Credit card scam

[DontSayBanana]

What does the chip do?

The chip lets low-frequency receivers pick up the card without being swiped, so it becomes a proximity card as well as a swipe card. It also contains information that wouldn't fit in the magnetic stripe within the ISO 7810 standard.

[Admiral Yi]

All debit cards have PINs-- the banks prefer you to not to use it, though, if it's a Visa or MasterCard branded card.

I thought banks preferred you use the PIN because they get the intercharge on the debit transaction.  No?

[Grey Fox]

What does the chip do?

Other then what dps already said, they are also more difficult(read : takes more then 10seconds) to clone then the magnetic bar.

[DontSayBanana]

Incidentally, my problem with card security is that it's grossly easy to reverse engineer a card. No matter how many verification questions they ask you, it boils down to your name, your account number, your social security number, and your pin number. Since the information is publicly mapped out by ISO 7810 and its subsets, anyone who can dig up any two of those pieces of information could theoretically reverse engineer the entire card.

[dps]

All debit cards have PINs-- the banks prefer you to not to use it, though, if it's a Visa or MasterCard branded card.

I thought banks preferred you use the PIN because they get the intercharge on the debit transaction.  No?

Beats me, but I know that when I got my debit card, in the literature that came with it, the bank recommended using as if it were a credit card and not using the PIN whenever possible, because the less you use the PIN, the fewer opportunities for someone to steal it.

[DontSayBanana]

Other then what dps already said, they are also more difficult(read : takes more then 10seconds) to clone then the magnetic bar.

True, but cloning the magnetic bar usually just involves a spoofed reader. You could do the same thing with the RF transmitter.

[derspiess]

I thought banks preferred you use the PIN because they get the intercharge on the debit transaction.  No?

They make a lot more interchange off the signature ("credit") option than PIN ("debit").  Some banks reward you for using the signature option, some penalize you for using your PIN, and some do both.

Likewise, merchants like to make it as difficult as possible to select "credit" at the terminal, because they pay less interchange to the banks by pushing the transaction through a PIN network, rather than Visa or Mastercard.

[DontSayBanana]

They make a lot more interchange off the signature ("credit") option than PIN ("debit").  Some banks reward you for using the signature option, some penalize you for using your PIN, and some do both.

Likewise, merchants like to make it as difficult as possible to select "credit" at the terminal, because they pay less interchange to the banks by pushing the transaction through a PIN network, rather than Visa or Mastercard.

Yeah. Case in point, TD Bank was recently raffling $1,000 per week to debit and credit card holders for each instance where they signed for a purchase last month. Anyway, from a security standpoint, it's best to leave as little info interceptable as possible, so PIN-less might be more secure. That could be debatable, though, since a lot of credit transactions still require you to put in the card identification number.

[derspiess]

Incidentally, my problem with card security is that it's grossly easy to reverse engineer a card. No matter how many verification questions they ask you, it boils down to your name, your account number, your social security number, and your pin number. Since the information is publicly mapped out by ISO 7810 and its subsets, anyone who can dig up any two of those pieces of information could theoretically reverse engineer the entire card.

I'm not sure that happens too often, though.  The most favored means of cloning cards is either 'skimming' the mag stripe with a simple card reader (this can either be done manually by a dishonest cashier or automatically with an additional card reader attached over top of the ATM or POS device card reader).  Once they have the mag stripe info, all they have to do is write that on to a blank card & bam, they can go around & use the card at will.

Another way, and one we saw late last year, is to hack into a processor's database to get card info.  There was a huge breach around September/October last year where a major merchant card processor got hacked, and apparently a few hundred thousand or so cards got compromised.  The hackers apparently sold the card info to individuals who took pre-paid cards and re-encoded the mag stripe with the stolen card info. 

[DontSayBanana]

I'm not sure that happens too often, though.  The most favored means of cloning cards is either 'skimming' the mag stripe with a simple card reader (this can either be done manually by a dishonest cashier or automatically with an additional card reader attached over top of the ATM or POS device card reader).  Once they have the mag stripe info, all they have to do is write that on to a blank card & bam, they can go around & use the card at will.

Another way, and one we saw late last year, is to hack into a processor's database to get card info.  There was a huge breach around September/October last year where a major merchant card processor got hacked, and apparently a few hundred thousand or so cards got compromised.  The hackers apparently sold the card info to individuals who took pre-paid cards and re-encoded the mag stripe with the stolen card info. 

Trust me, it happens more than you think. I'm sick of it because of the volume of it that came through my way. It's more popular with overseas identity theft because social engineering is so much cheaper and simpler than a technical probe.

I guess I'm not being clear about my problem with card security. There's not enough security in the physical makeup of the card itself. The card can be totally emulated through information, and it's information that can be propagated, there's almost no unique physical characteristics of the card that could slow the propagation of false card information, e.g. all of the information printed on the card is maintained in the swipe strip or the RF chip. There should be some info that bypasses the vendor for verification with the card provider.

[derspiess]

There should be some info that bypasses the vendor for verification with the card provider.

I agree, but any major upgrade like that will probably be pretty costly, and issuing banks probably wouldn't want to bear the cost unless we continue to have major breaches like last year's.

[garbon]

I use my debit like a credit at places where I know they won't make me sign.  Otherwise, put in my pin is less hassle than signing electronically ().

[dps]

I thought banks preferred you use the PIN because they get the intercharge on the debit transaction.  No?

They make a lot more interchange off the signature ("credit") option than PIN ("debit").  Some banks reward you for using the signature option, some penalize you for using your PIN, and some do both.

Likewise, merchants like to make it as difficult as possible to select "credit" at the terminal, because they pay less interchange to the banks by pushing the transaction through a PIN network, rather than Visa or Mastercard.

My bank doesn't charge or reward me either way.

Since I'm not in management anymore, I no longer care about transaction costs to my employer, so I perfer that people use their cards as credit cards, because that means that I don't have to wait for some idiot to try and figure out what their PIN is.  And when I'm a customer, I sure don't want the person ahead of me using their debit card--some of them are worse than waiting for an old woman to fill out a check.

[derspiess]

I use my debit like a credit at places where I know they won't make me sign.  Otherwise, put in my pin is less hassle than signing electronically ().

For me, it's signature all the way.  I pay as many bills as I can using that method.  Key Bank gives me 1 mile for every $2 I spend. 

[viper37]

Is it considered impolite or do you lose face if you look at what bills you sign in China?

No.  Ok, consider the paper used for credit card receipts.  If the waiter places your bill on top, and someone else's bill directly underneath it.  You check the bill on top, then sign the slip.  Your one signature will appear on two sets of receipts.

at nearly every restaurant I go to, the bills are in separate pieces of paper, so you actually only sign one.
It seems China is a bit late with technology... are you still using the hand machine to get a print of the card??