Offline
Posted 2/6/17
From the second link:

“The only way for this attack to be successful is if a [bank card] issuer neglects to check the CVV when authorizing a transaction,” ATM giant NCR Corp. wrote in a 2016 alert to customers. “All issuers MUST make these basic checks to prevent this category of fraud. Card Shimming is not a vulnerability with a chip card, nor with an ATM, and therefore it is not necessary to add protection mechanisms against this form of attack to the ATM.”


So not so much a vulnerability with the chips in the cards as a vulnerability in vendors not checking the damn chips.
19733 cr points
Send Message: Send PM GB Post
70 / M / Limbo
Offline
Posted 2/14/17
SOmeone is always going to find a way to bootleg something
28352 cr points
Send Message: Send PM GB Post
28 / M
Offline
Posted 2/15/17
Oh for fuck sake... Can we just go back to gold doubloons?
Posted 2/15/17

qwueri wrote:

So not so much a vulnerability with the chips in the cards as a vulnerability in vendors not checking the damn chips.


This issue with this is that most retailers will not check the CVV when utilizing either method (chip or swipe). The reason behind this is that cashiers and otherwise have been instructed to just let the customer do their thing. You won't find outlets that will check the CVV because it's another step that most customers won't appreciate. You won't find a lot of people willing to hand their debit/credit card to another person for verification purposes or any other purpose.


MysticGon wrote:

Oh for fuck sake... Can we just go back to gold doubloons?


At this point in the United States, no. We'd have to do a significant amount of restructuring of the monetary system. Plus, the treasury would have to start giving up the gold it has in its own reserves (which is something like $260b at the moment).

Personally, I'm okay with the risk of the digital age. I've started using contactless payment methods versus anything else (Apple Pay for work expenses, Android Pay for personal expenses, and Samsung Pay [when I had a Samsung device]).
7086 cr points
Send Message: Send PM GB Post
31 / M / USA
Offline
Posted 2/17/17
Given the wording of the article this is not saying the retailer should be checking the CVV, they're talking about the card issuer aka the bank your credit card is from. Sounds like some of them may not have implemented the security correctly. Somewhat unrelated: I'm still puzzled that the US switched to chip cards but did not adopt the chip & PIN standard...
4250 cr points
Send Message: Send PM GB Post
Offline
Posted 2/17/17
there's no sure way for everything

http://www.pymnts.com/apple-pay-tracker/2016/apple-pays-low-tech-security-problem/
https://www.bluefin.com/bluefin-news/security-traditional-payment-methods-vs-alternatives-spotlight-mobile-wallets/
https://antivirus.comodo.com/blog/comodo-news/mobile-wallets-discussing-security-issues/

there's a loophold with mobile wallets as well

personally? i'm not a fan of putting too much personal information on my phone.. and i only carry credit cards around

i don't use debit cards-- not a fan of carding a card that is connect to my personal checking account..


cash is still king. but i wouldn't carry that much cash with me either..





You must be logged in to post.