CharlesW

Motorists hit by card clone scam.

BBC NEWS | UK | Motorists hit by card clone scam

They are at it again! 1000s of motorists have had money withdrawn from their bank accounts. Everyone will start to use cash again. Then we will get 1970s style armed robberies on filling stations.

Seriously check your statements closely as they are withdrawing the victims' money in small amounts, presumablely to avoid drawing attention.

Puff The Magic Wagon!

iTrader: (2)

I use a fuel card

Sonic'

I use a false reg plate, and do drive offs

StickyMicky

i get paid with cash, and pay for stuff with cash

Sonic'

Does the tax man know

Only joking btw

StickyMicky

you would have to speak with my accountant

RAF1

iTrader: (5)

and i thought 'chip and pin' was 'supposed' to be securer than just signing receipts.....!!!! No matter what new method is introduced - the criminals will ALWAYS find a way around it, which is why i stick to the good old method of paying by cash..

Raf.

NeilP1

had money go out my bank account last week and i was over 100 miles from home from a services i have not used for 6 months or so got my bank looking in to it

RB5201

Cash, do people still use that stuff??

Chip

Company card.

Chip

little rick

A friend told me the other week that he read a thing where they can now change the pin so its even worse than the old signing regime - at least they had to try to copy my scratty signature - now its just remembering a number THEY put into the card

Chris L

Chip & Pin isn't really about making the transaction more secure. The reason the banks have been so keen to introduce this is because it shifts liability away from the bank and on to the retailler and end user - the arguement being that you must have given someone your pin for them to fraudulently use your card. Some cards still store the pin number on the magnetic strip, so if you swipe the card through a reader it has been possible to gain the card number and pin in one very easy move.

Whatever way you look at it, a signature or pin are still single factor authentication. Anyone involved in IT security (i.e. me) will never recommend such a system because it is so easily beaten. Two factor authentication using a pin number and a system similar to SecurID tokens (or the equivalent on a mobile phone using software from companies like Swivel or Accode) would help massively, but this would cost a lot or money and would also require the public to accept to use another form of authentication.

The banks will only introduce two factor authentication for credit card transactions when the cost for implementing it is less than the losses from fraudulent card use. This is unlikely to happen for some considerable time, so expect to see more stories like this.

Sonic'

Chris, arent they trialling some scheme now, whereby you will pay for goods via your mobile phone, that will have some similar technolgy to securid tokens etc?

Chris L

Yes there are a couple of firms involved with both cashless payment systems (Uniware and Monitise) and there are already a couple of systems that use mobiles instead of a separate authentication token. I've got the Accode program on my mobile at the moment - it's just a standard Java app. It generates a one time passcode that is used in conjunction with a pin.

So by having something you know (your pin) and something you have (the one time code), you have a 2 factor authentication system which is much more secure.

James Neill

iTrader: (1)

From the BBC News Article referenced in the first post - "A BP spokeswoman said between 10 and 12 of their 1,300 sites nationwide had been affected and the firm had issued additional security advice to staff."

No one has mentioned that it is probably the staff themselves who are involved in this (in some way).

Simon C

Now did you hear about the chip and pin terminals that were hacked and had tetris installed in them??


You think I'm joking!!! 1 company had some very bored students working for them.

ADILM

that is very true, usually its the staff who are the feckin thieving bastrds!

Sonic'

Ah right, and yes two factor authentication much better, we developed and piloted a smart id system for the NHS a while ago

satanbaby

cash is still the best way...

paulr

They get your pin from the CCTV camera.
The trouble with service stations is large turnover off staff and low wages.

Chris L

True, but make no mistake, we are moving towards a cashless society. That is why there is serious money being pumped into companies that are developing the technology to support this.

You will have noticed that a lot of places have stopped accepting cheques as payment and there are also moves to extend the use of Oyster cards so that you will be able to buy a whole range of products and services. These are the first steps in conditioning people to not using cash, even for very small purchases.

Terminator X

iTrader: (7)

Luddites! I never use cash, so very 90's ...

TX.

Reffro

I'll refer you to my thread last month on this very subject when some poo-poo'd my suspicion about how my card was cloned....

I also remember at the time on one the lads in the office making a joking comment asking were there Sri Lankans behind the counter at the petrol station.

https://www.scoobynet.com/non-scooby...rd-cloned.html

NotoriousREV

I know that when I go and visit my mum in Tenerife the shops over there requre pin AND signature AND photo ID. Why aren't we doing this in the UK? If the financial industry really cared about security, they'd insist on this.

Leslie

Never mind. it will all be alright when we have ID cards, they will be totally secure-for at least a week or so anyway!

Les

swampster

iTrader: (1)

Went into the Shell station in Doncaster today (same one I suspect of ripping me off a couple of months back) and the Chip & Pin machine had been removed. Had to sign the slip. Speaking of Sri Lankans, this garage in question always seems to be staffed by people that appear to be from that neck of the woods.