New credit card scam?
February 24, 2007 7:41 PM   Subscribe

I think she's just watching too much CSI:NY. That idea was used there recently.
posted by Violet Hour at 7:48 PM on February 24, 2007

I don't know if it's an actual problem yet, but I imagine it will be soon enough.
posted by -t at 7:50 PM on February 24, 2007

It's not fiction and it's not really new; it's called credit card skimming, where shady clerks/waiters/etc. run your card through portable readers and store the numbers for later use:

One of the ways that a thief can obtain your data offline is through the use of a "skimming" device. These small magnetic stripe readers can be easily purchased online for $300-$800...In the legitimate business world, these devices are used to swipe membership cars at gyms or take credit card orders away from the office. Technology has advanced so that these credit card readers can now be as small as a disposable lighter. They can also be hooked up directly to a Blackberry in order to email the credit card data instantly.

Most commonly, skimmers are used by waiters or retailers who have a convenient second to swipe your card when you hand it over. The can also be placed over an ATM or a gas station pump reader to capture card information. Once the skimming device is full, the thief downloads the stolen credit card information on to their computer and makes purchases using the data. In some cases, the skimmer data is sold to identity theft rings that actually produce and sell fake credit cards with your information.
posted by mediareport at 8:06 PM on February 24, 2007

Yeah, but credit card skimming requires that the theif actually swipe your card (or that you yourself swipe it in a device placed over a legitimate one). It doesn't work if the card is in your wallet or purse.

The link -t provided is more what the OP is asking about.
posted by Violet Hour at 8:16 PM on February 24, 2007

(Sorry! Posted too soon!)
posted by Violet Hour at 8:22 PM on February 24, 2007

You've already got an answer, but yeah I've heard of this. It's not a problem for me seeing as how I never carry cards. I'd recommend that to others, but I understand it's not an option for everyone.
posted by VegaValmont at 9:43 PM on February 24, 2007

Tagging along, does anyone know what the cheapest-while-still-effective RFID shield is? Suppose one has an RFID-chipped credit card or passport; will just wrapping it in tinfoil work?
posted by LobsterMitten at 11:12 PM on February 24, 2007

I just want to point out that retrieving a user's name and CC # from an RFID card is criminal on the part of the issuer. While it is possible to store that kind of data on an RFID chip, it's far more secure to put a unique ID on the chip that when combined with a PIN and an authorized reader unique ID can be used to retrieve that information.

I worked on RFID technology in 1999 (before the moon was yanked out of the Earth's orbit), and security was one of our prime concerns. Our take on skimming was to make sure that information was not useful without much more context that was not available on the card. Putting the unique ID on readers as well was the capper.

The company tanked and I'm frankly surprised that first generation cards have clear skimmable information on them, considering some of the requirements from prospective companies we talked to.
posted by plinth at 6:31 AM on February 25, 2007

How do you know if a card has RFID technology on it? My green card certainly looks as though it does - it's got this brass-coloured microfiche film-looking stuff on the back - but that might require swiping through a machine, I don't know. Should I get some sort of metal sleeve to keep it in, and if so, what metal?

Leaving it at home is not an option as technically I am required to carry it at all times.
posted by joannemerriam at 7:55 AM on February 25, 2007

Maybe they were talking about this scam. It's not the same as skimming, it actually involves swiping the card (so no reading from your wallet). But I don't think it's very widespread, either.
posted by timelord at 10:07 AM on February 25, 2007

I'm not sure AMEX green cards have implemented any sort of RFID...but take a look at this blue card. If it's got that chip w/ that rectangular loop, then it has RFID tech.

Visa and Mastercard also have similar technology, but as far as I can tell there's no standard name for it, usually the issuing bank decides how to market it. For example there's Chase Blink.The card should have some sort of chip on it.

In any case...your card provider should be the one to let you know if they've issued you one of these cards. AFIK the vast majority of cards in the U.S. do not have this technology.
posted by timelord at 10:16 AM on February 25, 2007

Oops, to clarify, when I say "that rectangular loop" I'm referring to the circuit-looking thing (it's an antenna), not the blue square in the middle.
posted by timelord at 10:18 AM on February 25, 2007

Timelord, sorry, I wasn't clear. I wasn't talking about an Amex, but my US government issued permanent resident card.
posted by joannemerriam at 1:03 PM on February 25, 2007

Joannemerriam, it's indeed possible about your U.S. green card. I wasn't aware they were doing it, but I found this article which seems to imply that they may be using RFID technologies.

Of course you can't completely rely on visual indicators. It's easy enough these days to make a card with the antenna/microchip stuff embedded inside. There's an illustration here (it's in Japanese, but hopefully the pictures speaks for itself).
posted by timelord at 1:56 PM on February 28, 2007

« Older Is there an easier way to get ...   |   I recently applied and was pre... Newer »

This thread is closed to new comments.