• Tired of adverts on RWI? - Subscribe by clicking HERE and PMing Trailboss for instructions and they will magically go away!

Credit Card Safety

docdar

Do not accept unsolicited offers
22/3/12
10
0
0
I just wanted to pass on a "situation" that came up yesterday regarding credit card security and "trusted dealers".


I have used a debit card with around $500 on it to buy watches from Puretime. These are the only transactions ever made with this card and was on 2 separate occasions, one of which was a pre-order a JC master compressor.
I received a call yesterday from a large online retailer questioning a transaction (I had not made) with my billing address, but shipping to Texas. Whoever used the card had my address, card number and security code from the card.

I'm just sayin...
 

mike 8

Legendary Member
13/8/11
10,742
15
38
Did you e-mail Angus ?
He should be told.
You are not responsible for those online purchases.
 

trailboss99

Head Honcho - Cat Herder
Staff member
Administrator
Certified
30/3/08
43,757
18,574
113
Tell Angus immediately mate, that is not good.
 

sumiter7

I'm Pretty Popular
17/8/12
1,171
8
38
Did you e-mail Angus ?
He should be told.
You are not responsible for those online purchases.

The protection you get probably is different for a debit card from a credit card. You get way more protection against unauthorized uses for a credit card. So whenever you have to use a credit card, make sure you use a credit, not debit.

Further, if you have Discover, you can go online and get a one time number that you can use to authorize one single transaction.
I don't own a Discover, but for this sake, I may end up getting one.

From my experience, I had both my debit and credit cards used for unauthorized transactions. I was able to get my money back for the credit card without a problem, but I was unable to get my money back for debit.
 

Bomba

I'm Pretty Popular
20/4/08
1,322
0
36
You sure it was Puretime? Do you use the card elsewhere?

I had the same thing happen to me after using the card at a gas station. Handheld scanners are quick and easy to use these days.
 

Bomba

I'm Pretty Popular
20/4/08
1,322
0
36
By the way, my card number got stolen at a gas station in SOUTH FLORIDA....

The card didn't read at the pump and I walked inside and charged it there. Attendant was in on the scam and must have swiped it behind the counter.

European credit cards have chips in them with pin numbers required for use in these instances.
 

sumiter7

I'm Pretty Popular
17/8/12
1,171
8
38
You sure it was Puretime? Do you use the card elsewhere?

I had the same thing happen to me after using the card at a gas station. Handheld scanners are quick and easy to use these days.

By the way, my card number got stolen at a gas station in SOUTH FLORIDA....

The card didn't read at the pump and I walked inside and charged it there. Attendant was in on the scam and must have swiped it behind the counter.

European credit cards have chips in them with pin numbers required for use in these instances.

I didn't think the credit card scanner could retrieve the billing address, does it?
 

Bomba

I'm Pretty Popular
20/4/08
1,322
0
36
From what I understand, everything is on that magnetic strip.
 

trailboss99

Head Honcho - Cat Herder
Staff member
Administrator
Certified
30/3/08
43,757
18,574
113
No, that sort of info is not on the strip. Below is what is on the strip:

Track 1

- Format code (defined by the card brand)
- Primary Account Number (PAN) - aka credit card number
- First six character of the cardholder's last name
- Cardholder name suffix (i.e., JR, SR, II, etc.)
- First four characters of the cardholder's first name
- Cardholder's middle initial
- Cardholder title (i.e., MR, DR, etc.)
- Expiration date (two digit month and two digit year)
- Service code (this is set by the card brand to indicate the type of card such as Platinum, Gold, etc.)
- CVV/CVC/CID
- Proprietary data used by card issuer

Track 2

- PAN
- Expiration date
- Service code
- PIN verification data (encrypted)
- CVV/CVC/CID
- Other discretionary data as defined by the card brand

Note: Discretionary Data fields are defined by the card issuer. Issuer-defined fields containing data that are not considered by the issuer to be sensitive authentication data may be included within the discretionary data portion of the track.

Your full name and address are considered sensitive authentication data (AFIK) so are not on your card. Neither is your PIN, it is impossible to work out the PIN from info stored on the card.

Also note: There are in fact three tracks on most cards, the last one is rarely used in banking/finance.


European credit cards have chips in them with pin numbers required for use in these instances.
You Americans are not using smart card CCs yet?



Mind you, if you live in a US state that has a mag strip on you driver's licence there is MUCH more info about you stored on there and you should not permit it to be swiped by anyone but a cop or the DMV.

Info stored on a driver's licence strip:

The following data is stored on track 1:
Start Sentinel - one character (generally '%')
State or Province - two characters
City - variable length (seems to max out at 13 characters)
Field Separator - one character (generally '^') (absent if city reaches max length)
Last Name - variable length
Field Separator - one character (generally '$')
First Name - variable length
Field Separator - one character (generally '$')
Middle Name - variable length
Field Separator - one character (generally '^')
Home Address (house number and street) - variable length
Field Separator - one character (generally '^')
Unknown - variable length
End Sentinel - one character (generally '?')
The following data is stored on track 2:
ISO Issuer Identifier Number (IIN) - 6 digits
Drivers License / Identification Number - 13 digits
Field Separator — generally '='
Expiration Date (YYMM) - 4 digits
Birth date (YYYYMMDD) - 8 digits
DL/ID# overflow- 5 digits (If no information is used then a field separator is used in this field.)
End Sentinel - one character ('?')
The following data is stored on track 3:
Template V#
Security V#
Postal Code
Class
Restrictions
Endorsements
Sex
Height
Weight
Hair Color
Eye Color
ID#
Reserved Space
Error Correction
Security
 

trailboss99

Head Honcho - Cat Herder
Staff member
Administrator
Certified
30/3/08
43,757
18,574
113
Good grief, as of April smart cards and PINs will become mandatory here, no more signing unless it's a case of card reader down and a manual imprinter is used and the strip will become backup only.

As it is it's been a long time since I've seen a CC without a chip and a lot of them are RFID now, all you do is tap it against the reader. Payments under $50 don't require a PIN or signature, the bank just wears them if your card is stolen.
So if it's a few groceries on the way home or a meal at maccas it's just tap and go.
 

Rainsick33

I'm Pretty Popular
23/3/08
1,160
4
38
I never had a problem with unauthorized, regardless if credit or debit, debit being TD, Wamu, Greenpoint and now Chase. I use my debit very careless too knowing its well protected. I recently had a experian charge on my debit without my knowledge, called chase and poof its done, got my money back in 2 hours..
 

TESLA760

Time is Money $$
Certified
7/2/11
24,695
21,179
113
Socal Wine Country
I only use Paypal , and their CC for all my Internet transactions. If they don't accept PP, sorry. No sale. Makes life easier
 

trailboss99

Head Honcho - Cat Herder
Staff member
Administrator
Certified
30/3/08
43,757
18,574
113
I only use Paypal , and their CC for all my Internet transactions. If they don't accept PP, sorry. No sale. Makes life easier
No PP CC here.
 

boostin20

Respected Member
8/9/10
4,038
117
0
USA
That discover thing's a good idea. I might do ewallet before I get another credit card, though.
 

sumiter7

I'm Pretty Popular
17/8/12
1,171
8
38
I also don't use CC as a payment when buying reps; not that I don't trust the TD's, but I use PP because I don't know how the encryption on the site is.
It would be a nice idea if we started using the chips in our CC's; but I remember faintly about hearing that the cost to replace all the systems and handsets are too costly for that to happen, since the country is huge.
Another good thing about the Discover's program: you can buy many of items that are limited to 1 CC per item. :)
 

Bomba

I'm Pretty Popular
20/4/08
1,322
0
36
No, that sort of info is not on the strip.

Interesting.

Just a point to consider. 95% of the fuel stations in Florida require that you enter your billing zip code after swiping the card. So either this information (zip code) is stored on the card, or the pump stores it for verification later.

It's instant as well, so there is no communication to data center. You enter the zip code and it's approved. If you enter it incorrectly it is not approved, instantly again.

So, naturally people like me assume it's stored on the strip.

I have overseas credit and debit cards as well, and I'm a big fan of the chip and pin number system, FWIW.