Pro Tour Punditry
Guru
Should the thread title not be changed to something like: My card was lost/stolen and used to attempt to purchase goods
Change it to one you'll remember just as easily. When you get the chance.I forgot to mention this the other day. My replacement card arrived on Wednesday. I know (thought) they'd send a following letter,about 2 days later with a new PIN number on. Seeing as the supposed letter would be sent to my now locked up old flat,i couldn't activate my new card without finding out the new PIN. I'd run out of cash so i couldn't even buy a bus ticket to go to the nearest branch 3.5 miles away,so i biked it,taking bills/letters to prove who i was/am. They scrutinised the letters and asked me security questions,all taking about 20 minutes. Then they said,right here's your PIN number. But that's the same one i had before,i replied. Yes,we thought you couldn't remember it said the cashier. Of course i could remember it,but i thought you gave a new PIN number when handing out new cards,i replied.
Silly me. All that hassle. I could've just used it straight away, if i'd known you kept the same PIN.
The scanner could simply be relaying the transaction conversation over some other connection (possibly even mobile data) to another person buying shoot with a phone app in a wallet. The shop can't see the card, so can't see they don't physically have it.
Of course, this is much less scary than cloning a card, at least while the transaction limit is £30.
They can be read. Even my old kit can see up to 16 cards at once because it's the sort of thing you may want to do for bulk-issuing of cards. I suspect most till software just aborts if it can see multiple cards because it can't tell which you want to use. Scammers won't care as long as they can use something.
I wrote relaying, not replaying. I know it's robust against replay attacks, but they are vulnerable to relaying because the card doesn't require being pressed and doesn't bleep or anything to say it's being used.You can't replay transactions to buy stuff. The conversation is unique to every transaction and the remote machine needs to know the crypto codes generated but never shared in the original conversation. So it'd just fail completely.
No, but you can make many first purchases with a card in someone else's bag near the other end of the relay.Relaying won't achieve anything. You can't make a second purchase with that data.
... A PITA that could have been avoided if they would have let me let them know in advance that I was going to be in Colorado. ...