Beware swiping your card at these hotspots

supersunbird · Oct 3, 2019

Johann Rous said:
So here is one way they steal your money over here in Europe.

Some guy standing close to you at the train station, scanning your card and relaying the card info to another rooted phone that implements "Host Card Emulation". The scammer's buddy then buy something less than £200 using your card info. No card stolen and no Pin required.

Who caries the loss?

Johann Rous · Oct 3, 2019

They have to actually touch the card. Most card machines don't even pick mine up through my normal wallet.

That is only because card machines were not designed to read at larger distances. It is possible to read NFC cards at 30cm or even further if you have a stronger magnetic field, i.e. a larger coil.

Johann Rous · Oct 3, 2019

supersunbird said:
Who caries the loss?

The merchant and then by proxy the customer with higher transaction fees.

BTW, I bought a plane ticket to Berlin last week (more than £200) and paid a 3% surcharge because I used my credit card. That's the reason I care.

Johann Rous · Oct 3, 2019

K3NS31 said:
I just explained 2 posts above this one why that's not the case. Especially when using your phone / watch for NFC payments instead of your card.

You are confusing the way NFC cards work with card tokenisation, which is the method your phone/watch uses. Both are susceptible to man-in-the-middle attacks, but tokenisation is better at preventing replay attacks.

I smell a "YouTube expert"...

wrinklyo · Oct 3, 2019

This stupid article is just click bait! I came looking for hot spots and it tells me basically ALL OF SOUTH AFRICA IS A HOT SPOT, as though I didn't know this already. This writer should be taken outside and beaten with a partially decomposed goat so he can get an idea of how disgusted we are with his waste of time article.

K3NS31 · Oct 3, 2019

Johann Rous said:
You are confusing the way NFC cards work with card tokenisation, which is the method your phone/watch uses. Both are susceptible to man-in-the-middle attacks, but tokenisation is better at preventing replay attacks.

I smell a "YouTube expert"...

No I'm not. I differentiated between cards and phone in both posts. That's why I said in the first place - it's better to leave your card at home.

Mike Hoxbig · Oct 3, 2019

"Beware swiping your card at these card-skimming hotspots"

/displays legitimate POS device below headline.

/waits for lawsuit

isie · Oct 3, 2019

Johann Rous said:
The merchant and then by proxy the customer with higher transaction fees.

BTW, I bought a plane ticket to Berlin last week (more than £200) and paid a 3% surcharge because I used my credit card. That's the reason I care.

You should not be charged any extra fees when paying by card.
A merchants POS can be suspended for doing that.

signates · Oct 3, 2019

Haven't used my physical card in more than a month thanks to Samsung Pay with both mst and NFC payment options.

Started to leave my wallet at home this week. If mst and NFC fails I'll just leave my goods and try another store. Also keep about R200 in a money clip for small purchases where there are no card facilities.

SaiyanZ · Oct 3, 2019

Damn, I'm screwed. I swiped at a few of these hotspots.

2021 · Oct 3, 2019

Just clone the card a normal way, then have a fake chip that errors and forced the machine into fallback swipe mode.

It's still very easy so long as that strip is an option on the cards.

Chris.Geerdts · Oct 3, 2019

pinball wizard said:
WTF? I came looking for a list. All you BS article says is and .

****ing troll post of note.

Agreed. Headline was a complete fraud

chubster · Oct 15, 2019

Got my card cloned at KFC in Golden Acre, Foreshore, Cape Town. The card machine appeared to be a FNB card machine. Showed TAP, then I tapped, then indicated I had to insert my card. Which I did, the card did go slightly in deeper. Thought it was their weird FNB machine. 15min later R10'000 transactions came off from a Checkers Hyper in Tokai.

Here I thought, they would never catch me, what a fool I was. My bank tried to call me. In my panic state, I responded to the fraud hotline sms requesting the transaction, (1=Yes) which turns out, Yes means it is a valid transaction. So much for clear thinking (out the window) when I was panicking.

mercurial · Oct 15, 2019

supersunbird · Oct 15, 2019

chubster said:
Got my card cloned at KFC in Golden Acre, Foreshore, Cape Town. The card machine appeared to be a FNB card machine. Showed TAP, then I tapped, then indicated I had to insert my card. Which I did, the card did go slightly in deeper. Thought it was their weird FNB machine. 15min later R10'000 transactions came off from a Checkers Hyper in Tokai.

Here I thought, they would never catch me, what a fool I was. My bank tried to call me. In my panic state, I responded to the fraud hotline sms requesting the transaction, (1=Yes) which turns out, Yes means it is a valid transaction. So much for clear thinking (out the window) when I was panicking.

Condolences.

What I do to try to mitigate against this risk is to have a FNB Easy account (R5 whatever a month is my only fee really, and if I use app to buy Lotto there are Lotto transaction fees, it has tap&pin)). I put my month budgeted "daily spending" money on that card and use it for buying my normal day to day stuff. They would not be able to get a lot of my money out of it.

The Capitec credit/debit card will only come out for purchases outside of those for type of purchases (thus rarely).

chubster · Oct 15, 2019

supersunbird said:
Condolences.

What I do to try to mitigate against this risk is to have a FNB Easy account (R5 whatever a month is my only fee really, and if I use app to buy Lotto there are Lotto transaction fees, it has tap&pin)). I put my month budgeted "daily spending" money on that card and use it for buying my normal day to day stuff. They would not be able to get a lot of my money out of it.

The Capitec credit/debit card will only come out for purchases outside of those for type of purchases (thus rarely).

I have only myself to blame. I actually too, have such a card just for that. I became relaxed, because of all the "Points" at Bank Partner Retailers and I wanted to carry around less cards. KFC, doesn't offer Bank "Points", but that is clearly me, being lazy and could have carried around my extra card just for that. Back to my original strategy for me.

I will only get to find out what happens to the 4x fraudulent transactions after 30 working days and it will be the bank's own investigator(s) that will contact me as the card was not lost or stolen but cloned, so that means, no police involved... yet.

I also wanted to find out how come they (fraudsters) could do such a high transaction in the first place. Turns out, Credit Cards (CC) doesn't have a Point-Of-Sale (POS) limit at my bank. Which is strange, because I was sure there used to be an option before. Only Debit Cards have such a limit as an option from my Bank.

Then, also, I didn't read the sms from my bank, fully and calmly, before acting on it.

Beware swiping your card at these hotspots

supersunbird

Honorary Master

Johann Rous

Member

Johann Rous

Member

Johann Rous

Member

wrinklyo

Well-Known Member

K3NS31

Expert Member

Mike Hoxbig

Honorary Master

isie

Honorary Master

signates

Executive Member

SaiyanZ

Executive Member

2021

Executive Member

Chris.Geerdts

Expert Member

chubster

Senior Member

mercurial

MyBB Legend

supersunbird

Honorary Master

chubster

Senior Member