Beware swiping your card at these hotspots

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
54,549
So here is one way they steal your money over here in Europe.

Some guy standing close to you at the train station, scanning your card and relaying the card info to another rooted phone that implements "Host Card Emulation". The scammer's buddy then buy something less than £200 using your card info. No card stolen and no Pin required.

Who caries the loss?
 

Johann Rous

Member
Joined
Jun 19, 2019
Messages
20
They have to actually touch the card. Most card machines don't even pick mine up through my normal wallet.

That is only because card machines were not designed to read at larger distances. It is possible to read NFC cards at 30cm or even further if you have a stronger magnetic field, i.e. a larger coil.
 

Johann Rous

Member
Joined
Jun 19, 2019
Messages
20
Who caries the loss?

The merchant and then by proxy the customer with higher transaction fees.

BTW, I bought a plane ticket to Berlin last week (more than £200) and paid a 3% surcharge because I used my credit card. That's the reason I care.
 

Johann Rous

Member
Joined
Jun 19, 2019
Messages
20
I just explained 2 posts above this one why that's not the case. Especially when using your phone / watch for NFC payments instead of your card.

You are confusing the way NFC cards work with card tokenisation, which is the method your phone/watch uses. Both are susceptible to man-in-the-middle attacks, but tokenisation is better at preventing replay attacks.

I smell a "YouTube expert"...
 

wrinklyo

Well-Known Member
Joined
Sep 26, 2008
Messages
194
This stupid article is just click bait! I came looking for hot spots and it tells me basically ALL OF SOUTH AFRICA IS A HOT SPOT, as though I didn't know this already. This writer should be taken outside and beaten with a partially decomposed goat so he can get an idea of how disgusted we are with his waste of time article.
 

K3NS31

Expert Member
Joined
Jul 19, 2009
Messages
3,559
You are confusing the way NFC cards work with card tokenisation, which is the method your phone/watch uses. Both are susceptible to man-in-the-middle attacks, but tokenisation is better at preventing replay attacks.

I smell a "YouTube expert"...
No I'm not. I differentiated between cards and phone in both posts. That's why I said in the first place - it's better to leave your card at home.
 

Mike Hoxbig

Honorary Master
Joined
Apr 25, 2010
Messages
36,227
"Beware swiping your card at these card-skimming hotspots"

/displays legitimate POS device below headline.

/waits for lawsuit
 

isie

Honorary Master
Joined
Jan 16, 2010
Messages
12,304
The merchant and then by proxy the customer with higher transaction fees.

BTW, I bought a plane ticket to Berlin last week (more than £200) and paid a 3% surcharge because I used my credit card. That's the reason I care.

You should not be charged any extra fees when paying by card.
A merchants POS can be suspended for doing that.
 

signates

Executive Member
Joined
Dec 8, 2009
Messages
6,976
Haven't used my physical card in more than a month thanks to Samsung Pay with both mst and NFC payment options.

Started to leave my wallet at home this week. If mst and NFC fails I'll just leave my goods and try another store. Also keep about R200 in a money clip for small purchases where there are no card facilities.
 

SaiyanZ

Executive Member
Joined
Jun 5, 2008
Messages
8,137
Damn, I'm screwed. I swiped at a few of these hotspots.
 

2021

Executive Member
Joined
Jan 22, 2012
Messages
9,444
Just clone the card a normal way, then have a fake chip that errors and forced the machine into fallback swipe mode.

It's still very easy so long as that strip is an option on the cards.
 

chubster

Senior Member
Joined
Nov 14, 2007
Messages
830
Got my card cloned at KFC in Golden Acre, Foreshore, Cape Town. The card machine appeared to be a FNB card machine. Showed TAP, then I tapped, then indicated I had to insert my card. Which I did, the card did go slightly in deeper. Thought it was their weird FNB machine. 15min later R10'000 transactions came off from a Checkers Hyper in Tokai.

Here I thought, they would never catch me, what a fool I was. My bank tried to call me. In my panic state, I responded to the fraud hotline sms requesting the transaction, (1=Yes) which turns out, Yes means it is a valid transaction. So much for clear thinking (out the window) when I was panicking.
 

supersunbird

Honorary Master
Joined
Oct 1, 2005
Messages
54,549
Got my card cloned at KFC in Golden Acre, Foreshore, Cape Town. The card machine appeared to be a FNB card machine. Showed TAP, then I tapped, then indicated I had to insert my card. Which I did, the card did go slightly in deeper. Thought it was their weird FNB machine. 15min later R10'000 transactions came off from a Checkers Hyper in Tokai.

Here I thought, they would never catch me, what a fool I was. My bank tried to call me. In my panic state, I responded to the fraud hotline sms requesting the transaction, (1=Yes) which turns out, Yes means it is a valid transaction. So much for clear thinking (out the window) when I was panicking.

Condolences.

What I do to try to mitigate against this risk is to have a FNB Easy account (R5 whatever a month is my only fee really, and if I use app to buy Lotto there are Lotto transaction fees, it has tap&pin)). I put my month budgeted "daily spending" money on that card and use it for buying my normal day to day stuff. They would not be able to get a lot of my money out of it.

The Capitec credit/debit card will only come out for purchases outside of those for type of purchases (thus rarely).
 

chubster

Senior Member
Joined
Nov 14, 2007
Messages
830
Condolences.

What I do to try to mitigate against this risk is to have a FNB Easy account (R5 whatever a month is my only fee really, and if I use app to buy Lotto there are Lotto transaction fees, it has tap&pin)). I put my month budgeted "daily spending" money on that card and use it for buying my normal day to day stuff. They would not be able to get a lot of my money out of it.

The Capitec credit/debit card will only come out for purchases outside of those for type of purchases (thus rarely).

I have only myself to blame. I actually too, have such a card just for that. I became relaxed, because of all the "Points" at Bank Partner Retailers and I wanted to carry around less cards. KFC, doesn't offer Bank "Points", but that is clearly me, being lazy and could have carried around my extra card just for that. Back to my original strategy for me.

I will only get to find out what happens to the 4x fraudulent transactions after 30 working days and it will be the bank's own investigator(s) that will contact me as the card was not lost or stolen but cloned, so that means, no police involved... yet.

I also wanted to find out how come they (fraudsters) could do such a high transaction in the first place. Turns out, Credit Cards (CC) doesn't have a Point-Of-Sale (POS) limit at my bank. Which is strange, because I was sure there used to be an option before. Only Debit Cards have such a limit as an option from my Bank.

Then, also, I didn't read the sms from my bank, fully and calmly, before acting on it.
 
Top