Credit card security and fraud

[Bobster]

So P 80 has settled with Maryland, no sales at all in state and they must submit a list of all sales. oh and pay a fine of $1mill.

Are my credit-card using peeps paying attention? There will be plenty more court-ordered confiscation, I mean customer lists in the future... While the alphabets probably won't be knocking down your door (unless you have purchased 100s), there is a GREAT possibility those lists will fall into public hands. But don't worry, no one will EVER use that info to dox or to rob you...

 

[Racer88]

Are my credit-card using peeps paying attention?

There's no other practical way to buy them, eh? Unless you have a local dealer where you can pay cash and walk out with it. I've never seen P80 frames available at any brick & mortar local store.

 

[Bobster]

There's no other practical way to buy them, eh? Unless you have a local dealer where you can pay cash and walk out with it. I've never seen P80 frames available at any brick & mortar local store.

Look, I'm just the messenger here... LINK

The point I want to make is that someone might want to buy a gun-related part or parts from any number of vendors and have the comfort of knowing the vendor will NOT be sharing their info willingly with some fucking assholes who potentially have the power to abuse that info.

I think if Midway or Brownell's or PSA, etc. were court-ordered to give up customer info/purchases, the vast majority of the stuff and people on that list would be somewhat innocuous and lawful. They are already limiting the shipment of normal* cap mags to communist states and so on. But I would also hope they would make a stand and vigorous attempt to protect customer information because it IS proprietary--it IS part of the business and should not be willingly shared because it has value.

With a company like P80 who deals with a potentially "illegal" products (in some states), I would expect a certain amount of anonymity and privacy for their customers. But a "weaponized" justice system has made that impossible. Cocksuckers with gov't money and gov't lawyers leaning hard on the "little guy" because they don't have to pay or take responsibility for it.

I can understand why P80 settled but it is like negotiating with terrorists for hostages--it is only going to incentivize more terrorists (Dumpocrap cities and legal teams) to take more hostages (sue smaller gun companies and dealers). The gun "crime" problem is not going to go away by getting rid of the inanimate object (not that they will be able to)--the problem will go away through expedited capital punishment and forced sterilization...

*free-state normal

 

[Racer88]

Look, I'm just the messenger here.

I don't think anyone here (using credit cards for purchases) suffers under any delusion that their purchases are truly private or guaranteed against unconstitutional seizure.

But there is no other practical way to procure certain products for most of us. So, we take that risk, eh? But it's not because we're not "paying attention."

 

[Bongo Lewi]

I don't think anyone here (using credit cards for purchases) suffers under any delusion that their purchases are truly private or guaranteed against unconstitutional seizure.

But there is no other practical way to procure certain products for most of us. So, we take that risk, eh? But it's not because we're not "paying attention."

Call your credit card company once a year and tell them you lost the card. You get a new number. That doesn't make it impossible to track or trace your buying habits. But it does make it harder. If they are querying your individual sales records (which they are not unless you are a suspect of a crime) they start with gun related sales, sorted by number. They don't go by name because a lot of people have the same name.

Bear in mind that banks who issue credit cards do not commingle or conjoin their databases in any way. Credit reporting agencies summarize transactions from those databases. They are about tracking your spending and payment habits, not anything at the sales transaction level.

For those who lie awake at night worrying about who gives a shit what they (specifically) are buying, then I suggest legally changing your surname to one of the most common name in the USA: Smith, Johnson, Jones, Brown, Williams. First name? James or Mary is at the top. Move and get a change of address every three years and change your mobile number every two.

The funny thing is I have done nearly all of that but not on purpose. Except change my name. I moved 19 times in 25 years. My grocery store thinks my name is Mr. Potatohead. I never use my real birthday for anything if asked. And I frequently use Visa gift cards to buy ammo and occasionally a firearm.

I use VPN and a dedicated firewall. When I am not using my computer a bot of sorts randomly points my browser to thousands of web sites a day that I have no interest in. Anybody who succeeds in my efforts to foil their tracking will have one Hell of a time figuring out what my genuine interests are.

My second book, following the popular Why You Can't Get Laid: A Guide for Gen Y Men will be The Everyday Guide to Avoid the People You Imagine Are Watching You. There's money in paranoia.


View: https://youtu.be/ZCqh5ROtQRg

 

[Racer88]

Call your credit card company once a year and tell them you lost the card. You get a new number.

LOL! No need to do that. Mine get cancelled due to fraud about twice a year ever since they've gone to the "more secure" (LOL!) chip cards.

 

[Bongo Lewi]

LOL! No need to do that. Mine get cancelled due to fraud about twice a year ever since they've gone to the "more secure" (LOL!) chip cards.

Some people are just lucky that way!

 

[Racer88]

Some people are just lucky that way!

It's a giant pain in the ass. I never had that problem until they added "security" to the cards. The chip cards are bullshit. Seriously. If anything, they are LESS secure. RFID chips can be scanned easily, even from a distance.

 

[Bongo Lewi]

It's a giant pain in the ass. I never had that problem until they added "security" to the cards. The chip cards are bullshit. Seriously. If anything, they are LESS secure. RFID chips can be scanned easily, even from a distance.

RFID cards use one-time codes to complete each transaction. Every time you use your RFID card, a new code is created. That makes it more difficult for your information to be compromised. Somebody snarfing your RFID would literally need to be up your ass to capture a code and it would be utterly useless unless they used the random code they grabbed on the same card reader within minutes. EMV cards are similar and usually require a pin, so you have the added security of two factor authentication.

Bottom line is the bad guys have to be really sophisticated to compromise an RFID credit card. The most likely scenario is your actual credit card number was compromised by some vendor you bought something from. Or it was captured as the number went across the wire, which is also difficult because that traffic is encrypted. It's more likely that buying stuff online is what caused your cards to be compromised, not the RFID card. Or... there's malware on your computer.

Often, I purposely misspell my first name just to see who is selling my information after saying they dont. I just reverse or substitute a couple of characters ... example: Instead of Joseph I spell it Jozeph or Josepf (that is not my real name). It sails thru credit card approval every time. But later, I start getting emails and spam, sometimes phishing emails using my misspelled name. I know exactly who ratted me out or has weak security on their online store. I also generate one time use/fake email addresses. That's pretty handy when you want people to stop spamming you. The email sent to that alias lands in your inbox, but you can kill that fake address whenever you choose.

 

[Racer88]

RFID cards use one-time codes to complete each transaction. Every time you use your RFID card, a new code is created. That makes it more difficult for your information to be compromised. Somebody snarfing your RFID would literally need to be up your ass to capture a code and it would be utterly useless unless they used the random code they grabbed on the same card reader within minutes or it would be useless.

This is not true.... at all.

Your "chip" cards can be scanned remotely. Ask me how I know. My "shielded" wallet did not work. Now I've got the RFID / NFC blocking cards as a "sandwich" around my cards in my wallet. I don't know if they really work. But I'm trying to do whatever I can.

Without a doubt, the new chip cards are FAR worse, security-wise, than the old cards. And my MULTIPLE experiences (since the new chip cards) proves it. I never ever ever had problems with card fraud until the chip cards came along.

 

[Bongo Lewi]

This is not true.... at all.

Your "chip" cards can be scanned remotely. Ask me how I know. My "shielded" wallet did not work. Now I've got the RFID / NFC blocking cards as a "sandwich" around my cards in my wallet. I don't know if they really work. But I'm trying to do whatever I can.

Without a doubt, the new chip cards are FAR worse, security-wise, than the old cards. And my MULTIPLE experiences (since the new chip cards) proves it.

Those blocking shields are essentially Faraday cages and do work but really don't offer much protection for the reasons I mentioned. The thief has a couple of minutes to use the one time code captured thru the air on the reader closest to the card at that moment - or it's worthless.

One (albeit former) exception is RFID chips on passports. Initially, you could snarf someones name and other PII if you were close enough to the passport AND the reader, going unnoticed - which is very unlikely in an airport security line. The 52 bit encryption was not hard to compromise. That was fixed years ago. Ask me how I know. Answer: I worked for the State Department and dealt with embassy security. They also are the gov't agency who issues passports.

RFID credit cards function at 13 MHz. The reader has to be within a foot. And most cards wont transmit anything unless they are physically in the reader. If not, as in cards that do proximity, the data is encrypted. RFID ID badges employers use for building security are easier to skim. They operate at 128 KHz. Since 2020, chip enabled drivers licenses and passports operate at ultra high frequency - 860-960 MHz.

Nearly all credit card chips are not fully RFID-enabled. To summarize... Today’s chip-embedded credit cards don’t actually transmit any useful information that could be captured without inserting the card in a reader. Contactless, proximity credit cards on the other hand do, but every transmission is encrypted. Capturing that data is possible if you are within a few inches of the reader but it's hopelessly scrambled. RFID skimming is mostly myth. It’s far easier and faster for thieves to steal huge quantities of credit card numbers and identities through Internet scams or by simply buying the information on the so-called dark web.

#1 location credit card numbers are purloined besides online? Bars and Strip clubs.

 

[Racer88]

Bars and Strip clubs.

LOL

Where do I swipe my card?

 

[mike334]

Without a political 180 I think the days of mail order gun kits any 12 year old with a Dremel can do in under an hour may rightfully be over. These things have become a plague in schools and on the streets.
They're literally participation trophy "builds". Personally Manufactured Firearms were never an issue when it required tools and actual skill to make a firearm. Once the router AR's and Dremel Glocks hit the market it was a matter of time before they would become a public menace. At least my shop teacher when he realized that I was making Mac 10's marched me over to the band saw and made me cut them up. If these Poly80's had been available I probably would have been making them in Jr High School with nobody noticing.

Don't 12 year Olds need to use their parent's credit card? When I was a child, I literally had to ask to buy any toy on the internet. Those 12 year Olds should have been taught gun safety from the age they played with plastic guns.

Simply put, its stupid parent that are the issue. Good that kids have guns. Life skills. It's bad when you don't teach them how to have discipline.

 

[One Ping Only]

I suspect much of the fraud is from online data harvesting. Or keystroke logging malware.

We have no kids here to compromise our security. But I did need to get my card replaced twice in 3 or 4 years due to CC frauds. Now all online purchases are behind a firewall AND using a VPN.

There have been back doors in POS systems as well. Our first fraud was from that as a network of crooks had a backdoor in the same POS machine system used by a number of local restaurants and our police had been investigating and watching. When I filed my fraud report, they revealed that, and the first three business names they gave me that were under investigation we’d been to.

 

[Bongo Lewi]

Don't 12 year Olds need to use their parent's credit card? When I was a child, I literally had to ask to buy any toy on the internet. Those 12 year Olds should have been taught gun safety from the age they played with plastic guns.

Simply put, its stupid parent that are the issue. Good that kids have guns. Life skills. It's bad when you don't teach them how to have discipline.

When I was a child, there was no public internet. Only an ARPAnet.
If I asked to use my parents BankAmeriCard, I would be sucking on a bar of LifeBuoy just for thinking I was entitled to such a thing.

 

[One Ping Only]

When I was a child, there was no public internet. Only an ARPAnet.
If I asked to use my parents BankAmeriCard, I would be sucking on a bar of LifeBuoy just for thinking I was entitled to such a thing.
View attachment 18021

If I would have asked for such a thing they would have found enough work for me to do to shut me up for over a year…and I already had enough chores. And started my own yard business at age 13.


Poor Ralphie…

 

[RagnoROOK]

Those blocking shields are essentially Faraday cages and do work but really don't offer much protection for the reasons I mentioned. The thief has a couple of minutes to use the one time code captured thru the air on the reader closest to the card at that moment - or it's worthless.

One (albeit former) exception is RFID chips on passports. Initially, you could snarf someones name and other PII if you were close enough to the passport AND the reader, going unnoticed - which is very unlikely in an airport security line. The 52 bit encryption was not hard to compromise. That was fixed years ago. Ask me how I know. Answer: I worked for the State Department and dealt with embassy security. They also are the gov't agency who issues passports.

RFID credit cards function at 13 MHz. The reader has to be within a foot. And most cards wont transmit anything unless they are physically in the reader. If not, as in cards that do proximity, the data is encrypted. RFID ID badges employers use for building security are easier to skim. They operate at 128 KHz. Since 2020, chip enabled drivers licenses and passports operate at ultra high frequency - 860-960 MHz.

Nearly all credit card chips are not fully RFID-enabled. To summarize... Today’s chip-embedded credit cards don’t actually transmit any useful information that could be captured without inserting the card in a reader. Contactless, proximity credit cards on the other hand do, but every transmission is encrypted. Capturing that data is possible if you are within a few inches of the reader but it's hopelessly scrambled. RFID skimming is mostly myth. It’s far easier and faster for thieves to steal huge quantities of credit card numbers and identities through Internet scams or by simply buying the information on the so-called dark web.

#1 location credit card numbers are purloined besides online? Bars and Strip clubs.

Don’t believe the hype.

Reading RFID Cards From Afar Easily

RFID hacking has been around for years, but so far all the builds to sniff data out of someone’s wallet have been too large, too small a range, or were much too complicated for a random Joe t…

hackaday.com

Anything to do with a computer is vulnerable to a man in the middle attack, regardless of the tech.

 

[Racer88]

RFID credit cards function at 13 MHz. The reader has to be within a foot. And most cards wont transmit anything unless they are physically in the reader. If not, as in cards that do proximity, the data is encrypted.

Webroot Blog

www.webroot.com

And I'm pretty sure that's what happened to me here:

Tip! - An exercise in Situational Awareness today.

Went to the park today for the daily dog walk with wifey. Most of the time, the folks there are normal and friendly, ready with a "good morning" as you pass by. Today, as we were making the lap, I noticed a car parked on the side with two women (I think) in it and a young (20-something year...

www.patriotgunbuilders.com

Later that day (or the next, I forget)... my card was used fraudulently.

 

[Bongo Lewi]

View attachment 18036

Webroot Blog

www.webroot.com

And I'm pretty sure that's what happened to me here:

Tip! - An exercise in Situational Awareness today.

Went to the park today for the daily dog walk with wifey. Most of the time, the folks there are normal and friendly, ready with a "good morning" as you pass by. Today, as we were making the lap, I noticed a car parked on the side with two women (I think) in it and a young (20-something year...

www.patriotgunbuilders.com

Later that day (or the next, I forget)... my card was used fraudulently.

Same article: "And while there hasn’t yet been a recorded case of RFID fraud..." It has not happened. The article contradicts itself. Those chip cards were in Europe five years before the US. Not one documented case of credit card RFID skimming anywhere or any time in the past decade. This is internet myth. The defense rests and petitions the judge for dismissal for lack of evidence.

There's no question other types of skimming happen every day. Gas pumps are another common scenario. But they aren't getting the RFID signal and decrypting it. The RFID chip in a credit card is not the same as the one on a pair of Nikes at the local mall. The marketing dipshit who wrote this article for Webroot didn't do editorial review with their engineering or cybersecurity team.

 

[Bongo Lewi]

Don’t believe the hype.

Reading RFID Cards From Afar Easily

RFID hacking has been around for years, but so far all the builds to sniff data out of someone’s wallet have been too large, too small a range, or were much too complicated for a random Joe t…

hackaday.com

Anything to do with a computer is vulnerable to a man in the middle attack, regardless of the tech.

Sorry. More internet bullshit. Some dude with an Arduino and off the shelf RFID reader who thinks he's a black hat. Credit cards dont work that way, and there are a half dozen different variations of RFID. Some are easily read. By design.

I have a EE and worked on this technology and related technology in very high security installations. I'm telling you it's bullshit. But you are free to cut up your cards. It makes no difference to me if you do.

I'm not replying to stupid shit people Google to make a point about something they have no fucking clue about.

Over and Out.