Well, Older Pump station installation (and maybe new ones) use RS-232/442 to communicate in clear text with their controller into the building. Easy to tap to skim Track 1/Track2 of the CHD which is good to dups cards. Now to get the physical CVV you need a physical skimmer installed on top the pump which is where your Bluetooth come in action. With those you can dups and make "Card No Present" transaction (aka Internet). It is a risk/reward thing. PS: Lazyness is pretty much the greatest threat. EU/CAN/etc are all CHIP while some other economy still refuse to spend that extra $1 per card :( ----- Alain Hebert ahebert@pubnix.net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.net Fax: 514-990-9443 On 11/08/18 22:50, Chris Adams wrote:
Once upon a time, Scott Christopher <sc@ottie.org> said:
Swipe-and-sign (and now just swipe for small amounts) is for Visa, Mastercard, Discover transactions (called credit) Signatures are no longer required for chip card transactions in the US, except I think for transactions where the auth is done on the amount before an added tip (restaurants).
Skimming and card fraud is actually uncommon in the U.S. these days, and the police are very effective at combating it. It's just cheaper for the industry to eat fraud losses than to "upgrade" systems. The transition to chip-based cards was a debacle. Skimming is still highly active at gas pumps, where chip support was pushed off (current requirement I believe is late 2020, but may be delayed again).
The skimmers get more creative all the time; they're getting inside pumps (possibly with help of low-paid station attendants, but also because of poor physical security) and installing the skimmer hardware out of sight. The hardware has Bluetooth, so the bad guys just pull up and get gas and someone in the car can retrieve the data (from multiple pumps even).