• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Reply to: Fraud attempt

Collapse

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

  • You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
  • You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
  • If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Previously on "Fraud attempt"

Collapse

  • threaded
    replied
    Originally posted by minestrone View Post
    Why not?

    I have been answering questions for the last 80 posts so it's my time to question.

    Tell me the mechanisms fraudsters use and how they cannot be protected by ID cards?
    OK I'll bite. They put devices inside the front of ATMs that read your card. i.e. not extras bolted on the ATM, that's old school, they remove part of the ATM, where they find a nice gap, and install their devices. They don't need much space, these things are small. These devices then video/audio and/or an overlay keypad for your key presses. They get their data back via a blue tooth connection, and get their power from a long life battery or by connecting up to the device to check no one has pulled the entry slot off the front of the ATM to install a cloning device FFS!

    It is miniature, designed for purpose, seriously expensive kit, but like I say, these guys buy in bulk.

    Not only can they clone swipe cards they can copy Chip n Pin too.

    Really good money to be made, so it is very profitable for them.

    Not much of an extension to do the same for finger print readers or iris scanners.

    Remember these chummies are far better resourced than the bank security departments set against them, so anti fraud attempts are nothing but rather trivial passing annoyances: only providing a little passing amusement for chummy-techie doing the workaround, who generally has already considered it as a next step and has the solution waiting .

    HTH

    Leave a comment:


  • minestrone
    replied
    Originally posted by Peoplesoft bloke View Post
    I have also already said that I support the beefing up of passport, birth certificate and driving licence application procedures.

    The government ID scheme offers me nothing but expense, inconveinence and an increased risk of data loss.
    I have had a few beers now and I would like to discuss the points in the whole post you posted tomorrow on clientCo time

    I have always proposed a fingerprint database linked in with the passport system, feck it's about 10 extra columns on an existing database and then we make passport numbers linked with hand prints compulsory to access basic government and banking services. Passports are not compulsory as such.

    You claim to be a Peoplesoft bloke, that is not much more than what you ask of your users.

    I have never claimed the ID system introduction as presented was a good idea, I do claim that an ID system is totally necessary.

    Leave a comment:


  • The Wikir Man
    replied
    Originally posted by minestrone View Post
    The typical MO of the frauster is to change address, the ID card has to have your latest address.
    Maybe I'm missing something in your argument.

    Fraudster uses my stolen / cloned / borrowed credit card (or just the details written down) in a CNP transaction. They aren't interested in stealing myID, just getting some money or goods to sell on. They order something over the phone or fax or internet, and the transaction goes through. (A few years back, I had someone charge a Canadian Pay TV subscription to my credit card, despite my not visiting Canada since 1986).

    I also have an ID card which has my address, fingerprints and DNA stored on it (I don't care what information is on there - so assume that the ID card holds all information about me from birth to the current time, excluding my current location).

    How does me having an ID card stop the fraudster?

    Leave a comment:


  • Peoplesoft bloke
    replied
    Originally posted by minestrone View Post
    What will then?

    I will turn the question to you, I signed the OSA so I'm not going to go into details but a fraud squad detective would have to run time at 100 times slower just to read the cases now. 1000 times to even follow them up.

    The crime is completely unmanageable and it is a crime where there are thousands ans thousands of innocent victims. There is no way to stop it with current technology.

    So what is your answer? Just let it go on as you so clearly offer as the answer?
    You are missing the point. You have popped up here claiming the government ID cards scheme will prevent credit card fraud. I contend that not only will it not do that, it will divert scarce Police resources away from the real crimes and issues and into chasing up people like me who will do their best to obfuscate the system.

    There are many things banks and credit card companies could do if thy were serious about stopping it - Barclays were trialling a card with "rolling" number, so knowing the card number and expiry date won't help a thief - I don't know the outcome, but that's one example, there are others. The simple reason banks aren't more secure is that they don't want to spend the money - they'd rather refund the victims than address the issues.

    I have also already said that I support the beefing up of passport, birth certificate and driving licence application procedures.

    The government ID scheme offers me nothing but expense, inconveinence and an increased risk of data loss.

    As for the address question - how many million addresses will be in the database? Every one of us will be responsible for letting the civil servants know when we move. The only similar operations are the DVLA and HMRC, neither of which have covered themselves in glory with regard to speed or accuracy, and there are millions of vehicles on the roads not registered to anyone - there is a theoretical fine for not telling the DVLA when we move - but is anyone ever prosecuted? And yet, miraculously, all this data will be reliable and up to date under the new system? Not a hope.

    Leave a comment:


  • minestrone
    replied
    Originally posted by The Wikir Man View Post
    If a fraudster is using a card over the phone - at what point are they going to be asked to enter their ID card so that the address can be checked?
    The typical MO of the frauster is to change address, the ID card has to have your latest address.

    Leave a comment:


  • The Wikir Man
    replied
    Originally posted by minestrone View Post
    So you have stated a problem I have stated how the ID system deals with that.
    Ummm - no, actually, you haven't. You've said that the ID card would hold my address. How is that going to stop a fraudster using the card in a card holder not present transaction?

    If a fraudster is using a card over the phone - at what point are they going to be asked to enter their ID card so that the address can be checked?

    There is no answer - if the card holder is not present, then having a system which requires an additional card makes no difference, regardless of what information is held on the card.

    The card could have every possible detail about me, my lifestyle, my shopping, everything - but it is not going to stop fraud where the card holder does not have to physically present the card.

    Leave a comment:


  • minestrone
    replied
    So you have stated a problem I have stated how the ID system deals with that.

    ...

    next?

    Leave a comment:


  • minestrone
    replied
    Now, you are aware that the ID system holds your current address?

    Leave a comment:


  • The Wikir Man
    replied
    Originally posted by minestrone View Post
    Are you a tester?
    No. Do you know anything about using a credit card online or over the phone?

    Originally posted by minestrone View Post
    "computer says no"

    What the flip are you dribbling about man "Cardholder not present"?
    Try looking it up in Wikipedia, man.

    Or, if you can't manage that:

    A customer not present transaction, in the context of credit and debit cards, refers to a transaction conducted at a distance, for example over the telephone or internet. The customer's card number is keyed manually into the sales terminal, and no verification by signature or by PIN is possible.
    Computer says "yes" quite often - there is no way to verify the PIN, there is no way to verify the signature. The only verification is that the card is valid - which just means that the number and expiry dates are good.

    Leave a comment:


  • minestrone
    replied
    Originally posted by The Wikir Man View Post
    Cardholder not present - give them the card number and they put it through. How is having an ID card going to stop that?
    Are you a tester?

    "computer says no"

    What the feck are you dribbling about man "Cardholder not present"?

    Leave a comment:


  • The Wikir Man
    replied
    Originally posted by minestrone View Post
    Why not?

    I have been answering questions for the last 80 posts so it's my time to question.

    Tell me the mechanisms fraudsters use and how they cannot be protected by ID cards?
    Cardholder not present - give them the card number and they put it through. How is having an ID card going to stop that?

    <pedant>
    This is post 79 in this thread, so to be answering 80 posts would require a thread significantly longer than this one
    </pedant>

    Leave a comment:


  • minestrone
    replied
    Originally posted by The Wikir Man View Post
    Whether there is anything else that will stop that kind of fraud is a moot point - an ID card won't stop the majority of credit / debit card fraud.
    Why not?

    I have been answering questions for the last 80 posts so it's my time to question.

    Tell me the mechanisms fraudsters use and how they cannot be protected by ID cards?

    Leave a comment:


  • The Wikir Man
    replied
    Originally posted by minestrone View Post
    What will then?
    Whether there is anything else that will stop that kind of fraud is a moot point - an ID card won't stop the majority of credit / debit card fraud.

    Leave a comment:


  • minestrone
    replied
    Originally posted by Peoplesoft bloke View Post
    That's not what I meant (as I'm sure you realise). Once the government establishes their ID card scheme as a single de-facto standard for ID that will be my entire identity for the purposes of a normal (law abiding) life in this country.

    I don't trust them to manage my identity; to keep it safe, and I object the reversal of my relationship with the state - where I become their property. It is morally wrong, but it will fail for practical reasons.

    It will not stop credit card fraud - the majority of that is cardholder not present fraud which it offers precisely zero protection against.

    How many homeless people, illegal immigrants, travellers, old people, mentally ill people and so on do you think will get an ID card - unless it is compulsory for all and probably compulsory to carry it, its use as an every day proof will be limited; but the size of the enforcement operation needed to force every single person in the country to have one will be massive and extremely costly. Apparently the Police can't cope with the volume of credit card fraud - how the hell are they going to enforce compulsory ID cards?
    What will then?

    I will turn the question to you, I signed the OSA so I'm not going to go into details but a fraud squad detective would have to run time at 100 times slower just to read the cases now. 1000 times to even follow them up.

    The crime is completely unmanageable and it is a crime where there are thousands ans thousands of innocent victims. There is no way to stop it with current technology.

    So what is your answer? Just let it go on as you so clearly offer as the answer?

    Leave a comment:


  • The Wikir Man
    replied
    I'm in favour of a compulsory ID card.

    Just not one that has any kind of link to a big database - I want the lowest technology possible. Bit of cardboard and a black and white photo stuck to it.

    If the cards look like they can be easily forged, then people will be wary of accepting them as conclusive proof of ID. It might help, but it won't be conclusive by any means. If the cards look like they are super-dooper high-tech, and the PR companies are telling us that they are hack-proof, forge-proof and all-round wonderful, then people will accept the card and only the card. Which when the data is incorrect, leaves you with a massive uphill struggle to prove that you are who you are rather than who the database says you are.

    And for that reason, I'm out.

    Leave a comment:

Working...
X