Jump to content
Ad: Genuine Toyota parts & accessories from the Toyota official store on eBay ×
Do Not Sell My Personal Information


  • Join Toyota Owners Club

    Join Europe's Largest Toyota Community! It's FREE!

     

     

Shell Stopping "chip -n- Pin"

Bibbs

By Bibbs,
in General Club Discussions

 Share

Recommended Posts

Bibbs Grand Master

Bibbs

Posted
Posted

BBC

Nice and safe then .. From another forum.

Dozen's of customer were at my local Lloyds bank yesterday querying "fraudulent" activity on their account. The common factor was they all had gone to the same local Shell petrol station in the last few weeks.

Turns out that despite the "machine" - and you card in your slot - being totally visible at all times, there was an extra lead out of the back of the machine to a "cloner" under the desk

Colleagues at work were stung for between £400 and £700 as a result of the scam.

Link to comment
Share on other sites

Caz SR Veteran

Caz SR

Posted
Posted

I hate chip and pin - always have done, always will. The machines you have to enter the number in do not sheild you in anyway and several times I've seen people blatently looking when I'm entering information. I try and cover the numbers with my hand and use my thumbs, but the buttons are so small and fiddly sometimes you don't have an option.

Not surprised someone came up with a cloning machine anyway. I never thought it would be as safe as they made out.

Link to comment
Share on other sites
Bibbs Grand Master

Bibbs

Posted
  • Author
Posted

This is how my card gone done last month :censor: :censor:

Guildford .. was where the "quote" was from ..

Link to comment
Share on other sites
knowlson Grand Master

knowlson

Posted
Posted

This is how my card gone done last month :censor: :censor:

Guildford .. was where the "quote" was from ..

Mine was in kingston :ffs:

Link to comment
Share on other sites

minidoughty Mentor

minidoughty

Posted
Posted

mine was done before chip and pin existed, in kingston!!!

Link to comment
Share on other sites
Demonic Angel Grand Master

Demonic Angel

Posted
Posted

No matter what you do to "protect" yourself, whether its the introduction of chip and pin or whatever else they come up with to secure our details, there is always someone who can hack it....

Ok, so its harder than a signature to forge, but like Caz says, people give you no privacy in a shopping queue and I've forgotten how many times I've had someone right behind me (I really hate that, I have my space, you have yours, dont invade my space, I wont invade yours)

I'm guessing then that it was an employee of Shell who fitted this device to the machine?? Fills me with great confidence because I get my petrol from Shell.... :rolleyes:

I can't wait til everything is fingerprint scanned.... you'll have people chopping off peoples fingers to get to their cash.... :rolleyes:

Link to comment
Share on other sites
Lou-Lou Proficient

Lou-Lou

Posted
Posted

In the Shell garage I go to, the guy seems to still get you to sign for some reason...

He swipes your card, hands you it back, then gives you the receipt to sign, takes a copy and give you your copy...

Nice to see he's checking the signature I give him against my card..

Link to comment
Share on other sites
Johndcfc Experienced

Johndcfc

Posted
Posted

I had to sign last night at Shell for petrol.

Of course capitalone will now call me and ask if I know my pin number now..... :rolleyes:

With the price of petrol at the moment it feels like 'fraudulent' activity is going on anyway!

Link to comment
Share on other sites
Demonic Angel Grand Master

Demonic Angel

Posted
Posted

Nice to see he's checking the signature I give him against my card..

Thats why it was so easy for them.... never mind its a bloke handing a card in the name of Miss A Smith over, they never checked the signature anyway...

When I worked in retail, we were told to check the name on the card (obviously for the above reason) and check the signature.....

We even had one, a guy brought in a card with a female name on it.... he insisted it was his Mums card and he had permission to use it.... yeah, good one mate, I'll just get security... :lol::lol:

Link to comment
Share on other sites
Fidgits Grand Master

Fidgits

Posted
Posted

No matter what you do to "protect" yourself, whether its the introduction of chip and pin or whatever else they come up with to secure our details, there is always someone who can hack it....

Ok, so its harder than a signature to forge, but like Caz says, people give you no privacy in a shopping queue and I've forgotten how many times I've had someone right behind me (I really hate that, I have my space, you have yours, dont invade my space, I wont invade yours)

I'm guessing then that it was an employee of Shell who fitted this device to the machine?? Fills me with great confidence because I get my petrol from Shell.... :rolleyes:

I can't wait til everything is fingerprint scanned.... you'll have people chopping off peoples fingers to get to their cash.... :rolleyes:

actually, its not that hard to hack a biometric scanner..

I wont go into how they work, but in essence your fingerprint will relate to a code that is stored on your Smart Card - so its actually easier, because if they get your card info from a swipe (magenetic strip) they just replicate it, and fit the code of their print into the chip...

The only way to avoid the issue is to store the code on the central server, but imagine the traffic to the server, and your gonna have to secure the info end to end...

actually, i think i might give ingenico a call :D

Link to comment
Share on other sites
Johndcfc Experienced

Johndcfc

Posted
Posted

actually, its not that hard to hack a biometric scanner..

I wont go into how they work, but in essence your fingerprint will relate to a code that is stored on your Smart Card - so its actually easier, because if they get your card info from a swipe (magenetic strip) they just replicate it, and fit the code of their print into the chip...

The only way to avoid the issue is to store the code on the central server, but imagine the traffic to the server, and your gonna have to secure the info end to end...

actually, i think i might give ingenico a call :D

I know nothing about this but doesnt the credit card talk to a central server to check if the card is valid/has enough funds for the transaction anyway?

Link to comment
Share on other sites
DefiantFrog Mentor

DefiantFrog

Posted
Posted

Of course capitalone will now call me and ask if I know my pin number now..... :rolleyes:

Hey... We're just looking after our customers!! :thumbsup:

Chip and Pin is rubbish, apparently less secure than the magnetic strip to hack! And as for signing for things, I sign my cards, and within weeks the signature is illegible through wear and yet the vast majority of people accept it without question! Reckon as long as you don't look nervous when you sign you can get away with anything! Which brings about another interesting point of "Well, it wasn't me that brought that very very expensive TV - look its not even my signature on the receipt! I want my money back!"

Link to comment
Share on other sites
Fidgits Grand Master

Fidgits

Posted
Posted

actually, its not that hard to hack a biometric scanner..

I wont go into how they work, but in essence your fingerprint will relate to a code that is stored on your Smart Card - so its actually easier, because if they get your card info from a swipe (magenetic strip) they just replicate it, and fit the code of their print into the chip...

The only way to avoid the issue is to store the code on the central server, but imagine the traffic to the server, and your gonna have to secure the info end to end...

actually, i think i might give ingenico a call :D

I know nothing about this but doesnt the credit card talk to a central server to check if the card is valid/has enough funds for the transaction anyway?

not always, (it might with chip and pin though), but the key point is its an authorisation request.. and to you it takes a couple of seconds (up to 20/30 at peak times, im sure you've all been there) and all it is is a simple 'is this card active and valid' or 'disallow', very small amount of data.

With chip and pin, im pretty certain your pin number is stored [encrypted] on the card, in the chip - because the transaction time would be too long to authorise it to the central server...

Link to comment
Share on other sites

Pug Bug Enthusiast

Pug Bug

Posted
Posted

I got a call from my credit card company telling me i had been a victim of fraud and asking if i had been using Shell. Interestingly i only use Shell to fill up. Two transactions one in Holland the other in Spain nothing to do with me.

New card and new PIN time me thinks.

Link to comment
Share on other sites
JAHill Experienced

JAHill

Posted
Posted

I've done programming work with magstripe and smart card systems and they are all (with a little outlay) fairly simple to crack. The magstripe technology I took over was for an energy card system. The existing cards actually had the pounds value clear as day on the card along with the date of the transaction. Anyone with a card writer and a bit of software could have gotten free heat for as long as they could stop the meter being read. There was only about 200 bytes of space for info on the card in total (there are actually three data strips on a magstripe card) which doesn't allow for a great deal of encryption. Suffice to say, we put a bit of encryption and checks on the card!

Smart cards are better but even so, they still don't hold a great deal of info. Personally, I can't see the point of CaP. It's just an excersise to make you *feel* safer rather than *make* you safer because making your card safer would cost more than the banks would want to pay. It's cheaper for them to be insured against loss! ;)

Link to comment
Share on other sites
Flat Pack Rising Star

Flat Pack

Posted
Posted

The chip in chip and pin less secure than the magnetic strip? lmao.

That's why they're copying the magnetic strip in this scam then, same as every other card cloning ever. Just this time they've managed to attach the card reader to Shell's chip and pin terminals (and get access to the pin number, which is a bit scary), rather than the usual cash machines.

It's also why the fraudulent transactions are taking place abroad. No copy of the chip, so they can't use them anywhere in the UK that's chip and pin enabled.

I don't get this paranoia about people being able to see the numbers you enter either. If someone really wanted to steal your card to use it, finding out a set of numbers is probably harder than practising for a couple of minutes to copy a signature well enough (given that most people barely check them) anyway. Most of the time they don't want your card though, they want to COPY IT. Copying the magnetic strip is easy, then they can make a new card with whatever signature on it they like. Copying a chip is currently very very hard (it'll get easier with time though and we'll have to move to something else... magnetic strips were secure when they were first made too).

Link to comment
Share on other sites
knowlson Grand Master

knowlson

Posted
Posted

It's also why the fraudulent transactions are taking place abroad. No copy of the chip, so they can't use them anywhere in the UK that's chip and pin enabled.

All the money that was taken from my account was in london, as they have your pin and a clone of your card nothing stops them going to a cash point and taking the money out. That cash point machine WILL NOT stop the cash being taken out just because it does not have the chip. It will only RECORD that the money was taken out via a card without a chip.

It's all a load of bo :censor: s

Link to comment
Share on other sites
JustJJ Grand Master

JustJJ

Posted
Posted

Hmmm I fill up at Shell... tho I know most of the peeps who work thre now lol... but gonna keep an eye on things... :P

tbh... I have heard of people standing behind someone in the queue for a cash machine... they watch as you pop in your pin number... shove it in their mobile like they are writing a txt or something...

They then have a mate who will nick your card... and together they have card and pin...

saw it on TV a bit ago... nothing still stopping this from happening....

Link to comment
Share on other sites
Flat Pack Rising Star

Flat Pack

Posted
Posted

Yeah there are cash machines that aren't chip and pin or allow non chip cards to work still, its the magnetic stripe that's the weak link though. They should be disappearing anyway (not much use to you though...).

There isn't anything to stop someone learning your pin and then stealing the card, but there's nothing to stop them just stealing the card and learning your signature either. Its just not worth the effort on a large scale though, the cards will go dead very fast as people realise they've been nicked and it'll take time to target each person, get their pin and steal their card.

Far easier to bung a card skimmer on something, get a whole load of cards and then make new ones that won't go dead anywhere near as fast. That's what chip and pin is supposed to prevent, its just backwards compatibility with the magnetic stripe that's buggering things up at the moment.

Link to comment
Share on other sites
bert.tsport Proficient

bert.tsport

Posted
Posted

a guy i work with had his card skimmed at a cash point, and they emptied his account and overdraft £3000 in £100 transactions spaced a few mins inbetween at the same cash point!!!! nationwide ...

when he asked how the machine did not block the card for missuse , apparently nationwide cash points dont have the facility too?????????? he has a max withdrawl limit of £500 per day too... :ffs:

its still under investigation , 4 weeks on and no money returned as yet....

:thumbsup: bert

Link to comment
Share on other sites
JAHill Experienced

JAHill

Posted
Posted

Used my card at the Post Office last week and the PIN failed three times in a row (I was entering the number correctly btw!)

The machine told the operator to take my card and signature then hand my card back! :eek:

Surely, if the pin fails three times then that should be it... Card dead!?

What-is-the-point?

Link to comment
Share on other sites
sotal Grand Master

sotal

Posted
Posted

One tip is that you are supposed to hover your finger over a different number and make it look like you press it first, while we wait for the machine to be ready we apparantly hover over the first number, so a theif can make a note of the first number then they only have to remember 3 numbers which is easier.

Link to comment
Share on other sites
Karma Supra Grand Master

Karma Supra

Posted
Posted

Meh I never liked it either...

The only reason Banks went for chip and pin is because of liability in the case of a fraudulant claim. If someone uses your pin code they can simply shift the blame onto you for not keeping it secret enough.....

Link to comment
Share on other sites
kingdeacon Proficient

kingdeacon

Posted
Posted

i had my card cloned few years back and lost £1000. so what i do now is only use cash, its so much better in lots of ways. I go to the bank once a month to withdraw a load of cash, i then take it home and put it in my safe at home and take it out as and when i need it. I like to have a least £100 on me at all times just in case. this way seems safer to me, plus i dont have to find a cash point every !Removed! day like i used to or cue for one. no need for pin numbers, and no getting my money unless you fight me for it which is better, plus you would only ever get what ever i had on me and not my bank balence. i aslo find i save money this way because you can only spend money you have, and you realise what your spending better when you see it leave your pocket. cut your cards up and use hard cash

oh and for online stuff which i do somtimes use i have a debit card with a small amont of money in and no over draft so there is nothing to be lost there, and if i want to buy something that costs alot i will pay that amont in it only

touch wood i've been safe so far

Link to comment
Share on other sites

Latest Deals

Toyota Official Store for genuine Toyota parts & accessories

Disclaimer: As the club is an eBay Partner, The club may be compensated if you make a purchase via eBay links

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing






×
×
  • Create New...




Forums

News

Membership
  • Insurance
    •
  • Support
    •