Credit Card Privacy
Good article in the Washington Post on all the surveillance associated with credit card use…. Continue reading Credit Card Privacy
Collaborate Disseminate
Good article in the Washington Post on all the surveillance associated with credit card use…. Continue reading Credit Card Privacy
Modern credit card skimmers hidden in self-service gas pumps communicate via Bluetooth. There’s now an app that can detect them: The team from the University of California San Diego, who worked with other computer scientists from the University of Illinois, developed an app called Bluetana which not only scans and detects Bluetooth signals, but can actually differentiate those coming from… Continue reading Detecting Credit Card Skimmers
In Gmail addresses, the dots don’t matter. The account "bruceschneier@gmail.com" maps to the exact same address as "bruce.schneier@gmail.com" and "b.r.u.c.e.schneier@gmail.com" — and so on. (Note: I own none of those addresses,… Continue reading Using Gmail “Dot Addresses” to Commit Fraud
In Gmail addresses, the dots don’t matter. The account "bruceschneier@gmail.com" maps to the exact same address as "bruce.schneier@gmail.com" and "b.r.u.c.e.schneier@gmail.com" — and so on. (Note: I own none of those addresses, if they are actually valid.) This fact can be used to commit fraud: Recently, we observed a group of BEC actors make extensive use of Gmail dot accounts to… Continue reading Using Gmail "Dot Addresses" to Commit Fraud
A new study finds that credit card fraud has not declined since the introduction of chip cards in the US. The majority of stolen card information comes from hacked point-of-sale terminals. The reasons seem to be twofold. One, the US uses chip-and-signature instead of chip-and-PIN, obviating the most critical security benefit of the chip. And two, US merchants still accept… Continue reading Chip Cards Fail to Reduce Credit Card Fraud in the US
Interesting research paper: "Fear the Reaper: Characterization and Fast Detection of Card Skimmers": Abstract: Payment card fraud results in billions of dollars in losses annually. Adversaries increasingly acquire card data using skimmers, which are attached to legitimate payment devices including point of sale terminals, gas pumps, and ATMs. Detecting such devices can be difficult, and while many experts offer advice… Continue reading Detecting Credit Card Skimmers
Watch how someone installs a credit card skimmer in just a couple of seconds. I don’t know if the skimmer just records the data and is collected later, or if it transmits the data back to some base station…. Continue reading Installing a Credit Card Skimmer on a POS Terminal
New research: "Leaving on a jet plane: the trade in fraudulently obtained airline tickets:" Abstract: Every day, hundreds of people fly on airline tickets that have been obtained fraudulently. This crime script analysis provides an overview of the trade in these tickets, drawing on interviews with industry and law enforcement, and an analysis of an online blackmarket. Tickets are purchased… Continue reading Airline Ticket Fraud
Researchers have found that they can guess various credit-card-number security details by spreading their guesses around multiple websites so as not to trigger any alarms. From a news article: Mohammed Ali, a PhD student at the university’s School of Computing Science, said: "This sort of attack exploits two weaknesses that on their own are not too severe but when used… Continue reading Guessing Credit Card Security Details
There’s a new French credit card where the CVV code changes every hour…. Continue reading Credit Cards with Changing CVVs