Possible Credit Card Skimming At Faire

[BryanPopp]

I just wanted to throw out a warning to everyone who was out at TRF closing weekend.
Someone may have been out there skimming credit card numbers from the crowd.
My card (which rarely gets used) went to Faire with me Saturday and now I have 4 transactions that I never authorized.
Totaling close to $1000.00.
I do not believe this is a vendor or TRF employee. I only used that card for 1 purchase and the vendor is a good friend.
I think the scum had a digital skimmer and just used it in crowds to find unprotected cards.
I am heading out to buy protective sleeves for all of my cards.
Watch you accounts just in case.

[Merlin the Elder]

I have one card that uses that technology and I won't carry it for that very reason. I don't have a sleeve for it yet.

[DonaCatalina]

I microwaved mine as soon as I got them. My Amex is clear plastic and you can see the chip. But its dead as a doornail. The magnetic strip still works for manual transactions.

Your problem is exactly why I treat my cards as I do.

[Yrose]

Microwave? Do tell? I know my Amex has one too, what if it's not clear and your not sure?

[KiltedPrivateer]

Thank God mine are all of the old magnetic strip variety.  Not cool.  Hope your bank's fraud department is helpful.

[Merlin]

I hate a thief.... more than most any other thing on earth.

[BryanPopp]

Thank God mine are all of the old magnetic strip variety.  Not cool.  Hope your bank's fraud department is helpful.

Yeah Wells Fargo caught it about a day before I did and froze the card. They were really helpful.
Theft sucks especially when it is an unseen event. At least if I was dumb enough I could chase a mugger or burglar.
OHHH Hell I am in Texas!!!! I could shoot a mugger or burglar.

[*Teach*]

I asked the Lovely Lady Trinn about this to make sure I had accurate information and this was what she sent back. For those who don't know, my wife works for a financial institution and knows what she is talking about in this area.

DO NOT microwave your cards. That doesn't do anything except ruin your card. I replace many here at work because of people doing that.

The information may have been collected from the company the vendor was using to transmit the card info for approval. That is the most common way. Skimming in a crowd is the least common method. I'm not even sure it's actually possible. Thieves of this nature, like any thief, take the route of least resistance. If they can collect info anonymously they will elect that method almost every time. 

What usually happens is card info is collected, card numbers are then added to some type of report and the would be thieves go thru the report using each card number trying to get a 'live' one. They will use that card number until it's blocked and move on to the next one. When this kind of thing happens to you it's assumed that it happened the very last time you used your card which may not be the case but just coincidence.

Sadly as technology advances so do the criminals. The best way to combat something like this is constant due diligence. Look at your account often and keep it reconciled. Don't let your cards leave your side and make sure to look at ATM's before you use them to make sure they haven't been tampered with. The important thing to remember here is even though things like this may happen from time to time, and they are a nuisance, you at least have legal leverage and your financial institution will help you correct the fraudulent error. If you give up cards completely and carry cash you have no recourse what so ever if that is stolen from you.

Hope this helps at least someone

*I spend my efforts protecting my rum... just in case*

[Merlin the Elder]

Skimming with the newer "proximity" cards is most definitely possible. I've seen it demonstrated, and that is why there are companies making the sleeves that Bryan mentioned, and there are now some wallets being manufactured that provide the protection. The chips work similarly to the ones they use to stop shoplifting. Contact is no longer required.

As Teach said, however, due diligence is required. I monitor my cards, my bank accounts, and my credit reports frequently...no less than weekly, and some accounts daily.  I have gotten calls from my credit card fraud units when they've noticed something unusual. These days, they say they hold their card carriers harmless for fraud, but there is some small print.

*I spend time protecting my Jack Daniel's...just by swallowing it...just in case* 

[Glaodian]

Smart Cards: 

    The user must corroborate his identity to the card each time a transaction is made, in much the same way that a PIN is used with an ATM.
    The card and the card reader execute a sequence of encrypted sign/countersign-like exchanges to verify that each is dealing with a legitimate counterpart.
    Once this has been established, the transaction itself is carried out in encrypted form to prevent anyone, including the cardholder or the merchant whose card reader is involved, from "eavesdropping" on the exchange and later impersonating either party to defraud the system.

Credit card cloning, or "skimming" as it is sometimes called, is a new technique whereby someone obtains your credit card details, copies them onto a bogus card and begins using the credit card. While credit card theft itself is not new, the manner in which the information is stolen is.

The first step is to recruit an individual willing to participate in the scheme. Bartenders, wait staff or shop assistants are often prime targets because of the sheer volume of credit cards they handle.

Recruits are given a pocketsize device with a scanning slot, something that resembles a pager and can be worn on a belt. They are instructed to swipe customers' credit cards through the device. Because the process takes only a few seconds it can be done easily and inconspicuously without the customer or another employee noticing.

Swiping the credit card through the device copies the information held on the magnetic strip into memory. That information can subsequently be copied to a counterfeit card, complete with security holograms.

Alternatively, the information can be used to overwrite a stolen credit card which has become too hot to handle.

Do not underestimate the size of this problem. In the U.K. alone an astonishing $200m was spent with cloned credit cards in 2000. That's over $500,000 every single day!

So how do you protect yourself?

One solution lies in smart chip credit cards. Smart chips are microchips embedded in some credit cards that encrypt the information contained in the magnetic strip. The microchip cannot be changed or deleted. If a skimmer tries to scan your card through the device, they will obtain only encrypted information and thus be unable to clone your credit card. If someone steals your smart card and disables the chip, the new swipe terminals will alert staff to ask for an ID or decline the transaction.



With that said, the data that they may obtain would virtually be useless.  The sleeves they sale to protect these cards are about as useful as the cell phone stickers they used to sell that boosted reception.  Same idea with the covers for license plates to block some forms of speed traps. 

But look at the good side.  Your smart cards do not have a power source.  They work like security badges that you wave in front of scanners.  The scanners transmits a radio signal that powers the chip so that it can be read.  So if someone was walking around with a scanner, the radio wave being transmitted would have to be so powerful that they are more than likely sterilizing themselves.   

So it is a win-win situation.  haha

[BryanPopp]

WOW I didn't know a simple "heads up" posting would illicit such great advise and information
Thanks everyone for sharing.

[C Dragonworks]

I was told all you have to do to stop them skimming them is place a layer of aluminum foil(any metal) around the sleeve in your wallet or stack your cards to make the signals garbled....  I have had no problem with my cards until Visa got hacked...they had to fix it and it was my debit/credit card they got.... Otherwise I use the stacked mess method of card carry!!!

[KiltedPrivateer]

The greatest thing I saw during my trip to Montreal, QC was portable CC machines.  Everywhere I went, especially restaurants, a portable CC scanner is brought to you.  Your CC never leaves your sight.  You hand the CC to the merchant who scans the card through the reader then hands it back to you.  They then enter the total and then hand you the reader so that you can accept the total, and in the case of a restaurant you can enter a tip.  You press OK and the machine prints out your receipt.

I have no idea why these are not used here in the States, but they should be.

[Merlin the Elder]

I would have to know more about those... I would worry that the transmitter signal could be snagged like they can with wireless computer connections. I'm paranoid about that. I guess I've been in IT too long. I don't trust computers.

[dbaldock]

I would have to know more about those... I would worry that the transmitter signal could be snagged like they can with wireless computer connections. I'm paranoid about that. I guess I've been in IT too long. I don't trust computers.

I was thinking the same thing.  If they're Wi-Fi connected "Terminals/PC's", then are they using the latest, strongest encryption to set up a secure communication link to the server?

Even though you're more than a thousand years older than me, I've been working on electronics for a long time (since the 1980's), and I still choose to have my bills mailed to me rather than to only trust electronic billing and emails to let me know when to pay.    


Take Care,
David Baldock