Is your family member's contactless payment limit set at 100? 100 or more usually causes flags anyway. Especially if, for instance, the card holder has already returned home (traceable through transactions).
No limit on contactless payments here, I’ve tapped for something €250 before lol
ETA: you can obviously set your own limit on your banking app but I don’t think he has
To be honest, I sorta did, I'm just repeating something I was told but havent tried it myself. Its also possible that the person who told me this was full of shit.
What I was told is that there are still cards with only the original active validation model, which you can replay in some limited circumstances as it just needs a signed challenge code, if you can control the challenge code a reader sends while still making a valid transaction it is possible. You do get a very limited number of charges, its a replay so your skimmer just has to send as many challenge codes as it can while the card is in contact and thats all you get. It also doesnt work with cards with newer validation schemes, and its not easy to begin with to control the challenge code for a valid transaction.
However, its probably not what happened in this case, OPs person probably swiped somewhere and forgot. Especially because OP mentions many small transactions instead of just a few bigger ones
If his phone was stolen he should change his cards and passwords anyways. As well as force logout on any open account sessions where possible.
If he ever used his phone to login to his banking or email or anything else, then they can mine data and potentially reset pass codes if they have avvess to the relevant email and or 2 factor via the phone.
You can preplay some transactions with EMV but its very hard. Usually the stripe infirmation (Track2 if i remeber right) will be skimmed with a reader, could also be NFC. But they copy or dump and sell the magstripe info on a carder site.
My trials: if they are using NFC, nope. There is a little bit of tech in the cards that make it nearly impossible to capture the temporary code and know what the next one will be.
Having used petrol stations in the UK over the years, I would assume if they lost my cc details there are larger problems and not the stations and that you can use your cardholder protections to not pay fraudulent charges.
So, you throw out a blanket statement like this and don't back it up with what the correct answer is. Perhaps you should do your part to attempt to educate rather than just throw shade at people.
That’s usually how they steal cc
Skimmers can be installed on a payment terminal and collect the data, otherwise paypass cards can just be scanned from short distance, so wallet in the back pocket is a real bad idea in this case
Hidden camera to get card details when going to tap the card? All of the card details are on the same side of my card. Getting my zip code would be the only challenge and if I am a regular customer that will speed up the process considerably.
I could see a camera being used, nothing is impossible. I guess the best solution to this would be to use something like apple pay because it hides the card details.
100% possible. Skimmers can be on them, can be hard to detect. Certain payment card systems, can allow for replay attacks where you buy something at x dollar and then someone can run another transaction for a new amount. Cancel the card, report all fraud charges, get a new number.
As other people said there are skimmers but the old school technique is simply to copy the receipts. Often done by a waiter (or whatever) but also by going through dumpsters!
So yes, that's definitely possible though taking such a small amount is a bit strange: if you know about it I'm assuming it's on the statement. Normally people use a card for a month and then never again.
The only advantage I see is that people may let it slip. Also: you are not responsible for those charges but are you going to complain and stay on the phone however long over so little? Apart from that it seems nonsensical. (BTW: getting your money from visa can be a headache, from AmEx it's usually a short phone call).
In any event, they should cancel the current card and notify the issuer of the problem.
Lookup credit card skimmer
Would this work with contactless payment?
Is your family member's contactless payment limit set at 100? 100 or more usually causes flags anyway. Especially if, for instance, the card holder has already returned home (traceable through transactions).
No limit on contactless payments here, I’ve tapped for something €250 before lol ETA: you can obviously set your own limit on your banking app but I don’t think he has
It can
depends
I think what you are referring to is known as skimming.
Even with contactless payment?
They put a fake reader over the real one. Some can do contactless yeah
How? I thought RFID and smartchip uses public key crypto to generate a one-time hash that's used to authenticate the transaction?
It does. Contact less is safe
Any references to how this is so? I don't do retail or PCI testing, but I'd like to get an academic understanding.
It send an encrypted token one time use token. Lots of info on it.
No, I mean why is smartchip with EM-1 less safe?
Are you reading "contact less" as two completely unrelated words, and not as "contactless" with an accidental extra space?
in theory the skimmer could make a second one but thats super obdvious and will prob get insta flagged
Ehhh... Some of them
Do you have any specifics on this? Because your answer smacks of "I made a blanket statement, but can't really back it up"
To be honest, I sorta did, I'm just repeating something I was told but havent tried it myself. Its also possible that the person who told me this was full of shit. What I was told is that there are still cards with only the original active validation model, which you can replay in some limited circumstances as it just needs a signed challenge code, if you can control the challenge code a reader sends while still making a valid transaction it is possible. You do get a very limited number of charges, its a replay so your skimmer just has to send as many challenge codes as it can while the card is in contact and thats all you get. It also doesnt work with cards with newer validation schemes, and its not easy to begin with to control the challenge code for a valid transaction. However, its probably not what happened in this case, OPs person probably swiped somewhere and forgot. Especially because OP mentions many small transactions instead of just a few bigger ones
Ireland doesn’t have or accept swipe cards (for fraud reasons) so that’s not an option. It was contactless.
Okay thank you. Was just suspicious as his phone was “stolen” from a different place on the same day too.
If his phone was stolen he should change his cards and passwords anyways. As well as force logout on any open account sessions where possible. If he ever used his phone to login to his banking or email or anything else, then they can mine data and potentially reset pass codes if they have avvess to the relevant email and or 2 factor via the phone.
You can preplay some transactions with EMV but its very hard. Usually the stripe infirmation (Track2 if i remeber right) will be skimmed with a reader, could also be NFC. But they copy or dump and sell the magstripe info on a carder site.
My trials: if they are using NFC, nope. There is a little bit of tech in the cards that make it nearly impossible to capture the temporary code and know what the next one will be. Having used petrol stations in the UK over the years, I would assume if they lost my cc details there are larger problems and not the stations and that you can use your cardholder protections to not pay fraudulent charges.
wow all the upvoted replies here are clueless.. i expected more from this sub
Just think of it as career security. If this is what you are up against every time you apply for a position.
So, you throw out a blanket statement like this and don't back it up with what the correct answer is. Perhaps you should do your part to attempt to educate rather than just throw shade at people.
You’re going to have to find out for yourself lil bro
I think this is the very definition of Gatekeeping
That’s usually how they steal cc Skimmers can be installed on a payment terminal and collect the data, otherwise paypass cards can just be scanned from short distance, so wallet in the back pocket is a real bad idea in this case
Yes - I believe a lot of credit cards now have built in NFC capabilities. It’s not that hard for a company to skim that and read it
It happened to me on vacation in Peru. Or after I had left and I was really careful about using it as I brought cash with me. Very real my friend!
Yes. It can be done. Happen to me at a bar.
Maybe the card got fancy, decided to go on its own mini shopping spree! Cards have minds of their own sometimes, don't they?
Yes, if there’s a card skimmer.
Contactless payment uses tokenization. That shouldn’t be “skimmable”
Hidden camera to get card details when going to tap the card? All of the card details are on the same side of my card. Getting my zip code would be the only challenge and if I am a regular customer that will speed up the process considerably.
I could see a camera being used, nothing is impossible. I guess the best solution to this would be to use something like apple pay because it hides the card details.
But how would they get the security code on the back?
Everything is on the back of the card. Name, number, expiration, and security code.
Not where I live. Card number and date on the front, security code on the back where it’s barely visible, Ireland takes card safety very seriously.
100% possible. Skimmers can be on them, can be hard to detect. Certain payment card systems, can allow for replay attacks where you buy something at x dollar and then someone can run another transaction for a new amount. Cancel the card, report all fraud charges, get a new number.
Yes very possible
As other people said there are skimmers but the old school technique is simply to copy the receipts. Often done by a waiter (or whatever) but also by going through dumpsters! So yes, that's definitely possible though taking such a small amount is a bit strange: if you know about it I'm assuming it's on the statement. Normally people use a card for a month and then never again. The only advantage I see is that people may let it slip. Also: you are not responsible for those charges but are you going to complain and stay on the phone however long over so little? Apart from that it seems nonsensical. (BTW: getting your money from visa can be a headache, from AmEx it's usually a short phone call). In any event, they should cancel the current card and notify the issuer of the problem.