Debit card cloning query

Deep

Deep

Deep

Soldato
Joined
29 Jul 2004
Posts
6,669
Location
Esher
I have been wondering about this for a while, if say i used my debit card in a dodgy atm or at a dodgy shop .

Could someone get my card details, see what my pin is and withdraw money out of my account without using my card?


I know this is how credit card fraud can be done but I'm just wondering if its similar to debit card fraud.

Thanks


Deep
 
Yes.

Worse, your bank will often accuse you of telling other people your pin, and therefore refuse to cover your losses. Their faith in chip/pin seems to be such that if anyone else knows your pin, it must be your fault.
 
Yes, it's the same as credit card fraud, but usually (or maybe even always?) without the added protection you have with a credit card.
 
In a nutshell yes. It is the same as ecommerce, it is the purchasing parties legal obligation to be sure that the person they are handing their details over to and secure and genuine im afraid.

Only advice that can be offered (which is fairly obvious) is dont use any cash machine which has any "clutter" on it, i.e. leaflet holders, etc as they are sure to be a camera attachment.
 
I normally use the cash machine inside a bank anyway, but its interesting to know. Kind of odd on the support side though
 
If your card gets cloned its not a big deal, if they also manage to see your PIN then you are in trouble. As long as you cover your PIN the only thing you need to worry about is dodgy websites and keyloggers!

Something interesting about the PoS machines is that the internal circuitry has no encryption so in theory (and it has been done) you could attach in to the circuit and listen in on the information including the PIN being entered.
 
I've had my debit card cloned. LloydsTSB did refund the money (the next day), however the first I knew was going to the cash point and not being able to get any money out. If it had been at the start of the month just as all the bills were going out it could have been disastrous.

I was lucky that the transactions were very obviously dodgy, two customer not present transactions for Nike stuff in Amsterdam and a £1 donation to Muslim Aid.
 
Technical Question...

Is the PIN not stored on the cards magnetic stripe? I know this sounds illogical, but ive got a Natwest online banking one-time password generator thing, and how else can it know if the PIN I input is correct? If this is the case, then an attacker wouldn't need to visually record the PIN.
 
tntcoder said:
Technical Question...

Is the PIN not stored on the cards magnetic stripe? I know this sounds illogical, but ive got a Natwest online banking one-time password generator thing, and how else can it know if the PIN I input is correct? If this is the case, then an attacker wouldn't need to visually record the PIN.
Click to expand...

It's not on the magstrip. I think there's cipher text on the chip that your pin decodes.
 
The PIN is stored on the chip, the reader basically asks the chip if a PIN is correct, the chip says yes or no, after a few consecutive failed attempts the card should just lock itself completely forever.
 
Lagmeister said:
The PIN is stored on the chip, the reader basically asks the chip if a PIN is correct, the chip says yes or no, after a few consecutive failed attempts the card should just lock itself completely forever.
Click to expand...

I'm pretty sure the PIN isn't stored on the chip. It is almost certainly stored as a hash.
 
I got a call from Natwest support to ring them due to a problem with my account last sunday.

When I called them they told me my debit card got cloned, they have stopped the transaction and went through my last few purchses. They stopped my card, sent me a new one, done and dusted. Thankfully, they didn't manage to spend a penny on it, but they did try. £188 in the United Kingdom of Tansania or something like that.
 
Burnsy2023 said:
I'm pretty sure the PIN isn't stored on the chip. It is almost certainly stored as a hash.
Click to expand...

Thats pretty much what I mean, probably should have been clearer, what I meant was that there are methods on the card to check if a PIN is correct against the stored version (in whatever form they may be, cant remember off the top of my head now, but probably is a hash of some form). You "can't" read the value directly, so its fairly secure.
 
Someone was using my Co-Op Credit Card for blatantly fraudulent transactions (£700 Amazon order on a £500 limit card), the previous transactions that weren't mine were a cinema trip (********!) and a donation to Oxfam.

Why do they always seem to donate to a charity if it's only going to be reclaimed by the bank? Is there some procedural reason, like it's unlikely to be tagged as fraudulent or something?

Also the phone centre lady I spoke to accidentally blocked my debit card as well, she was very apologetic when I rang back a few days later to find out what the heck was going on, it became apparent what had happened. Human error on the bank's part completely, poor gal was nearly in tears. :( Because she blocked it accidentally, she hadn't reissued a card either and they can't unblock it. Mistakes happen, but damn I'm unlucky, last time my credit cards were copied, both of them were done at the same time near Christmas, screwing my online Christmas shopping.

This has left me somewhat screwed as I'm leaving for Download festival with no working plastic. Ho hum.
 
The charity donation is likely just to check that card is active and working before making any large purchases with it.
 
You must log in or register to reply here.
Back
Top Bottom