This site is closed to new comments and posts.

Notice: This site uses cookies to function.
If you are not comfortable with cookies then please don't browse this website.

Park Slope Credit Card/Bank Card Fraud! - Page 2 — Brooklynian

Park Slope Credit Card/Bank Card Fraud!

2456

Comments

  • this scam about credit card fraud sounds interesting. sorry that it happen to you.

    its probably a portable scanner someone working in one of the stores where you hand off your card to. it takes just a swipe to copy and clone your card. anyway that totally sucks.

    i like the meth heads ways. they go and steal info from wallets to garbage to mail to get the id and steal tons of money.
  • ^^ That is why i keep my card in view at all times and never, ever use anything but a bank ATM.
  • Actually, I am just going to throw this out there. I haven't been privvy to the conversations on the park slope parents board, but what I can gather off Gowanus Lounge and here is that the majority of people bank with Citi and there is at least one mention of HSBC.

    There is an alarming trend these days (at least to those of us data security practitioners) towards RFID-enabled "smart cards" for banking. Citi pioneered this in NYC and eventually HSBC and Morgan, I think, joined ranks. Deal is either a keyfob (at first) or eventually an embedded chip in the actual card itself that enables someone to just "tap" those POS terminals. Visa recently ran an ad about it and it made me really concerned about how close to fruition this was.

    RFID chips, for those who aren't as knee-deep in it as I am, emit an all the time radio signal. It enables that "proximity purchase" that the tapping crap is all about. The problem is you can't shut the radio frequency off. This thing is always beaming its lil signal out there. People purport that its range is all of inches, but you spend any length of time playing with RFID and you know its more like feet. These days there hasnt been nearly enough talk about encrypting the data on those little chips because its expensive and all those companies would have to agree on how to make that work (geek speak-- the key exhange).

    End result... anyone with about a hundred dollars can purchase an RFID reader. Which means in a physical location (let's say... the subway) I can sit and "pick your pocket" for that signal. No touching required.

    People have been calling me paranoid about this for years. Its what makes me good at what I do. I felt a little vindicated when even MSN started to carry the story only a month or so ago. So if you want to think I am paranoid, join the club, but read this:
    http://articles.moneycentral.msn.com/Banking/CreditCardSmarts/NewCreditCardsAllowHandsFreeTheft.aspx

    I can't help but note that its Citi. I can't help but note that people are loathe to come up with a source but it seems like a large group of people in a generally geographically centralized area.

    My gut tells me this may be a part of it and its going to be a while before people start piecing it together. Cept maybe Citi who probably won't want to admit that some of the security researchers were right all along.

    Two cents contributed.
  • LongTimeSloper wrote: ^^ That is why i keep my card in view at all times and never, ever use anything but a bank ATM.
    also there has been a fraud going around the where you use the locale bodega atms where they clone your card too. they would put in a machine with real money etc.. but when you use it. they get all your debt card info and pin number etc....
  • armchair_warrior wrote:
    also there has been a fraud going around the where you use the locale bodega atms where they clone your card too. they would put in a machine with real money etc.. but when you use it. they get all your debt card info and pin number etc....
    god that is so 2004
  • i just found out this morning that my citibank credit card was hit also.

    i rarely make online purchases, and my last few charges were indeed at park slope establishments (i live here). i have a suspicion about what business it might be, but i would also not be surprised to find out it's a citibank issue. they told me they couldn't release any info, because it was currently under investigation.

    makes sense.

    first chance i get, i suppose i should hit up the police station.

    i was just bitching saturday night at song about all these damn cash only restaurants, and now this. guess i'll be all cash, all the time for a while now till the whole thing is sorted out.

    love song btw...food's great.
  • i love song too. have you check out their sister restaurant (og) joya. its pretty good too.
  • Its not a Citi issue - I have a Chase card. BUT it does have that little encryption chip thing on it, so I suppose I can't rule that out. Its just a little coincidental that it is happening in this small radius and all at the same time.

    Other people who got scammed, does your card have the chip in it too?
  • Ok, so just to be clear, it doesn't matter the vendor of the card so much as is it RFID enabled. I just know the Citi has been using it alot. But Chase has too. They just weren't the first adopters that Citi was.
  • well, I feel a bit constricted. While my card hasn't been hit, I recently started using my debit card at a local establishment where I wonder if they do any kind of security to prevent card fraud. Since we are being discouraged to talk about the places where people suspect it happened, and I understand that it's speculation, I prefer to be armed with *some* info.

    It's helpful to know that people are being hit with charges, but without knowing if there's any connection to local businesses that I frequent, the info isn't as helpful. It's like stating there's a rash of muggings in PS, but not stating the location.
  • Pitu, I wouldn't worry too much. But I would be smart about how you use cards.

    Play out the scenario of wanting to steal credit cards. Its very cost prohibitive to play out the scenario that Armchair detailed. Yeah, I could go out and buy a debit card machine on ebay, stock it with some decent cash, imprint the numbers off it, imprint the same info off the magnetic stripe and then give you your $200. But if you think about it, I've just ponied up a lot of cash for one credit card number. It's not a good mechanism now for theft unless we are talking full on organized crime. It happens, but it doesn't happen often. More frequently is the stealing of the ATM altogether.

    Other option, I could put a little reader that sits over where you put your card into. This is more frequent. But in a store its hard to pull off. Most store owners really are good people. So now I have to con my way into the store and plant this thing and hope it looks inconspicuous. Not overly likely. Especially in hyper-vigilant Park Slope. We notice everything.

    RFID is the new uncharted frontier. I think it is a ripe vector for abuse. But you can get around it if you want to. You can contact your bank and demand a card that is not RFID enabled. Is swiping the card really that much extra work?! You can shield the card itself by housing it in something that blocks the radio signal. (you can be a tool like me and carry the worlds ugliest wallet because it is RFID blocking).

    Best course is to use your non-RFID card that is credit card only. Credit cards are covered against theft. Use your bank card for cash at a bank ATM and don't stress out about it too much. A few cautious steps and you are good to go.

    Now breaking into larger companies that do transaction processing, or even easier watching the unencrypted traffic off your iPhone (that is actually even easier than stealing RFID signals)... thats a whole new animal.
  • jayce wrote: Actually, I am just going to throw this out there. I haven't been privvy to the conversations on the park slope parents board, but what I can gather off Gowanus Lounge and here is that the majority of people bank with Citi and there is at least one mention of HSBC.

    There is an alarming trend these days (at least to those of us data security practitioners) towards RFID-enabled "smart cards" for banking. Citi pioneered this in NYC and eventually HSBC and Morgan, I think, joined ranks. Deal is either a keyfob (at first) or eventually an embedded chip in the actual card itself that enables someone to just "tap" those POS terminals. Visa recently ran an ad about it and it made me really concerned about how close to fruition this was.

    RFID chips, for those who aren't as knee-deep in it as I am, emit an all the time radio signal. It enables that "proximity purchase" that the tapping crap is all about. The problem is you can't shut the radio frequency off. This thing is always beaming its lil signal out there. People purport that its range is all of inches, but you spend any length of time playing with RFID and you know its more like feet. These days there hasnt been nearly enough talk about encrypting the data on those little chips because its expensive and all those companies would have to agree on how to make that work (geek speak-- the key exhange).

    End result... anyone with about a hundred dollars can purchase an RFID reader. Which means in a physical location (let's say... the subway) I can sit and "pick your pocket" for that signal. No touching required.

    People have been calling me paranoid about this for years. Its what makes me good at what I do. I felt a little vindicated when even MSN started to carry the story only a month or so ago. So if you want to think I am paranoid, join the club, but read this:
    http://articles.moneycentral.msn.com/Banking/CreditCardSmarts/NewCreditCardsAllowHandsFreeTheft.aspx

    I can't help but note that its Citi. I can't help but note that people are loathe to come up with a source but it seems like a large group of people in a generally geographically centralized area.

    My gut tells me this may be a part of it and its going to be a while before people start piecing it together. Cept maybe Citi who probably won't want to admit that some of the security researchers were right all along.

    Two cents contributed.
    Thx for bringing that up! I rejected a card from my bank that included a "SmartChip", but then as time went on . . . well, you don't always stop the tide of privacy invasion. This is as big a possibility as a card cloning evil waiter . . .
  • Interesting info, Jayce.

    So is what you're saying is that it's unlikely that card numbers were taken from these local stores via employees but harvested in another way (online, RFID, etc)?
  • I just got home and went through my statements online from Oct forward and there are only 18 places in PS I had used my card from mid-October until right before the fraud, counting grocery stores, ATMs, restaurants, etc.

    If anyone else has a list please PM me or e-mail me so we can compare.
  • listen, I can say only how I would do it. And its my job to find ways to do it.

    Were it me, it's a quick and easy win. For the cost of about $150. Its a matter of time before it is done. I just expected it would be done someplace other than my home area first. Coulda saved me a lot of time on planes, you know?
  • Subject: Card numbers stolen

    Hi,
    My husband had his bank card (it is a debit but has a MC logo on it) on him during the holidays(which we spent here in Park Slope), yet someone charged hundreds of dollars worth of gas and oil in Florida WITH HIS CARD (obviously a dupe). Three months ago (right before our wedding) the same thing happened to me. I used my bank card (MC logo but debit) and someone (who deserves to rot in you know where..) cleaned out ALL of my checking account money, almost $2k at a Walmart in Florida - using in theory, a dupe card of mine.

    We only use our cards (well, used too) when we have too - short of cash namely at a grocery store in the neighborhood. I would NEVER want to name locations but I do think it would be nice to figure out what the deal is about these crimes. I'm still furious about what happened to me and then for it to happen to my husband three months later...wow, we were pissed. And now we only have debit cards, not debit/anything that could be mistaken for a credit card.

    Whoever did this (and continues doing this) belongs in behind bars. When they cleaned my account out, I almost bounced checks because of them, and my husband ONLY noticed the charge because we do all of our banking online.

    Anyway, sorry for the rant. I'm so sorry for anyone this has happened too. I wish we could stop it from happening again.

    Cheers.
  • This is really interesting, jayce - I think we could narrow it down to the possibility of that being the case. We need to find out if these other people have cards with that technology. Mine did.
    Anyone else?
  • RockerGirl77 wrote: This is really interesting, jayce - I think we could narrow it down to the possibility of that being the case. We need to find out if these other people have cards with that technology. Mine did.
    Anyone else?
    I think the question is, do any of the major bank cards NOT have that technology at this point.
    bummer.
  • Even if it is that technology, we can still narrow it down to where it could have happened.

    Also, does anyone have any idea how long the bank usually takes to research this and give your money back? The Chase press release about their stupid "blink" technology (hereto known as "blink and your personal info will be stolen") states that cardholders will not be responsible for any fraud. Thats great, can I have my $182 back now then?
  • I don't think my bank card has that technology in it-but, i bank with a smaller , local bank. Not one of the biggies.
  • RockerGirl77 wrote: Even if it is that technology, we can still narrow it down to where it could have happened.

    Also, does anyone have any idea how long the bank usually takes to research this and give your money back? The Chase press release about their stupid "blink" technology (hereto known as "blink and your personal info will be stolen") states that cardholders will not be responsible for any fraud. Thats great, can I have my $182 back now then?
    RockerGirl-you did not use a credit card, you used a debit card. the credit card protection that you are talking about does NOT include debit cards. That's a different story altogether.
  • There are still banks that don't use rfid. But like I said, you can still protect what you have and shield it. At which case the danger is only when you pull it from its shielding for a few seconds. and I am not 100% sure thats what this is, but its a good bet that shouldn't be ruled out. At which point it may be a moving target. IE someone with a RFID reader.

    LTS, your issue may be one of the one-offs. Yours may be unrelated but timed well. Still too early to say. But I think its a theory worth chasing down cause its been plausible for a while now.
  • LongTimeSloper wrote: RockerGirl-you did not use a credit card, you used a debit card. the credit card protection that you are talking about does NOT include debit cards. That's a different story altogether.
    Yes, but according to Chase, it counts for any card with the "Blink" technology. Here is what they say about the Blink Debit cards:

    Transactions made using cards with blink are on average completed up to 25 percent more quickly than those done with cash, and can be up to 40 percent faster than other payment methods at locations such as quick service restaurants, convenience stores and movie theatres. When using the blink functionality, the Chase debit card is held within one to two inches of a card reader to conduct a transaction, minimizing the possibility of an unintended purchase. The card readers have a built-in safeguard that prevents more than one card from being read at a time, and purchases above $25 require a signature as an extra security measure. The cards also come with zero liability for fraudulent transactions, along with quick replacement of lost or stolen cards, and the ability to track account details online at Chase.com.

    This whole technology sounds stupid to me. What if it was in your pocket and you were standing next to something waist-high that scanned it? I wonder if everyone who's having the fraud issues right now has this, and if so I bet thats what it is.
  • Wow. Y'know after watching too much Law & Order, I'd think they'd solved it by now. The 78 must have a list of merchants that you have in common. Would it be wrong for the victims to email each other privately and figure out who they have in common? If it's not the merchant's fault, I'm sure they'd want to know who the guilty empoyee is!
    I understand it's not ethical to bounce names around here, but this is serious and so widespread...
    Is it wrong to share info privately?
  • i say trade away :p.post emails and pm's to each other.
  • of course it's not unethical to trade information privately, but keep in mind it might not actually be a business with a card swipe fraud operation -- it could be the RFID technology being accessed and misused.
  • The Chipster wrote:
    I understand it's not ethical to bounce names around here, but this is serious and so widespread...
    Is it wrong to share info privately?
    So you don't stop shopping at a local business for no reason? Cause that could be the result even self-consciously.

    Just what the economy needs, this scandal.
  • Innocent X wrote: [quote=The Chipster]
    I understand it's not ethical to bounce names around here, but this is serious and so widespread...
    Is it wrong to share info privately?
    So you don't stop shopping at a local business for no reason? Cause that could be the result even self-consciously.

    Just what the economy needs, this scandal.

    I don't think that if a "common denominator" is found (in private messaging, of course!) that people will necessarily stop shopping there -- I think what would happen is that most people would be a little more careful and use cash in that establishment.
  • Subject: Credit card fraud

    At least one poster mentions having a Chase Visa. When Chase sent me a new Visa card with the "blink" symbol, allowing me to pass it near a designated receiver in some stores and to therefore use the card without its leaving my hand, I had fraudulent charges in a matter of weeks--never before--and was convinced the info had been stolen before the card was even delivered to me. Now I see Citibank has this PayPass program (including useability at some subway stations) and wonder if there could be a connection.
    In keeping with the prior posts which won't name their "suspects" I won't identify which quasi-governmental institution might have crooked employees, people who have access to our mail before we do, often in other areas of the country. However, I am reminded of a period several years ago when I had to change which postal zone I mailed my Netflix DVDs back from so they would reach their destination.
    As to the customer "not being responsible": how about the fact that, when they decide they need to change your card number (which has happened to me), it's the customer who has to notify the 20+ companies who already have that number for periodic or other payments?
Sign In or Register to comment.