[Dave Birch] I stopped at the Reading services on the M4 to get some petrol and a coffee. I went into the shop and presented my excellent Barclays MasterCard with cashback and PayPass. The Eastern European woman at the counter told me that the chip and PIN machine didn’t work, promptly took my card and ran it through a stripe reader, then presented me with a slip for signature. I duly signed and wandered off. Once I got in my car and drove off, I started to wonder about this incident. Because I’m not normal (normal people don’t care about payments), the paranoia set in… Now I naturally assume that I have been the victim of a clever card fraud scam: the fraudsters recognised my card and they know that those cards have ICVV, so the details from the chip cannot be used to create a counterfeit magnetic stripe card, so they read the stripe details directly. Even now, I imagine a copy of my card is being used in a Tiranan jewellers. Had this not been late at night, and had I been more alert, I would have gone to the ATM and drawn out cash to pay for the petrol.

Shouldn’t a modern payment system free me from these paranoid concerns?

I’m not paranoid, I’m just careful. The fraudsters are not only getting more brazen, they are also innovating. Sometimes I want to applaud them for their invention, speed-to-market and flexible business models, even though I know I shouldn’t. Only the other day I was writing about the dominance of mobile payments in the car parking business. Seems like I wasn’t the only one looking at exploiting new opportunities in this space.

Make a mock-up of a legitimate Pay by Phone notice, attach them to the back of traditional Parking Meters/Payment machines, but with your mobile phone number as the contact details, and you’ll have all the techno-savvy punters willingly texting you their credit card details, and not even know they’ve been ‘had’ until they come back to their car hours later to find they’ve incurred a parking fine for £60. You could probably harvest a 100 numbers an hour before the Parking Inspector comes around, and they’d be too excited at the prospect of generating all those Parking Fines to even notice the rogue signage. You of course discard the SIM at the end of the day and move on.

[From Beware Pay by Phone Cashless Payment at Car Parks]

OK, so this was just some speculating, but I’ll best the fraudsters have thought of it too. I’m constantly amazed (and, frankly, impressed) at the ingenuity of fraudsters. Look at these guys, for example, who came up with a brilliant idea for laundering stolen payment cards:

UK police have arrested nine people accused of using stolen credit cards to buy music they made themselves from iTunes and Amazon… The gang is accused of creating several songs before using an online US company to upload them to Amazon and iTunes for sale. Between September 2008 and January 2009 the group allegedly used around 1500 stolen or cloned British and American credit cards to buy $750,000 worth of songs. Apple and Amazon, who at the time were unaware of the plot against them, paid royalties totalling $300,000 out on the sales.

[From Finextra: Gang arrested for buying own music online with stolen cards]

Now you’ve got to admit that’s pretty neat. If they’d kept the sums down, they might have got a way with it. Thanks goodness they were greedy. But we can’t keep relying on the criminals greed to keep a lid on their activities. They are taking advantage of new technology in ways that legitimate businesses are not.

At the moment, most consumers would see a local phone number and trust that to mean that their call was really going there. Few would understand the potential of Voice over IP to route the call anywhere in the world. Fewer consumers still would understand that an IVR system that answered a phone call and asked for identity verification and card details might not be what it seems.

[From Phishing at a new level with a fake bank contact centre]

This is such a good idea I want to try for myself.

These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]

2 comments

  1. Dave, this is a perfect example of what is wrong with cards. Stripe has to be elimnated as you and I have agreed before. The bank/ service that does that will be on to something imho.

  2. I think you can get paranoid about all types of card payment methods. I always look carefully at ATM machines to make sure they haven’t been “fixed”. I also shield the numbers I type in when purchasing at a store and look around for cameras facing me. And so it goes on. Up till now – not problem.

Leave a Reply


Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this: