cancel
Showing results for 
Search instead for 
Did you mean: 

CC safety

monkey44
Nomad II
Nomad II
Just received a new VISA card equipped with the 'touch reader' technology. Says we only wave the card over the reader for payment.

That seems a bit dangerous to me - if the reader can read the wave, why not a stranger standing behind us in a store, or anywhere, with a scanner in hand.

We don't sign anything, we don't show the safety number on the back, nothing but a wave and a charge.

Now I also see 'card wallets' that have a wave protector screen. So, now we get a 'wave card' and need an 'anti-wave wallet' to protect it. One more thing to buy and carry around. Pretty soon we'd need a cargo trailer just for identification and credit cards and check cards, etc.

Anyone have a comment on the safety of 'wave cards'... seems pretty easy to scan the signal.
Monkey44
Cape Cod Ma & Central Fla
Chevy 2500HD 4x4 DC-SB
2008 Lance 845
Back-country camping fanatic
24 REPLIES 24

magicbus
Explorer
Explorer
1492 wrote:
magicbus wrote:

“Apple Pay is accepted at over 85 percent of retailers in the U.S., so you can likely use it wherever and however you want.

Except Walmart, Home Depot, Lowes, etc.
Well I’m not going to argue you about it because my nearest Walmart, Home Depot or Lowes is 2 hours away. All I know is our local supermarket, ice cream shop, thrift shop, a wildlife refuge and gas station don’t display an Apple Pay icon but do accept contactless credit card transactions, and they accept my Visa on my iPhone. So there you go.

Dave
Current: 2018 Winnebago Era A
Previous: Selene 49 Trawler
Previous: Country Coach Allure 36

1492
Moderator
Moderator
magicbus wrote:

“Apple Pay is accepted at over 85 percent of retailers in the U.S., so you can likely use it wherever and however you want.

Except Walmart, Home Depot, Lowes, etc.

magicbus
Explorer
Explorer
Per the Apple Pay website (Link) it is accepted anywhere that takes contactless credit cards.

“Apple Pay is accepted at over 85 percent of retailers in the U.S., so you can likely use it wherever and however you want. If you’re not sure, just ask. Apple Pay works anywhere that takes contactless payments — from vending machines and grocery stores to taxis and subway stations.”

On edit: I only recently learned that the Apple Pay network is not required. When I added my BofA card to my wallet, BofA texted me a code then sent an email saying my CC was added to my iPhone wallet and could be used at any contactless station. I guess they added their transaction routing info to my phone in order to skip the need for the Apple Pay network.

Dave
Current: 2018 Winnebago Era A
Previous: Selene 49 Trawler
Previous: Country Coach Allure 36

1492
Moderator
Moderator
magicbus wrote:
Or as others have pointed out, put your card in your phone wallet and leave the card home. At least with an iPhone you tap your phone and approve the transaction using your fingerprint on your phone. Can’t get much safer - especially with something for which you have no liability, all you are trying to do is avoid the hassle of a stolen card.

Dave

More merchants need to get onboard, as many notably large businesses still are not setup to accept Apple Pay.

magicbus
Explorer
Explorer
Or as others have pointed out, put your card in your phone wallet and leave the card home. At least with an iPhone you tap your phone and approve the transaction using your fingerprint on your phone. Can’t get much safer - especially with something for which you have no liability, all you are trying to do is avoid the hassle of a stolen card.

Dave
Current: 2018 Winnebago Era A
Previous: Selene 49 Trawler
Previous: Country Coach Allure 36

1492
Moderator
Moderator
Gdetrailer wrote:
1492 wrote:
As mentioned, contact-less credit card transactions are about as safe as using the card's chip insertion method. They both use the same encrypted transaction technology generating a one-time token. Most of the RFID fraud concerns from contact-less credit cards have been debunked as myths.

Personally, I will always use touch credit transaction first, and only use the chip insertion method if not available.


Nope.

Not any safer than using the mag stripe..

Skimmers have gotten significantly better over the last few yrs..




I have no idea what you are referring? I'm talking about touch credit card readers. RFID enable CC uses the same technology as chip. So not following your skimmer example? If that were the case, than using chip based insertion would be just as vulnerable. BTW, the model in your photo example does not have built in RFID contact-less reader in the first place, so not understanding the point.

In any case, show a example of RFID touch credit card used in a successful fraudulent transaction? One that doesn't involve a merchant.

BTW, I never swipe my card, even if the chip does not work the mentioned three times. This is a an issue I've experienced with TDBank credit cards as they use a thinner plastic. No issue using contact-less RFID method, but TDBank cards sometime fail to read using chip insertion method at stores like Home Depot or Harris Teeter. I just end up using a different card.

ktmrfs
Explorer II
Explorer II
What can be encrypted, can be decrypted if one wants to go to the effort and the effort has a big enough payoff.

While this is a true statement, what is missing is that with the system used today it would takes months or years or even decades or longer on a high speed computer to decrypt the token. By then it is of no value since it has already been used once.

Now skimming the magnetic strip, that's much easier, but more and more cards have no magnetic strip.
2011 Keystone Outback 295RE
2004 14' bikehauler with full living quarters
2015.5 Denali 4x4 CC/SB Duramax/Allison
2004.5 Silverado 4x4 CC/SB Duramax/Allison passed on to our Son!

Gdetrailer
Explorer III
Explorer III
1492 wrote:
As mentioned, contact-less credit card transactions are about as safe as using the card's chip insertion method. They both use the same encrypted transaction technology generating a one-time token. Most of the RFID fraud concerns from contact-less credit cards have been debunked as myths.

Personally, I will always use touch credit transaction first, and only use the chip insertion method if not available.


Nope.

Not any safer than using the mag stripe..

Skimmers have gotten significantly better over the last few yrs..

Here is a couple of recent examples found at Sam's clubs self checkouts in my county and a few other counties near me..





Those skimmers were slid down over a rather popular card reader brand which does have chip reader plus mag stripe and from what has been said was completely undetectable.

The skimmers transmit the data via BT to the perps..

Considering very few CC and ATM bank cards now days are issued with no chip (mag stripe only) and many older non chipped cards most likely have expired and no longer valid I highly doubt the perps would get enough CC data from mag stripe transactions to make this effort worth it.

Chip first is required by the terminal, only if the chip reader fails to work three times in a row will the mag stripe reader be enabled.. Granted, they could have been skimming the very few debit cards which may not have chips but even that to me seems to be very low hanging fruit for the effort these folks went through.

The perps that installed the readers in the pix above were caught, they came from Romania via Canada into the States, rented a vehicle and eventually drove to my state.. That was a lot of cost and effort on only the hopes of capturing only mag stripe transactions.. Which leads me to believe that even the chip safety is a fallacy..

What can be encrypted, can be decrypted if one wants to go to the effort and the effort has a big enough payoff..

pbeverly
Nomad
Nomad
Cptnvideo wrote:
My phone alerts me to EVERY transaction. One time after using the card the night before at a gas station, my phone alerted me to a $2200 transaction to an online furniture store. I immediately alerted Capitol 1. Needless to say, the a$$hole that stole my CC number got caught.


If a gas pump has the old style black card reader that sticks out you need to grab it and make sure it is tight and won't come off. If it isn't tight it probably is a skimmer grabbing your data. Had this happen to me in SC and was buying groceries that day in Canada after I got skimmed.
Ridgeway, SC
2019 26DBH Grey Wolf

Cptnvideo
Nomad
Nomad
My phone alerts me to EVERY transaction. One time after using the card the night before at a gas station, my phone alerted me to a $2200 transaction to an online furniture store. I immediately alerted Capitol 1. Needless to say, the a$$hole that stole my CC number got caught.
Bill & Linda, 2019 Ram Laramie 3500 dually 4x4 diesel, Hensley BD5 hitch, 2022 Grand Design Solitude 378MBS, 1600 watts solar, Victron 150/100 MPPT controller, GoPower 3kw inverter/charger, 5 SOK 206AH LFP batteries for 1030 ah

1492
Moderator
Moderator
As mentioned, contact-less credit card transactions are about as safe as using the card's chip insertion method. They both use the same encrypted transaction technology generating a one-time token. Most of the RFID fraud concerns from contact-less credit cards have been debunked as myths.

Personally, I will always use touch credit transaction first, and only use the chip insertion method if not available.

ktmrfs
Explorer II
Explorer II
I'll keep going on my merry way using a CC for virtually any transaction, keep getting free airfare with the points, pay it off every month, get my 5% back on gas purchases. In close to 50 years using credit cards ONCE I got a call from the CC company with a potential fraud, which they caught.
I download financial transactions to my accounting SW every day so I'd catch any "bad" transactions anyway.

The contactless CC transaction is actually likely more "theft proof" than the insert into the machine and WAY safer than manual CC transactions.

And I make it a policy to use paypal for online transactions to avoid entering a CC number.

There are those that want to make a quick buck by convincing consumers that your CC, your car key fob, your phone is wide open to everyone and your going to end up in the poor house. They spread false and misleading information to get your $$$$.
2011 Keystone Outback 295RE
2004 14' bikehauler with full living quarters
2015.5 Denali 4x4 CC/SB Duramax/Allison
2004.5 Silverado 4x4 CC/SB Duramax/Allison passed on to our Son!

BurbMan
Explorer II
Explorer II
pbeverly wrote:
Very safe. Your actual credit card number is not used in the transaction, it generates a one time unique one each time it is used. SO very safe.


Correct, it's called a token. The signal emitted by the contactless chip in the card is readable and can be intercepted with a nearby scanner, but the card is not transmitting your real credit card number, it sends another number called a token that gets translated into your card number when it's received by the bank. So any info crooks steal using this method is worthless. Like intercepting an encrypted transmission, by the time the crooks decode it the token is no longer valid.

pbeverly
Nomad
Nomad
Very safe. Your actual credit card number is not used in the transaction, it generates a one time unique one each time it is used. SO very safe.

I prefer to use Samsung Pay as it does the same thing and I do not have to whip out my credit card at all. I also have it setup for my debit card, again don't have to whip out physical card.

My credit card company allows me to setup virtual cards. I have 5 different ones set up. These are for online/phone use. One just for Amazon. One for hotel/camping reservations. The intent is if say my credit card info gets stolen from Amazon I shut down that virtual card, create a new one and don't have to update credit card information everywhere, just Amazon. My REAL credit card number is still good.
Ridgeway, SC
2019 26DBH Grey Wolf