$10 Tool Can Guess (And Steal) Your AMEX Credit Card Number

Megalith

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
AMEX claims this is a non-issue while others claim the number generated is obvious, but this seems like a substantial security issue to me.

His watch-sized gadget, which he calls MagSpoof, can store more than a hundred credit card numbers and emit an electromagnetic field that’s strong enough to hit a credit card reader’s sensor from close proximity, sending a signal that imitates a credit card being swiped. Kamkar’s device also includes a button that implements his prediction algorithm; if a criminal using MagSpoof were to find that a credit card they tried to spoof had been cancelled, the device could immediately generate the victim’s next card number.
 
Honestly, the tech to do this has been around a while. This is just a bit smaller and easier to use. Magnetic swipe technology is so dated that it offers no protection at all, no one should be using it and yet, here it is.
 
Quix said:
Honestly, the tech to do this has been around a while. This is just a bit smaller and easier to use. Magnetic swipe technology is so dated that it offers no protection at all, no one should be using it and yet, here it is.
Click to expand...

When you can compute the new card number of your victim doesn't matter if you are using mag or chip and pin. Either way you know the card number.
 
blah blah blah blah blah blah - who really cares?

Since credit card transactions have limited liability (for customers), I don't really care that much. I support vendors to make their tech more secure, but as long as I can make purchases easily and limit my own risk meh.

One lesson I learned was to use a credit card all the time. I used to always pay cash (actually debit card) but that did get compromised and while I had enough money to cover expenses (fortunately I know everyone is not as lucky) during the week it took to get my money back I could see the fault in my ways.

Now I use a credit card for everything and if it gets compromised then at most it can get maxed out and doesn't effect my bank accounts so I can still make the important bills like mortgage while I deal with the CC company getting my funds back.

I think its a lost cause to expect everyone to be "secure" with ever growing stricter policies etc (this is a "engineer" solution), the best option imo is to train simple techniques to mitigate risk... like use one card for purchases and have a back up like a debit card.

Obviously companies should be upgrading technology to mitigate more risk in a rolling fashion but the ease of use is just as important imo.
 
dandirk said:
blah blah blah blah blah blah - who really cares?

Since credit card transactions have limited liability (for customers), I don't really care that much. I support vendors to make their tech more secure, but as long as I can make purchases easily and limit my own risk meh.

One lesson I learned was to use a credit card all the time. I used to always pay cash (actually debit card) but that did get compromised and while I had enough money to cover expenses (fortunately I know everyone is not as lucky) during the week it took to get my money back I could see the fault in my ways.

Now I use a credit card for everything and if it gets compromised then at most it can get maxed out and doesn't effect my bank accounts so I can still make the important bills like mortgage while I deal with the CC company getting my funds back.

I think its a lost cause to expect everyone to be "secure" with ever growing stricter policies etc (this is a "engineer" solution), the best option imo is to train simple techniques to mitigate risk... like use one card for purchases and have a back up like a debit card.

Obviously companies should be upgrading technology to mitigate more risk in a rolling fashion but the ease of use is just as important imo.
Click to expand...

FYI this process is changing. No longer will you call the CC company for stolen transactions.. the merchant will be responsible and if I had to guess it wont be as easy anymore.
 
Hi-res camera will probably capture that card number far further and easier.
 
Assuming this is true...

Kenjiwing said:
No longer will you call the CC company for stolen transactions.. the merchant will be responsible and if I had to guess it wont be as easy anymore.
Click to expand...

So does that mean it's better to pay cash at places where getting stolen money back is easier?

One wonders if Walmart and Target might compete on the basis of who makes it easier to get stolen money back.
 
I made an error. The above question should have read:

"So does that mean it's better to pay cash at places where getting stolen money back is harder?"
 
Kenjiwing said:
FYI this process is changing. No longer will you call the CC company for stolen transactions.. the merchant will be responsible and if I had to guess it wont be as easy anymore.
Click to expand...

the merchant will be responsible to the CC company not to you.

nothing changes for the user of a personal CC.
 
Told my bank years ago when they launched these cards, that this would happen. Their response was: no, its secure, nothing to see here...
 
after 4 years merchants should reject none chip and pin transactions

after 4 years they will own at least 1-3 cards that have chip and pin, its what most smaller merchants did in the UK if the chip and pin failed you asked them to just use another card (bigger stores can handle card fraud)
 
dandirk said:
blah blah blah blah blah blah - who really cares?

Since credit card transactions have limited liability (for customers), I don't really care that much. I support vendors to make their tech more secure, but as long as I can make purchases easily and limit my own risk meh.

One lesson I learned was to use a credit card all the time. I used to always pay cash (actually debit card) but that did get compromised and while I had enough money to cover expenses (fortunately I know everyone is not as lucky) during the week it took to get my money back I could see the fault in my ways.

Now I use a credit card for everything and if it gets compromised then at most it can get maxed out and doesn't effect my bank accounts so I can still make the important bills like mortgage while I deal with the CC company getting my funds back.

I think its a lost cause to expect everyone to be "secure" with ever growing stricter policies etc (this is a "engineer" solution), the best option imo is to train simple techniques to mitigate risk... like use one card for purchases and have a back up like a debit card.

Obviously companies should be upgrading technology to mitigate more risk in a rolling fashion but the ease of use is just as important imo.
Click to expand...


Translation:
Why avoid it when we can just deal with the consequences.
 
If the card numbers are actually predictable then it seems weird that American Express won't acknowledge that it's a bad thing.
 
opfreak said:
the merchant will be responsible to the CC company not to you.

nothing changes for the user of a personal CC.
Click to expand...

CC companies stick it to consumers. So if you pay anyting in finance charges you're paying for the fraud. No surprise I saw the interest rates on one of my cards go to almost 25%. Fortunately I pay in full. Not everyone is so lucky.

Merchant is responsible for the fraud is its an out of date merchant hardware issue.
 
likeman said:
after 4 years merchants should reject none chip and pin transactions

after 4 years they will own at least 1-3 cards that have chip and pin, its what most smaller merchants did in the UK if the chip and pin failed you asked them to just use another card (bigger stores can handle card fraud)
Click to expand...

I love how everyone thinks chip and pin will save the day. Bunch of fucking idiots is what you guys are. Chip and pin prevents theft of a physical card. But how often is that the point of the theft? Most of the times it is online stores or other servers storing your card being hijacked. And last time I checked you don't fucking use a chip and pin device in your home for online purchases. Yes chip and pin makes things a little better but that is like saying 1 ton of gravel fills up the grand canyon. You still have a big hole when done.
 
Kenjiwing said:
FYI this process is changing. No longer will you call the CC company for stolen transactions.. the merchant will be responsible and if I had to guess it wont be as easy anymore.
Click to expand...


Nothing is going to change from a consumer standpoint, other than you will use the chip reader instead of swiping the card.

This change has to do with accepting credit cards that are swiped instead of using the chip reader.
If your card number is stolen and charges are made, you still would call your credit card company either way. The only change in that if the card was swiped, instead of the credit card company eating the charges, they will charge back the merchant, and the merchant will eat the charge.
 
dandirk said:
One lesson I learned was to use a credit card all the time. I used to always pay cash (actually debit card) but that did get compromised and while I had enough money to cover expenses (fortunately I know everyone is not as lucky) during the week it took to get my money back I could see the fault in my ways.
Click to expand...

NEVER use a debit card when you can use a credit card. A debit card has way more risk, as someone could empty your bank account and then you are stuck having to prove it's fraud to get your money back.

Much easier with a credit card, as the charges are put on hold as soon as your report them.

I never use my debit card for anything except going to my banks ATM, and I rarely use the ATM.
Almost everything I buy is paid for using a credit card, and I don't buy anything unless I already have the money in the bank to pay off the credit card.
 
dandirk said:
blah blah blah blah blah blah - who really cares?

Since credit card transactions have limited liability (for customers), I don't really care that much. I support vendors to make their tech more secure, but as long as I can make purchases easily and limit my own risk meh.

One lesson I learned was to use a credit card all the time. I used to always pay cash (actually debit card) but that did get compromised and while I had enough money to cover expenses (fortunately I know everyone is not as lucky) during the week it took to get my money back I could see the fault in my ways.

Now I use a credit card for everything and if it gets compromised then at most it can get maxed out and doesn't effect my bank accounts so I can still make the important bills like mortgage while I deal with the CC company getting my funds back.

I think its a lost cause to expect everyone to be "secure" with ever growing stricter policies etc (this is a "engineer" solution), the best option imo is to train simple techniques to mitigate risk... like use one card for purchases and have a back up like a debit card.

Obviously companies should be upgrading technology to mitigate more risk in a rolling fashion but the ease of use is just as important imo.
Click to expand...

+999x

I got hit for fraud on my debit card in 2011 on Black Friday. They hit 22x transactions all over multiple stores in the same city within 45 minutes. My bank was very prompt in getting my money back to me, but it is incredibly unnerving to have to deal with. I charge everything to credit cards now as well and pay them off in full. Through responsible spending I've managed to raise my credit score, source multiple lines of aged credit accounts, and receive benefits from using my credit cards. Not having to deal with fraud wiping out my account and receiving 1-5% cash back on every transaction is a no brainer.
 
Everyone's talking about the stealing aspect...
I would encourage everyone to actually watch a video.
Because for me, it is a bigger interest to know that there is an open source schematic and listed parts to make my "Coin Card" which I believe sells around for 100 bucks right now.
Coin card, after 2 years, will die and you will have to buy another one.

This guy who made this video provides another alternative to make your own (DIY project I'm totally getting myself into) version of Coin Card and also gives you the power to swap out batteries at your own leisure.
 
Beaflag VonRathburg said:
+999x

I got hit for fraud on my debit card in 2011 on Black Friday. They hit 22x transactions all over multiple stores in the same city within 45 minutes. My bank was very prompt in getting my money back to me, but it is incredibly unnerving to have to deal with. I charge everything to credit cards now as well and pay them off in full. Through responsible spending I've managed to raise my credit score, source multiple lines of aged credit accounts, and receive benefits from using my credit cards. Not having to deal with fraud wiping out my account and receiving 1-5% cash back on every transaction is a no brainer.
Click to expand...

You do understand that you as the customer end up paying the bill regardless of the fact? The banks are not charity - in fact the exact opposite. Every dollar scammed you and other customers pay back in double.
 
Exavior said:
I love how everyone thinks chip and pin will save the day. Bunch of fucking idiots is what you guys are. Chip and pin prevents theft of a physical card. But how often is that the point of the theft? Most of the times it is online stores or other servers storing your card being hijacked. And last time I checked you don't fucking use a chip and pin device in your home for online purchases. Yes chip and pin makes things a little better but that is like saying 1 ton of gravel fills up the grand canyon. You still have a big hole when done.
Click to expand...

this has nothing to do with online stuff, this is when you go into a shop and buy something locally (and you norm do not give online sites your sort code and account number they only get your Card number, but banks in the UK are more protected from online fraud even current accounts) in the UK its starting to be normal now to see mastercard debit cards now

if you're doing online purchases you should always use a credit card, in the UK the more money consensus people do not have credit cards,but i do tell them they should just get a credit card if doing online purchases are its a lot less hassle then with a debit card when fraud happens, as your are protected by VIsa or Mastercard

as people who like to be in control of their money just see credit cards as bad (but don't see that they offer a lot of protection automatically)
 
You must log in or register to reply here.
Back
Top