D
Deleted member 88227
Guest
Damn, learn something new every day.
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
a lot of card skimmers now are no longer outside skimmers. they either fit in the mag swipe slot or are stuffed in the dispenser. 99% of retailers never change the locks on the dispenser and are still using the stock factory key...(made up the 99% based on observation. I do not have proof of that. CH751 is a very common key and it is the default lock on at least one brands dispenser)
Does anyone know if you use Samsung / Android / Apple Pay whether you will face the same vulnerability? If not, maybe we should all switch to those?
Just chip enable the damned pumps, and this problem goes away permanently.
I can't wait until the magnetic strip is permanently removed from all cards.
I am actually curious. I don't understand why this would cost so much, when the likes of Square sells chip card readers for like $40 a pop. Sure, there is more to it for a gas pump, but still. It seems like someone is overinflating costs here, and trying to rip gas operators off...
I always pay cash, saves me about $1 / fill up. Not a big deal since I don't drive much, but WTF they make enough money anyway.
Gas station operators do not make a lot of money. Credit card charges are about 3%, which at $3 a gallon is 9 cents. When the typical margin on gas is 20-30 cents a gallon, 9 cents a gallon is a significant part of your profits. At best we're making a middle class living.
I was thinking more of the big guys (the drillers and refiners) than franchise or independent owners. But anyway by your figure they are making more from me since the discount is $.05/gal (off of about $3.60). And er totally coincidently the two stations here always have the same price and same discount (and they were investigated for that).
I am in CA but very rural often highest gas in the state though not just now as that seems to be in SoCal. Maybe the local stations just bought at the right time for once . But with two stations there isn't much competition. Of course if anyone tried skimming here they'd probably get caught fast (hey whose car is that across the street? Never seen it before, maybe just take a pic or two...).Cash is king for more reasons than one.
The discount is area dependent. Here in California, the typical discount is 10 cents and can even be higher in certain areas.
Well take the Pepsi challenge on infrastructure....mostly.The last time i swiped a card in Brazil my VGA was a geforce 5200.. Guess USA are not the tech leaders on all fields...
Ha Grants Pass resident here.I always check the pumps in the past when I pumped my own gaS. Sadly, here in OR you have to pay more money so that someone can pump it for you (it is illegal to pump your gas unless you live in one of the eastern counties with less then 50K residents which is just stupid AF) and it costs more money at every station to use a CC by $.10~15.
Because of these facts, we usually try to buy gas only at Costco or the local Fred Myer.
My sister is a lawyer at a prepaid credit card company and basically said to never use your physical card if they offer apple or android pay. When you use one of the NFC phone payment systems, it creates a unique encrypted session ID for that one charge so even if someone copied it, it would be useless to have the info. Also it is 100x faster than the chip.
She said the chips are going to get hacked soon too so don't rely on that either. I believe her.
I just use cash every time I get gas.My sister is a lawyer at a prepaid credit card company and basically said to never use your physical card if they offer apple or android pay. When you use one of the NFC phone payment systems, it creates a unique encrypted session ID for that one charge so even if someone copied it, it would be useless to have the info. Also it is 100x faster than the chip.
She said the chips are going to get hacked soon too so don't rely on that either. I believe her.
Just chip enable the damned pumps, and this problem goes away permanently.
I can't wait until the magnetic strip is permanently removed from all cards.
Did they upgrade Bluetooth to transmit over long distances? They HAVE to at least be within a certain proximity at least to retrieve the data or come back to retrieve the skimmer
I dont like having to wait for ever at the pump, I liked the idea of the mobil speedpass till it got hacked as it was easy to copy basic RFID info they put out.
What we need is a complete overhaul of how the systems are processing data since in this age there is no need for someone in some back office to stamp ok on the transaction like banks used to.
with algorithms banks are already doing proactive fraud protection (BOA blocks unusually high transactions at places you dont normally goto, if ever, and if you buy gas in Orlando, FL it wont let you buy a tv from walmart in Miami, FL 2 hours later because they know you wont make it that far in that amount of time w/o flying a Cessna into the parking lot at the miami walmart...
And if you did, its a 2-3 minute call, or a reply to a text message and you are good to go.
For reference the flight time from Orlando to Miami is about 1:10 w/o the security checks so best case is about 2 hours from a gas station to a walmart if you include driving and checkin/etc.
There is no reason a bank can use an app on a cell phone, automated text service, or automated call to help confirm if a charge made a huge distance or over the normal amount is legit BEFORE authorizing it at the other end..
This effectively removes the need for the complicated and slow transaction process of chip/EMV AND puts the account holder in control as they can literally give someone else the card number/details and if it stands out to the bank, they can still approve that transaction...
Its possible with some simple hackery on the remote end, gotta keep the skimmer low power and hidden but you can put a massive antenna in a van across the highway and probably still get into it. same idea as long range wifi links with old dish network satellite dishes.
Chip transactions don't have to be slow. I know many implementations are, but that's just because they are poor implementations.
Target used to ahve a pretty bad implementation. The wait when using their chip system was LONG. As of a few weeks ago though, my local target has upgraded. Chip transactions are super fast. No wait at all.
Personally I don't trust any of the Apple/Google/Samsung phone pay systems. Now that is just a disaster waiting to happen if you ask me, especially considering how infrequently most OEM's patch their phones for security.
Personally I don't trust any of the Apple/Google/Samsung phone pay systems. Now that is just a disaster waiting to happen if you ask me, especially considering how infrequently most OEM's patch their phones for security.
actually, the phone systems are pretty robust. The reality is that the actual ones liable for the transactions trust the phone implementations more than many of the POS models (the phone systems are using the more secure versions of the protocols well beyond what most of the POS chip systems are using). I think you are vastly over estimating the POS security people.
doesn't really matter, it uses your real card only for setup, then the bank/card backer generates a digital only card for contactless payments that has different numbers. and generally its faster than even the fastest chip setup I have run into, the problem is support from the retail/processor is pretty terrible these days even tho the basic tap and pay tech has been around for so fucking long (amex/visa/mc had it like 13 years ago)
I am surprised at how many people in this thread seem to go to great lengths to try and avoid this. I am not going to use a different credit card or any of that I just swipe or whatever at most pumps its the job of the retailer and the credit processors to get their ducks in a row, keep their systems clean and if they don't well its up to them to decide what is worth it. A lot of people mentioned that they should just force everyone to chips, lets make it real simple the USA is the world leader in credit despite what people think the most credit is given and used here. The reality is all those small gas pump operators who don't have chip readers are still accepting swipes because the credit companies are still making money off them. If the fraud was causing them to lose money they would incentivize them to upgrade in such a way it would be worth it. So clearly they have determined the losses they take are acceptable enough for them to keep doing it, and that goes for a lot of places and even things like paypal here and square.
Did they upgrade Bluetooth to transmit over long distances? They HAVE to at least be within a certain proximity at least to retrieve the data or come back to retrieve the skimmer
Chip transactions don't have to be slow. I know many implementations are, but that's just because they are poor implementations.
Target used to ahve a pretty bad implementation. The wait when using their chip system was LONG. As of a few weeks ago though, my local target has upgraded. Chip transactions are super fast. No wait at all.
Personally I don't trust any of the Apple/Google/Samsung phone pay systems. Now that is just a disaster waiting to happen if you ask me, especially considering how infrequently most OEM's patch their phones for security.
1. It's not that we don't want to upgrade the pumps to chip readers, it's that we can't.
2. Most of the time we get forced to pay the fraudulent charges.
3. The credit card companies don't pay for the upgrades to the readers. We do.
why do you even accept mag at paypump any way then, just disable it, must be making a killing if your accepting the loss at the pump
Also many dispensors aren't fully alarmed and keys have always been easy to duplicate pick. If they are actually using CH751, then lol (for those that don't know, this isn't a type of key, but specific pre-cut key that is used for cost cutting reasons by stupid manufacturers who want the appearance of a lock without any of the security of a lock).
Remember that just because you see a security seal on the pump does not mean it is valid; they are not all that expensive to purchase. https://tydenbrooks.com/gas-pump-tamper-evident-labels
That speed difference will always be true. Beyond the fact that the actual readers are pretty substandard hardware, there is the issue that lots of the protocol runs on the card chip. OTOH, the phones have massive processing power, even an order of magnitude more on their secure enclave than the card chip has.
Also, at least in the bay area, apple pay has pretty good penetration at things like corner stores, etc. Most actually prefer apple pay over everything else as they pay less with it.
why do you even accept mag at paypump any way then, just disable it, must be making a killing if your accepting the loss at the pump
Doesn't matter what contactless payment system is in use, what makes it faster, is the lack of prompting questions at the terminal and inconsistent process for choosing 'credit' when many gas stations offer cash back, or default to asking for pins.
With the contactless options, it just runs as credit instantly and takes all of 10 seconds to process most times. where as a chip+pin can take a minute sometimes.
no its the part where its Actually processing the transaction that is slow on some card readers that have Chip and pin because they did not use broadband option to do the transaction (2G GSM connect on demand or worse phone dial up that can take some time to do 2G one is not to bad as long as it actually connects on demand correctly)
if it supports contactless it Typicky requires a constant connection but can be run in offline mode if the card company supports it but the transaction is not Verified until the end of day ~not recommended~ (3G or Ethernet/Wifi least ISDN/ADSL broadband) so the transaction will be processed right away 1-3 seconds and most of that will be the Till delay, Chip and pin requires verification
if its going slow it's the first one and they should replace there card machine and get one that runs on 3G (if its standalone card machine) or ethernet connection (standalone or till system)
We have a chip reader connected to Ethernet, always on. The chip reader takes 30 seconds to 1 minute to authenticate. On the same chip reader with Apple pay, the transaction was literally instantaneous.
Then something is setup wrong then once you press enter after the pin been entered it's same time as contactless it's the more or less the same system, should take no longer then 5 seconds if it's actually a online card reader (30sec -1 minute sounds like dial up time, maybe payment processor is doing the dial up at there end for chip and pin witch be stupid way to do it, or you have dial up there) chip and pin is token based like contactless and NFC pay (samsung/apple/ google pay)
Unless they are doing contactless/magswipe in offline mode so transactions are verified like old mag swipe cards system at end of day (some 2g contactless readers I have observed are operating in this way in the UK , as they instantly take the token and don't bring the gprs data up to verify it till end of banking has been done or someone els does a chip and pin transaction )
no its the part where its Actually processing the transaction that is slow on some card readers that have Chip and pin because they did not use broadband option to do the transaction (2G GSM connect on demand or worse phone dial up that can take some time to do 2G one is not to bad as long as it actually connects on demand correctly)
if it supports contactless it Typicky requires a constant connection but can be run in offline mode if the card company supports it but the transaction is not Verified until the end of day ~not recommended~ (3G or Ethernet/Wifi least ISDN/ADSL broadband) so the transaction will be processed right away 1-3 seconds and most of that will be the Till delay, Chip and pin requires verification
if its going slow it's the first one and they should replace there card machine and get one that runs on 3G (if its standalone card machine) or ethernet connection (standalone or till system)
Then something is setup wrong then once you press enter after the pin been entered it's same time as contactless it's the more or less the same system, should take no longer then 5 seconds if it's actually a online card reader (30sec -1 minute sounds like dial up time, maybe payment processor is doing the dial up at there end for chip and pin witch be stupid way to do it, or you have dial up there) chip and pin is token based like contactless and NFC pay (samsung/apple/ google pay)
Unless they are doing contactless/magswipe in offline mode so transactions are verified like old mag swipe cards system at end of day (some 2g contactless readers I have observed are operating in this way in the UK , as they instantly take the token and don't bring the gprs data up to verify it till end of banking has been done or someone els does a chip and pin transaction )