Have you heard of “credit card shaving?” In this version of credit card fraud, thieves try out 16-digit number sequences until hitting one that works. Then they take gift cards from stores and shave off the digits and glue them onto a credit card. They scratch the magnetic strip so the clerk has to enter the credit card number by hand. It’s apparently all the rage in Portland There’s no defense against it except to monitor your statement for suspicious charges.
Credit card scam requires no credit card [The Oregonian] (Thanks to Ellis!)
(Photo: Getty)
More From Consumerist
-
Cops: Man Used Guests’ Credit Cards In Order To Live The High Life At Luxury Hotels
-
How To Figure Out If A Charity Might Be A Scam
-
FBI Nabs Woman Who Claimed To Be Aunt Of Newtown Victim In Order To Collect Funeral Donations
-
How Complaints At A Restaurant In Seattle Led To Arrest Of Alleged Credit Card Hacker In Romania
-
Barnes & Noble Warns Of Credit Card Breach At 63 Stores
@IphtashuFitz: Not to mention that a lot of companies’ idea of “hiding” the number is to show only the last 4 digits (i.e. “Your Visa card ending in 1234″). In other words, to display the four digits that would ordinarily be the most difficult to crack. Granted, showing the first 4 wouldn’t be particularly useful but showing the last 4 is downright irresponsible.
Great. Everything old is new again.
@AlteredBeast: Yeah, why wouldn’t you just put the random numbers in on an internet shopping site?
@oakie: Once I caught one and the feds sent me $50 and a nice letter about how pimply kids like me were and important part of the defense against fraud.
Okay, okay, I wasn’t pimply in high school. Just had bad hair.
I vote for the PIN number idea.
When you close a credit card or store charge card account, the magic words are to insist on a “hard close”. This is the industry jargon to really shut the acct completely — otherwise they just leave it “passive” in case they can persuade you to reactivate it.
I’m kinda surprised that this hasn’t been mentioned on a site like this already…
This is either an urban legend or an early April Fools gag.
I just got back from a trip to Melbourne. EVERY SINGLE PERSON to whom I handed my credit card, from ritzy hotel clerk right on down to the dude working at the 7-11 (yes, they’re everywhere there) asked for a photo ID when I used my card. Also, every single one of them held on to my card until after I had signed the receipt, so they could compare the two signatures. I was there 10 days and was using my corporate or personal card at least six times a day. No one let me slide by. If they can be serious there about asking for ID, why can’t we?
I’m sorry but this just doesn’t seem feasible. I work as a cashier at a grocery store, and while we can manually enter card numbers, you also need the correct expiration date. And if they’re handing me something that didn’t scan through automatically you’re gonna be damn sure I’m going to check BOTH sides of the card.
@IphtashuFitz: If the first 12 digits really do identify the bank then that means each bank can only issue 10,000 credit cards. I don’t think so.
this is known as bin probing & it’s a growing problem in the cc industry. basically, certain merchant codes are allowed to pass thru a charge w/o an approval under what’s known as the “floor limit”. if the number hits an active bin (bank id number), then it can slip thru.
here’s the thing: the number doesn’t even need to correspond to an actual card for it to be processed. nice, huh?
banks have certain chargeback rights in these circumstances, but many times the amount of the charge (& the fact that the charges almost always originate from foreign countries) dictates that nothing is done with it. either way, the bank either eats the cost of the transaction or the cost of processing the chargeback.
& as the article states – really the only way to catch this is to review your statements.
@johnarlington:
A complete and total change on the part of the American public would have to occur for that to happen smoothly with all transactions, starting with the Rabid Privacy Freeaks (RPFs) who are so paranoid that they believe you can memorize all of their ID info with just a glance.
@esd2020: Just my own experience in analyzing and playing with the algorithms. I don’t know the exact algorithms (that’d take the fun out of it), but I’ve got a good idea of what they look like, similar for the checksum. Now, the CVV code appears to be a random #. Haven’t found a pattern to those YET.
But you also have to keep in mind that I could “randomly” come up with Windows 95/98 product key #’s in about 5 tries. Treat it like Chess or a good crossword game and you’ll start to see the patterns.
Why wound’t the clerk notice that the name that pops up doesn’t match the name on the card?
what ever happened to the credit cards with the user’s photo on them?
I know it’s a french technology and some americans have an grudge against french people, but… here we ony use “smart cards” (righ word ? cards with an microchip) and it is impossible to manually enter a card number even if swipping the card is still possible for foreign cards.
It’s not much expensive, and latest chips can use real, proven public key cryptography. Futhermore, following accidents with the yes-card several years ago, use of certificates is now mandatory.
To sum up: you can’t clone or fake them. Why everyone is not using them ?
@danger42:
Names don’t pop up when manually entering a card number.
The reason cashiers won’t catch it is because most people don’t care enough about their security to bother being inconvenienced. It seems like 1 in 3 cardholders don’t even sign their cards, and that’s literally the only security you’ve got if your card is stolen. It’d take a determined retailer to force that many people to sign their own cards. Really, it doesn’t take a rocket scientist to figure out that what is potentially lost to a chargeback does not match what you lose to sales possibly turned away by hassling consumers who neither understand nor really care about the security of their card.
So, you take a card, don’t bother looking at it, get an authorization and a signature, take an imprint if you have to, and write off the occasional problem with a disputed transaction as the cost of doing business. Because harping on proper credit card procedures will just turn away more legitimate business than the fraud it will protect the retailer from.
@IphtashuFitz:
Yeah…
I got in trouble like that when I was 14.
Today, things are a little more difficult. Still not impossible.
————————–
In the interest of open security:
1) The first 4-6 digits of a card number identify the lender. (Chevy Chase Bank, Chemical Bank, Bank of America, Capital One, etc.)
2) CVV1 and CVV2 are not uncrackable. It is entirely possible and plausible for a card number generator to calculate CVV1 and CVV2.
3) Through the magic of phone sex, obtaining the expiration date is easy. Phone sex lines use automated card processing, and will not process without a correct date. The use is obvious. The only solution for this is to have single-attempt failover to an operator.
4) (This is the tricky part today) Most mail/web-order merchants now *require* that the billing address be correct, if not the shipping address. If neither address matches, the merchant will either decline the purchase or request confirmation from the card provider, which is why you’ll sometimes get a call from your credit card company asking you about recent purchases. It used to be that you would simply have your “acquired” merchandise shipped to a vacant house, but that rarely works now.
In a nutshell, much more difficult to actually have things shipped to you using a fake card – which is why the in-store methods are becoming more popular.
Of course, with the greatly increased penalties over the years, in addition to the increased security measures, credit card theft is actually *less* common than it was years ago – regardless of what you’re constantly hammered with by the card providers.
@thebrave:
They’re still not immune to theft, and the infrastructure comes at no small expense.
Merchants in the US are slowly moving towards using them, but it will take quite a while. Keep in mind that there are far more people and far more businesses here.
I dunno. I’m sceptical… nobody’s gonna get rich off of this scheme unless he or she is buying stuff from people who aren’t running the numbers properly through the system. Nobody’s gonna be able to buy a TV set without the exp date at the very least. That + 16 numbers is suspiciously impossible to guess. Likely these folks are stealing numbers from their friends who work in stores and then using those numbers at stores and hotels where their friends work.
for this whole coming up with random number bit… not necessarily that hard to do… mainly because it’s not so random. A lot of companies that have online and phone order will have a ghost credit card number that they use in training and testing… get a hold on that and you can get whatever you want on the companies dime… I however would not suggest this technique because about the only way to get those numbers is either work for the company or know someone who does, which does make it a lot easier to be tracked back to you (i know this because I had a coworker who was caught doing just that).