Contactless bank cards
lists at internetpolicyagency.com
Tue Nov 16 09:28:28 GMT 2010
In article <4CE24388.9060803 at callnetuk.com>, Peter Mitchell
<otcbn at callnetuk.com> writes
>>Any attack which relies on a
>> corrupt merchant actually processing the transactions leaves that
>> point of connection, so unless the skimmers content themselves with a
>> handful of transactions (which, at £10 each, seems a rather small
>Not to my son, who is paid minimum wage.
It's small to the criminal, not the victim. (I assume you don't mean
that your son would be happy to defraud people £10 at a time!)
>> And as the fraud requires
>> the active connivance of the merchant, it's going to be hard for them
>> to get out of criminal liability.
>It needn't be the actual merchant doing it. It could be a dishonest
It's not clear to me how a merchant or till operator can "execute an
unauthorised transaction". Won't the terminal simply refuse to process,
if it's one of those random transactions where the punter needs a PIN?
And I'm unsure whether it's technically possible to "skim" a paywave
card and use that information to create a clone that can be used to buy
>You pocket cash out of the till, and make up the shortfall with phoney
>card transactions. All the merchant knows is that he has sold 1000
>doughnuts today and taken a total of £3,500 in cash and bank debits; he
>can't check how each doughnut was paid for.
His EPOS system should tell him that.
>>> In fact, thinking about it, I predict the next step: banks will
>>> soon stop listing card transactions under £10 in value on the bank
>>> statement. Rather like phone companies don't itemise cheap calls.
>> Phone companies do itemise cheap calls.
>Mine (BT) doesn't list calls under 40p.
Maybe you need a different sort of bill - my BT bill starts at 0p (for
some geographic calls) then 12p (for some short 0845 calls <ouch>) and
so on, upwards.
More information about the ukcrypto