OT Paying by credit card over the phone

Page 2 of 3  
snipped-for-privacy@aol.com wrote:

It's been a while since I looked at the spec, but I think it has to do with where the PIN is validated. On a traditional debit card, the PIN is sent to a server at the card processor and ultimately to the issuing bank for approval. With Chip & PIN, the authentication can be done in the card itself. The terminal captures the approvals over a period of time and sends them to the bank in batches.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

That really sounds like a hacker's paradise. I assume they believe their encryption is unbreakable but that is just a dream. If this is batch verified, the scammer has time before he is discovered.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
snipped-for-privacy@aol.com wrote:

Um, no.
At the point of sale, you insert the card into the reader. The user has to enter the pin into the reader's keypad, which presumably sends the pin to the chip on the card. The chip sends back something to the reader to indicate that the pin was correct. So the verification happens in real time - not "batch verified".
I would also guess that for any retailer that is making at least a few CC transactions per minute, that they have their CC machines connected to the store's internet connection - perhaps they have a dedicated phone line and internet service just for their CC machines so that their CC readers are not on the same IP network as the rest of their store's computers.
If someone steals the card and inserts it into a hacked reader, and has the reader modified to generate all possible 4-digit pin numbers to run against the card, the chip on the card is designed to invalidate itself if more than a few incorrect attempts are made to guess the pin.
Replicating the card, with the chip and it's embedded user-selected pin, is pretty close to impossible.
Replicating a convential mag-swipe CC card is trivial if you have physical possession of the card. The chip'd cards also have a mag-swipe track, which I guess can also be duplicated.
Here's something that you might want to do with your credit card:
Take some white-out (white correction paint) and paint over the 3-digit "security" code on the back of the card.
When ever you hand out the card to someone (like a waiter at a restaurant) for processing, and if they bring the card back to you and you notice that the white paint has been scraped off so as to show the code, you know that something fishy is going on.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

But if you have a hacked card chip, you know the right PIN and you make sure there is lots of money on it.
The banks fraud detection unit will not see any of these transactions until the batch is sent.

All you have to do is put a chip on a card that transmits the right stuff to the reader. It doesn't have to be a real card or a real chip.

Yes it is very easy to clone a credit card, that is why they do fraud detection in real time. If a card shows unusual activity they call you and if they don't get a response pretty quickly, they invalidate the card.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 11/9/2011 10:31 PM, snipped-for-privacy@aol.com wrote:

the chip and pin has already been cracked
<http://www.zdnet.co.uk/news/security/2010/10/25/chip-and-pin-crack-code-released-as-open-source-40090637/ <http://www.zdnet.co.uk/news/security-threats/2010/02/11/chip-and-pin-is-broken-say-researchers-40022674/
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Thu, 10 Nov 2011 10:08:38 -0700, chaniarts

I expected that might be true. If it is made by humans, another human can defeat it.
When I was in the computer biz I showed the bank that their ATM was vulnerable to attack. I found the leased line, in one of those phone company splice gravestones you find along the side of the road and hacked into the ATM. Granted I did have the encryption key (a trivial one BTW) but I was able to send the ATM the command string that had it pumping out money, thinking it was talking to the bank. On the bank end they were just seeing the proper response to it's "Hey mon, you dead?" poll. I had a fairly sophisticated piece of test gear but I bet I could have done it with a laptop and a Bi sync modem.,
I assume they got smarter in later generations of ATM.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

The CC companies couldn't care less about fraud or making it safer for the customer. The reason for "high fees and interests rates" seems pretty self evident.
The whole industry is a rip-off and different states deal regulate it --or not!-- it in different ways. CA initially issued universally usable ATM cards. You could go into most any retail store and either buy merchandise or request cash, money pulled directly from your checking acct, with no involvement by the CC companies, whatsoever. Unlike debit cards, where CC companies get a piece of the action.
I moved from CA to CO. The banks, here, claim no such practice has ever existed anywhere. This I found hilarious, as the bank I was trying to open an account at here in CO has also has branches in CA that do exactly that. Whether or not CA still has usable-everywhere ATM cards, I do not know, having moved 3 yrs ago.
nb
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Which is why I refused to use one. A CC card transaction can be disputed. Not so a debit card.

I originally stated "almost" any/everywhere. In the 20 yrs I used one, that was pretty much the case. I was almost never refused a transaction by ATM card. That included restaurants, mini-marts, gas stations, box stores, dept stores, etc. Most stores in a mall always excepted ATM cards as payment, including Penny's, Sears, Macy's, etc. Granted, cash-back was pretty much limited to large sprmkt chains, but I could always get $100+. Also, any ATM machine, including other banks, would honor any ATM card, for a flat fee.
Here in CO, an ATM card is good only at the issuing bank's branch ATM machine, PERIOD, end of story. In short, they're useless for general transactions. Commercial machines here in CO dispense cash only for CCs.
nb
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

They are/were known as Visa Electron and Matercard Maestro cards. Unfortunately my bank stopped offering them a few years ago. Also known as online only or PIN based debit cards as they could not be used in offline signature mode.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Horsecrap! They were known as "ATM" cards and were offered by every bank as far back as the early 80s. Visa and MC were nowhere in the picture. I used one for 20 yrs and never once succumbed to the debit card rip-off, even long after they became the norm to clueless plastic users in CA.
nb
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

You're missing the complete picture - and I'm assuming we're discussing the US here, not another country.
You are correct - at first there were just ATM cards. Those cards were only valid at the issuing bank's ATM machine. Then came regional networks - ie Cirrus, Plus and a bunch of others. ATM cards branded with those network names could be used at your own bank plus grocery stores and the like in your area.
The problem was when you wanted to use your card on the other side of the country or even downstate. That's when Visa and MC stepped in with their national networks. Each had two types of cards: offline/online, or online only.
The offline/online cards were branded just like the credit cards and banks liked it when you used them as a credit card because they collected 3% or more in transaction fees. Stores liked it when you used them in online (PIN) mode, because the transaction fees were much less.
I haven't looked at the contracts from Visa and MC, but I suspect there are restrictions on banks that want to offer national branded cards from competing with themselves by offering ATM only or online only cards. That and it avoids a lot of consumer confusion.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Minor correction - Cirrus and Plus were the online networks that Visa and MC ran. The regional nets were things like CASH, MPACT and a bunch of others.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

I've said, in more than one post, this applied only in CA as far as I know. I now live in CO and I may as well live on Mars. All my ATM experiences in CA are totally nonexistent, here. I'll not repeat it again.
nb
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 11/9/2011 05:28, Home Guy wrote:

Some credit card issuers offer virtual account numbers on their web sites. Features may vary, but it's a different number than the one on your plastic card. It's good for only one merchant, and in some cases you can specify a time and dollar limit. You can also cancel it early. This came in handy for me when I used a virtual number to subscribe to an online publication. Deep down in the terms and conditions was an evergreen clause -- automatic renewal unless I cancelled. I chose not to renew and forgot about it. When I was notified that "there is a problem with your credit card" I simply ignored it.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 11/9/2011 8:05 AM, Evan wrote:

Maybe something unique to where you travel? I haven't seen any small merchants imprint cards for a really long time. Low end CC terminals such as the popular Verifone vx-510 are inexpensive:
http://www.1nbcard.com/content/verifone-vx510-credit-card-terminal-with-printer.html
And even mobile business folks and businesses that set up say at shows use terminals with embedded aircards like this:
http://www.1nbcard.com/content/credit_card_machines-1/wireless_credit_card_machines.html?&sl=EN
Or swipe adapters for smartphones running a virtual terminal.

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Evan wrote:

Hmmm, I and wife have couple retail business established over the years after we retired. It is not a franchise chain stores but we do well. We often get orders from outside our city as far away as South of the border. We eat the difference in card processing service charge. That is called customer service. We only do this to known repeat customers who we personally saw at least couple times. No, to total stranger first timer.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 11/8/2011 7:03 PM, Metspitzer wrote:

If they have to order it from the dealer, why are you dealing with them? Or not ordering it online yourself, if you know the part numbers? No disrespect to Advance and the other FLAPS, but that is not where to buy serious parts, it is where to buy wiper blades and cheaper generics for non-critical systems where the part isn't model-specific.
But to answer your question, yeah- they wanna make sure you at least have the card, and aren't just scamming for resellable parts using somebody else's CC number. They also don't trust their own employees that much- with a card in hand, they have a virtual paper trail. I don't recall using a CC over the phone in years, other than to confirm a hotel room.
--
aem sends...

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

My sister started this transaction. My only part is supplying the cash.
It turns out that even though I drove 25 miles or so to show them the card they were not able to order the part.

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Ever heard of Internet?
Greg

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
aemeijers wrote:

Hi, One way to do is faxing the order with CC info and signature and shipping address, phone no. etc. It always worked for me getting thing from South of border. Or I use Paypal for instant payment.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Related Threads

    HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.