[ale] OT security not at QT gas pump

Ron Frazier (ALE) atllinuxenthinfo at techstarship.com
Sat Jul 27 19:36:45 EDT 2013


I think entering a pin is a good idea, even though it's a pain.  I hope the new cards don't have rfid, or I'll have to deactivate it or get some of those 3m protective sleeves.  I know you can get cheap sleeves or maybe make your own, but when my debit card number is on the line, I'm willing to pay for a little r&d, to a point.

The gas pump definitely never asked for zip or pin.  I think I just put the card in without selecting credit or debit.  I didn't notice any cameras but they may be there.

Sincerely,

Ron



JD <jdp at algoloma.com> wrote:

>By the end of 2014, in theory, EMV (chip-n-pin) cards
>https://en.wikipedia.org/wiki/EMV will be required across the USA. 
>That means a
>PIN will be necessary for all transactions. Where I've seen them used
>overseas,
>the transaction machine is brought to you to insert and enter the PIN -
>your
>card never leaves your possession.
>
>EMV has security and fraud issues too. Nothing is perfect.  The main
>concern for
>users is when the PIN is entered, it is assumed that you agreed to the
>transaction - little hope of claiming fraud. Some contracts include
>that clause.
>EMV has been used to shift liability to the consumer in some countries.
> I
>haven't seen this clause added to my EMV card here.
>
>On 07/27/2013 05:48 PM, Mike Harrison wrote:
>> On Sat, 27 Jul 2013, Ron Frazier (ALE) wrote:
>>> Had to share this with you.  I go to the QT gas pump.  I swipe the
>debit
>>> card.  The screen says enter your pin number or press no.  So, just
>like I
>>> would if I was a thief, I press no.  The pump asks me to select my
>fuel grade,
>>> which I do.  Then I proceed to fill my tank.  Great security.
>> 
>> On many better systems, you get prompted for a zip code,
>> as others have said.
>> 
>> Option B: "credit card" rather than "debit card" mode, means the
>merchant pays a
>> higher percentage fee for the less secured mode, both in terms of the
>card
>> transaction and your ability to deny the charge (charge back) later.
>Other logic
>> at play may be a limit ($50 or $75) on that swipe only transaction,
>limiting
>> their exposure. I've had pumps when travelling that limited me to a
>$50 charge
>> as a credit card, but no limit in debit mode.
>> You notice it when towing a trailer.
>> 
>> What you also may have run into, but probably not notice, is pumps
>and
>> associated systems with camera's. When you swipe the card, they snap
>a shot of
>> you and your car. The really good ones have camera's mounted at
>angles that can
>> snag you/car and license plate and record a still as part of the
>transaction,
>> saved for as long as they have hard drive space. You'll notice the
>ones at big
>> truck stops with the monitors mounted near the cashiers, but many of
>them are
>> not so noticable.
>> 
>> What really keeps ancient credit card technology secure is that
>-most- people
>> are honest, and most dishonest people aren't that bright. What keeps
>me (and the
>> world) paranoid is the few times I've bumped into brilliant bad
>people. They are
>> out there.
>> 



--

Sent from my Android Acer A500 tablet with bluetooth keyboard and K-9 Mail.
Please excuse my potential brevity if I'm typing on the touch screen.

(PS - If you email me and don't get a quick response, you might want to
call on the phone.  I get about 300 emails per day from alternate energy
mailing lists and such.  I don't always see new email messages very quickly.)

Ron Frazier
770-205-9422 (O)   Leave a message.
linuxdude AT techstarship.com
Litecoin: LZzAJu9rZEWzALxDhAHnWLRvybVAVgwTh3
Bitcoin: 15s3aLVsxm8EuQvT8gUDw3RWqvuY9hPGUU




More information about the Ale mailing list