ahebert at pubnix.net
Fri Nov 9 14:29:09 UTC 2018
Older Pump station installation (and maybe new ones) use RS-232/442
to communicate in clear text with their controller into the building.
Easy to tap to skim Track 1/Track2 of the CHD which is good to dups
Now to get the physical CVV you need a physical skimmer installed
on top the pump which is where your Bluetooth come in action.
With those you can dups and make "Card No Present" transaction (aka
It is a risk/reward thing.
PS: Lazyness is pretty much the greatest threat. EU/CAN/etc are
all CHIP while some other economy still refuse to spend that extra $1
per card :(
Alain Hebert ahebert at pubnix.net
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443
On 11/08/18 22:50, Chris Adams wrote:
> Once upon a time, Scott Christopher <sc at ottie.org> said:
>> Swipe-and-sign (and now just swipe for small amounts) is for Visa, Mastercard, Discover transactions (called credit)
> Signatures are no longer required for chip card transactions in the US,
> except I think for transactions where the auth is done on the amount
> before an added tip (restaurants).
>> Skimming and card fraud is actually uncommon in the U.S. these days, and the police are very effective at combating it. It's just cheaper for the industry to eat fraud losses than to "upgrade" systems. The transition to chip-based cards was a debacle.
> Skimming is still highly active at gas pumps, where chip support was
> pushed off (current requirement I believe is late 2020, but may be
> delayed again).
> The skimmers get more creative all the time; they're getting inside
> pumps (possibly with help of low-paid station attendants, but also
> because of poor physical security) and installing the skimmer hardware
> out of sight. The hardware has Bluetooth, so the bad guys just pull up
> and get gas and someone in the car can retrieve the data (from multiple
> pumps even).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the NANOG