OT: Contactless card fraud?

On Sun, 26 Feb 2017 12:26:10 +0000, Chris Green wrote:

There was a Guardian journalist a couple of years ago who wrote a *very* long article about a "sophisticated scam" (which they had, coincidentally, fallen victim to).
It required a bit of sleuthing, but (as I suspected) buried in the verbiage was the admission that the journalist had given their PIN to the scamsters. (it was the phone call, collect card, ask for PIN "to check the card" scam).
90% of the text appeared to be devoted to telling the reader how savvy the journalist believed themselves to be.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

It's not *just* the Guardian, you can find descriptions of this happening in many places:-
Contactless payment cards that have been cancelled by consumers can still be exploited by thieves for several days, it has emerged.
The "tap and go" cards, which can be used for purchases under £30 without the need to enter a four-digit PIN or signature, do not require automatic authorisation from banks.
Purchases therefore may not appear on a customer's account for some time after a card has been reported lost or stolen, leaving thieves free to keep using them at will.
The onus is then on the customer to check their statements and report any subsequent fraudulent activity to their bank in order to apply for a refund.
Emma Hartley, 45, from east London, said that when her handbag was stolen earlier this year, a thief used her cards for several days after she cancelled them.
A quick Google will find many, many reports like this from many diffferent sources. Now I know that the internet isn't a perfect source of facts but I've seen enough reports like this one to suggest that *is* a problem.
--
Chris Green
·

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Several days is a bit different from the 'until it expires' said earlier.

Seems obvious to me if your card was stolen you'd keep an eye on your account to make sure there wasn't a fraudulent transaction go through after you'd reported it.
--
*Eat well, stay fit, die anyway

Dave Plowman snipped-for-privacy@davenoise.co.uk London SW
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

Just because some fool claims something...

Just because some fool claims something...
I can prove any time that I can block my cards using my phone and they stop working when I do that.

Just because some fool claims something...
Even you can prove anytime that if the account doesn’t have enough money in it, the transaction is refused. So the terminal must have asked the bank if there are sufficient funds in the account.

The words MAY NOT are there for a reason. Yes, some terminals can operate offline for a while, but not for long.

And when that happens, THE BANK gets to wear those transactions.

And most of us have had their bank detect a suspicious transaction and had the bank ask us if that was us doing the transaction, so that statement is only half of the real story.

And it remains to be seen if there actually is an Emma Hartley, 45, from east London and whether she managed to cancel the cards properly even if there is such a person.

Plenty of reports of sightings of aliens landing in the back yard, biting cows bums, being captured by aliens and being experimented on in their space ships too.

On the other hand, since NONE of us has actually seen that problem ourselves, or even knowing someone who has, its MUCH more likely that the real story has been utterly mangled from reality.
And even you can prove for yourself that your contactless card wont allow you to do a transaction when there are insufficient funds in the account and there must be damned few of us who havent had that happen at times. Which proves that the terminal must be contacting the bank to be able to deny the transaction, and that proves that the claim that there is no check for a cancelled card and that it can be used until the card expires is a bare faced lie or at most complete pig ignorance about how the system works.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

And all of my contactless transactions show up in the phone app for that bank as a pending transaction as soon as its done too, so the terminal must be communicating with the bank at the time the transaction is done to get that result.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

Yeah, what I though, just another shit rag that lets people post tripe online.
The terminal has to check if there are sufficient funds in the account to pay for the transaction and so can check if the card has been blocked at the same time.
Yes, terminals can operate offline to handle the situation where the comms are down temporarily, but that is not how they operate all the time. And the proof of that is that everyone has had the situation where a transaction is refused because there arent enough funds in the account.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

So did lots of people that it happened to but it really is true with some banks. I've seen reports of long sagas between card users and banks over this issue.

But the less than £30 transactions aren't verified with the bank, so it's just a conversation between card and terminal. There's no way for the terminal to know the card has been blocked.
--
Chris Green
·

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Wrong. There's a counter in the card for how many "off-line" transactions it's allowed to do before it *must* contact the bank for verification. That count used to be 4, although it may have changed. Once that count is reached, if the card cannot contact the bank, the transaction will be declined. If the card has been cancelled, it will *always* be declined from that point onwards.
The banks may (debateably) be venal, but they're not stupid.
--
Today is Boomtime, the 57th day of Chaos in the YOLD 3183
I don't have an attitude problem.
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

So just how does the terminal tell your bank to pay the store the agreed amount? Even if not done at that actual time, there has to be a communication at some point. Say every day. So at that time it can be informed that card number is blocked.
Or do you think your actual card does that bit?
Just think about it. You legally obtain a contact less card - which won't expire for a few years. You them close that bank account, but continue to use that card for purchases up to £30 with never having to ultimately pay for them. As would happen if the bank couldn't cancel the card.
--
*Errors have been made. Others will be blamed.

Dave Plowman snipped-for-privacy@davenoise.co.uk London SW
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 26/02/2017 13:58, Dave Plowman (News) wrote:

It's a bit late by then - the finder won't be using that terminal again, and other terminals won't know that the card's been blocked.

Read your card's T&C's! You'll find that you are liable for transactions charged to the card even after you have closed the account.
--
Cheers,
Roger
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Ah. Right. So simply tell any thief he will be liable too. That will stop them.
--
*Beauty is in the eye of the beer holder...

Dave Plowman snipped-for-privacy@davenoise.co.uk London SW
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 26/02/2017 15:20, Dave Plowman (News) wrote:

I thought even you were more intelligent than that. It will be the card owner that's liable, not the thief!
--
Cheers,
Roger
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

Not with contactless cards. All the banks wear the fraudulent transactions with those.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 26/02/2017 20:29, Rod Speed wrote:

So what's to stop me from going on a spree with my card and then claiming that it has been stolen in order to get the bank to pay for my purchases?
Or, if my card has genuinely been stolen, how do I prove that the purchases weren't made by me?
--
Cheers,
Roger
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Not with contactless transactions done by a thief.

The fact that you can't do much of a spree at £30 a transaction until it asks for a PIN.

You don't have to prove that. The bank has to prove that you lied about that.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

Nope.

It will because most of the terminals are online all the time.
The main exception is vending machines.

Corse they do. Even with the stuff like vending machines that can batch update, they get the list of blocked cards when they do that.

Fat lot of good that is when they have no other accounts of yours.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 26/02/2017 20:14, Rod Speed wrote:

They could - and would - pursue you through the courts to get their money if you refused to pay. Maybe you don't have a legal system in Wells Fargo land?
--
Cheers,
Roger
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Not true of transactions done with a contactless card by a thief.

Like hell they would with transactions done with a stolen contactless card by a thief.
And if they were actually stupid enough to try that in a court, the court would tell them to go and fuck themselves in appropriate legal language.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 26/02/2017 11:23, Dave Plowman (News) wrote:

Except that many of them are apparently not on line all the time - they 'bank' the transactions and upload them later. Using a PIN needs an online connection, so there *is* a validity check on that.
--
Cheers,
Roger
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
wrote:

Nope, the PIN is sent to the card by the terminal its entered on and the card says it matches or it doesn't.

Fraid not.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.