Chip and Pin fiasco
Discussion
I wondered why my Shell station had been asking me to sign for the last few months...
www.sky.com/skynews/article/0,,30100-1220884,00.html
Another fine mess. What price ID card security...?
www.sky.com/skynews/article/0,,30100-1220884,00.html
Another fine mess. What price ID card security...?
mybrainhurts said:
I wondered why my Shell station had been asking me to sign for the last few months...
www.sky.com/skynews/article/0,,30100-1220884,00.html
Another fine mess. What price ID card security...?
I get my Optimax from various Portsmouth Shell garages.mybrainhurts said:
I wondered why my Shell station had been asking me to sign for the last few months...
www.sky.com/skynews/article/0,,30100-1220884,00.html
Another fine mess. What price ID card security...?
I don't see quite why it has anything to do with chip and pin actually. Any card machine can have the crims devices fitted, surely? I thought the chip bit was foolproof, so why suspend it.
What they should really say is all 'non signed for' credit card transactions are suspended. Because, as we all know, it is impossible to fake someone elses signature....
I was told 14 people have now been caught. The pin pads were allegedly stolen and card details were downloaded from the unit. The article says a device was implanted but allegedly the pin pad stores some information and it was accessed to get the card details. It makes you wonder what other retailers could have this probem.
Chip and Pin. Pishhh.
On one of my cards you are able to access the pin via the company's website. I did this because I was having isues with the number they had posted to me (and I had destroyed the piece of paper). My card was coming up with incorrect pin number. Ok, thinks I, I'll just make sure I haven't got a digit mixed up by checking online.
The pin number given via the website was completely different to the one I had been issued with via the post.
Neither pin number worked. I don't use that card any more.
On one of my cards you are able to access the pin via the company's website. I did this because I was having isues with the number they had posted to me (and I had destroyed the piece of paper). My card was coming up with incorrect pin number. Ok, thinks I, I'll just make sure I haven't got a digit mixed up by checking online.
The pin number given via the website was completely different to the one I had been issued with via the post.
Neither pin number worked. I don't use that card any more.
monkeyhanger said:
Speaking of which, does anyone have an Optimax reward card? I have a standard Shell one and one of the women in a Shell station told me I could ask for an Optimax version which gives me double points?
You get the extra points automatically if you buy Optimax.
Its something like double points after 300 litres..
I have 14000 points - woo hoo
GKP said:
Chip and Pin. Pishhh.
On one of my cards you are able to access the pin via the company's website. I did this because I was having isues with the number they had posted to me (and I had destroyed the piece of paper). My card was coming up with incorrect pin number. Ok, thinks I, I'll just make sure I haven't got a digit mixed up by checking online.
The pin number given via the website was completely different to the one I had been issued with via the post.
Neither pin number worked. I don't use that card any more.
You got your credit card PIN off a website?? I find that hard to believe, as even the banks don't know it, and can't tell it to you.
It sounds like the website got it wrong too, so just maybe it wasn't your PIN......
King Herald said:
What they should really say is all 'non signed for' credit card transactions are suspended. Because, as we all know, it is impossible to fake someone elses signature....
I can't remember the number of times that I've handed my credit card over at a petrol station, watched them swipe it, then hand it straight back without looking at the signature on the card before the slip has started printing. Not exactly a great alternative to chip and pin IMO!
monkeyhanger said:Plus they were doing a double air mile transfer recently. Boosted my air mile account quite considerably.
Speaking of which, does anyone have an Optimax reward card? I have a standard Shell one and one of the women in a Shell station told me I could ask for an Optimax version which gives me double points?
Mind if l put on my large head?
http://pistonheads.com/gassing/topic .asp?p=1&f=23&t=128351
(aargh can't get his link to display correctly...remove space to get it to work)
This is the original thread where l raised (practically as a lone voice!) concerns over cards being cloned using POS terminals that would also gain your PIN. No shoulder surfing required.
You think shell stopped chip and pin in all 600 branches because of an uber-surfer with the powers of Santa Claus and a fetish for loitering in Shell garages?? The terminal is compromised..it scans your magstrip...and you then give it your PIN. Within the hour those details can be used to make a cloned card in another country where ATMs have no chip n pin capability. Many of the people who actually got affected by this had funds removed directly from their accounts, mostly via foreign ATMs.
Official information makes out that this was a specific problem to Shell yet admits problems with the POS terminal where it should have "shut off but didn't". i.e. it was tampered with and it didn't notice. So its not Shell specific, and could be happening to you the next time you go shopping.
Check this out...an interceptor can be made for the cost of an average night out.
www.lightbluetouchpaper.org/2006/03/15/chip-and-skim/
The mag and pin number info read from the chip is not encrypted...plus check this little gem:
"The POS terminal must not be able to detect the presence of an interceptor. Some modernised ATMs are able to detect unauthorised attachments designed to directly skim PIN and magstripe, there is no fundamental reason why such technology could not be applied to POS terminals as well. However we have found that there definitely are UK POS terminals which do not detect such attachments, for reasons of cost, we suspect."
I hate being right...mainly cos l'm such a cycnical
er. 
>> Edited by funkihamsta on Sunday 7th May 09:15
>> Edited by funkihamsta on Sunday 7th May 09:16
http://pistonheads.com/gassing/topic .asp?p=1&f=23&t=128351
(aargh can't get his link to display correctly...remove space to get it to work)
This is the original thread where l raised (practically as a lone voice!) concerns over cards being cloned using POS terminals that would also gain your PIN. No shoulder surfing required.
You think shell stopped chip and pin in all 600 branches because of an uber-surfer with the powers of Santa Claus and a fetish for loitering in Shell garages?? The terminal is compromised..it scans your magstrip...and you then give it your PIN. Within the hour those details can be used to make a cloned card in another country where ATMs have no chip n pin capability. Many of the people who actually got affected by this had funds removed directly from their accounts, mostly via foreign ATMs.
Official information makes out that this was a specific problem to Shell yet admits problems with the POS terminal where it should have "shut off but didn't". i.e. it was tampered with and it didn't notice. So its not Shell specific, and could be happening to you the next time you go shopping.
Check this out...an interceptor can be made for the cost of an average night out.
www.lightbluetouchpaper.org/2006/03/15/chip-and-skim/
The mag and pin number info read from the chip is not encrypted...plus check this little gem:
"The POS terminal must not be able to detect the presence of an interceptor. Some modernised ATMs are able to detect unauthorised attachments designed to directly skim PIN and magstripe, there is no fundamental reason why such technology could not be applied to POS terminals as well. However we have found that there definitely are UK POS terminals which do not detect such attachments, for reasons of cost, we suspect."
I hate being right...mainly cos l'm such a cycnical
er. >> Edited by funkihamsta on Sunday 7th May 09:15
>> Edited by funkihamsta on Sunday 7th May 09:16
King Herald said:
You got your credit card PIN off a website?? I find that hard to believe, as even the banks don't know it, and can't tell it to you.
It sounds like the website got it wrong too, so just maybe it wasn't your PIN......
Try MBNA.
You need your card (or the security number from it) and information from your most recent statement to get it, whihc makes it pretty secure I suppose. For security purposes you can only read on digit at a time.
percy flage said:
You got your credit card PIN off a website?? I find that hard to believe, as even the banks don't know it, and can't tell it to you.
It sounds like the website got it wrong too, so just maybe it wasn't your PIN......
Try MBNA.
You need your card (or the security number from it) and information from your most recent statement to get it, whihc makes it pretty secure I suppose. For security purposes you can only read on digit at a time.
Egg also allow the pin number to be viewed online.
cij100 said:
You got your credit card PIN off a website?? I find that hard to believe, as even the banks don't know it, and can't tell it to you.
It sounds like the website got it wrong too, so just maybe it wasn't your PIN......
Try MBNA.
You need your card (or the security number from it) and information from your most recent statement to get it, whihc makes it pretty secure I suppose. For security purposes you can only read on digit at a time.
Egg also allow the pin number to be viewed online.
Yep, Egg do.
Gassing Station | The Pie & Piston Archive | Top of Page | What's New | My Stuff