Card fraud is ascending to another level with a CVV code tha

File: Riding a Moped round stealing mobile phone payment data.jpg (81KB, 600x800px) Image search: [Google]

81KB, 600x800px

Bump

File: water cooling.jpg (149KB, 1024x768px) Image search: [Google]

149KB, 1024x768px

>>56942846

File: Facebook keys.png (218KB, 847x670px) Image search: [Google]

218KB, 847x670px

>>56942869

I doubt it'll make much difference, a 3 digit code has got to be the easiest thing to crack there ever was given there's only 1000 options.

Now if the card number itself could change, that would be useful. Then nobody could keep your credit card on file for any reason.

File: 1450039292530.gif (2MB, 5000x3398px) Image search: [Google]

2MB, 5000x3398px

>>56942890

>>56942892
>nobody could keep your credit card on file for any reason

That would be a problem. I wouldn't feel like having to manually pay all my bills every month. Maybe another solution...

>>56942892
>I doubt it'll make much difference, a 3 digit code
This. They should have also made it longer. How does this even authenticate the code with the financial institution?

>>56942950
Comfort > Security
Really?

File: 1475628060752.png (2MB, 1276x1170px) Image search: [Google]

2MB, 1276x1170px

>>56942905
(Embedded files)

>>56942965
This isn't quite the same situation

>>56942953

>How does this even authenticate the code with the financial institution?

This is the issue. It can't be communicating, thus the only option left is that the generation is based on some algorithm that the bank knows. If you know the algorithm you can use it to generate the CVV at any time.

>>56942965
The most secure is to go everywhere and pay it in cash. I want to see you doing it every month.

>>56942998

>Going outside with cash on you.

HAHAHA cuck you're so wrong that it's funny. The most secure way is paying with BTC or Paypal.

>>56942991
Could the code be emulated from a card with t he device? What security methods other than encryption are going to be harboring the algorithm on the card?

>>56943030

How the fuck would I know any of this? You're asking the wrong guy. The only things I know for sure is that they're gonna do it wrong, and that it will somehow end up being a botnet.

>>56942892
While it would be safer to make the code longer you have to be very lucky to crack it, I'm sure most banks will freeze the card after 3 failed attempts.

just use cash you niggers

>>56943079
It's just harmless speculation, don't be so hostile

>>56943115

>use the paper jew, you kings

>>56943092
Brute force isn't the way about it, breaking the algorithm which will be stored on the card is the best way.

Emulate that algorithm in it's encrypted format and then dump it in a reverse engineer tool or something like Cuckoo, IDA pro even.

>>56943136

back to Plebbit queer

>>56943159
This, ladies and gentlemen, is how retarded the average neo-/g/tard is. Any questions?

>>56943159

>breaking the algorithm
>Emulate that algorithm
>encrypted format
>dump it in a reverse engineer tool
>Cuckoo
>IDA pro

Wew lad I'm just gonna assume that you're underage and roleplaying as a hacker. If you're older than 14 kindly end your own life; it will be like sleeping, I promise.

>>56943201
How do you do it then smarty pants? :^) Oh, you can't

>>56943214

Not weasel-wording and looking like a stupid dumbass who watched too many hacker movies.

>>56942998
I do this literally every month. Takes me about 20 minutes to do.

What sort of cuck city are you in where you can't do this?

>>56943233
Clearly you have no clue, carry on nit picking faggot no one cares

>>56943268

You're trying to hard to make it look like you know shit but your misuse of pseudo-technical language makes it just pitiful. Keep playing hacker skiddo, one day you'll grow up and realize what a queer kid you were.

>>56942788
Well let's see, we only just barely could be considered switching over to CHIP and sign in the U.S. with another several years before going CHIP & PIN.

So...we should get this in about 15 years?

>>56942788
To verify it needs to be predictable. If it's predictable it can be cracked.

>>56943294
But I do know shit, I've published papers, spoken at cyber security conventions and worked with the NCA.
Your lack of understanding doesn't mean what you don't know is wrong pleb

go back to your hugbox

>>56942788
This is the same as TOTP, literally nothing new, noice to see them actually caring about card security

>>56943020
depends where you live

a lot of the shops still charge extra for using cards

in the uk.

>>56943159

You still have to brute force the seed value somehow and doing it without capturing the cvv values is impossible. With enough cvv values and the algorithm you could crack the seed, maybe.

>>56943316

10 if we're lucky and then only as an option

>>56943450
>To verify it needs to be predictable.
No it doesn't.

>>56942892
>3 digit code has got to be the easiest thing to crack
>>56942991
>If you know the algorithm you can use it to generate the CVV at any time.
>>56943159
>Emulate that algorithm in it's encrypted format and then dump

holy fuck how retarded can /g/ get
> each card given a cryptographically strong (128+ bits) secret seed value
> every hour, append the time and do a SHA-2 hash or similar, find modulo of 1000 or whatever
> server has database of card secret numbers, can do same calculation as verification
> good fucking luck guessing the random seed value from a handful of samples
> this basic principle is already used for tons of other shit and is called HMAC

>>56942979
w-whats in this

>OUR MEMECARDS ARE SECURE I SWEAR
>technology constantly having to come up with gimmicky bullshit to actually keep them secure
Anyone that uses credit cards is a fucking idiot.

>>56943844
Holly fuck, how retarded can you be? What part of "3 digits are easy to crack"?

>>56942788
>this anti fraud shits only happens in shitholes
AMERICA fuck yah!!!

No one trusts u fags

>>56944152
Do you have any idea of how much bigger the keyspace becomes when you factor in time? Did you even learned the most basic combinatronics stuff?

>>56944325
Do you?

>>56944325
Not as much as you think because time is not random. The only bits that really matter if you were to append time would be the seconds to microsec one range

>>56944343
>>56944370
https://tools.ietf.org/html/rfc6238
https://tools.ietf.org/html/rfc4226
If you could just "crack because it's just 1000 values xD" two factor authentication would had never been popular

>>56942788
Who cares, just read your fucking statement and report anything fishy

File: 1475072874338.jpg (45KB, 728x843px) Image search: [Google]

45KB, 728x843px

>>56943178
>>56943201

>>56944425
Except two this is different from two factor authentication, and yes, it's easy to crack, not as easy as a fixed number, I'll give you that, but still, not that hard to do so.

>>56944084
DO IT SENPAIII

>>56942788
kind of fucking stupid
why not just get rid of the fucking stripe and be chip only?
instead of putting batteries in my fucking card

>>56943844

6 digit 2fa has some flaws where 10% of the seeds can be cracked with 30 generated codes and appropriate timestamps. There may be other weaknesses.

>>56946213
SecurID was a clusterfuck originating from a flawed protocol, needing the verification algorithm to be public so anyone could run an auth server, and using device seeds derived deterministically from the serial numbers printed on the back.

In principle no security token is completely invulnerable to physical attacks, but there's nothing inherently algorithmically weak about short code 2FA systems.

>>56945319
They aren't removable or replaceable. They're barely any thicker dude.

>>56943450
It's a one time pad, it is proven technology. Without the secret key you're not cracking it in the lifetime of this universe

>>56944152
>>56944977

> I'm gonna run several hundred transactions with this credit card, none of them with the correct CCV, and no one will notice

>>56946638
>It's a one time pad
is it really? for hourly update of a 3 decimal digit code, you could fit 3 years into 32kB, which seems reasonable I guess.

>>56943621
>living in Britbong
>thinking your relevant

>>56946707
It's a One Time Password, not a One Time Pad, completely different stuff

>>56942892
>only 1000 options

LOOK AT THIS MAN AND LAUGH

>>56942788
cant be arsed to find the paper (or maybe it was a book about payment technology security) the guy said most credit card processors don't even check the card number before processing the payment (paying the merchant for the goods.) they just check that the expiration date is not in the past, and that the bank card is issued by a real bank. other than that they just rubberstamp every transaction and check on the validity of the account, as well as the funds in that account, after the fact. by that time the thieves could be long gone, especially if they're using a bulk purchased stolen card data pack

I hope you can opt out.

I can't remember the last time I actually got my card out to make an online purchase.

I've memorised the number, expiry, and CVV; having one of those arbitrarily change will make online purchases fucking annoying.

>>56944084
a shit 3d printed zip gun that's worthless.

File: 998105.jpg (208KB, 512x594px) Image search: [Google]

208KB, 512x594px

why not change after every purchase??

>>56946707
It's time to stop posting, son.

>>56946904
Those cards does not have a radio chip, there's just an algorithm which changes the CVV.
Pretty sure it's hackable.

>>56947252
Good luck acquiring the secret seed senpai

>>56947263
Let's wait for a BlackHat conference.

All you kids should know that this can't be cracked, but the real problem is that this shit will break. Is it a scam to force users to buy a new (for sure more expensive) credit cards every month when their display breaks?

File: i7pqgoL8R1S6c.png (27KB, 800x1200px) Image search: [Google]

27KB, 800x1200px

>>56942788
>tfw rest of the world moves to space-age cards with changing numbers
>americans are still paying with cheques
>some of the more advanced ones are using chip cards without pin

I don't really care desu.
Card security is the issuers problem not mine.
If my card gets compromised i just get reimbursed off a phone call, it's never happens anyway.

>>56942788
>CVV changes every hour
I don't think this will ever happen

How the fuck are you going to sync the new CVV number to your bank info so when you go to purchase something online, it doesn't fuck up?

>>56947404
>"mommy, why does the interstellar credit chip implanted in my arm have these letters and numbers embossed on my skin, but some of the other text isn't?"
>"uuuh I don't know darling. It's probably so the card looks pretty. Ask the multivac."
>"multivac, why does the payment chip in my arm look like this?"
>"THE LETTERING IS EMBOSSED ON THE ARM SUCH THAT IT REMAINS REVERSELY COMPATIBLE WITH THE PRIMARY MEANS OF CREDIT CARD PAYMENT IN A SMALL REMOTE COUNTRY ON OLD EARTH, CALLED THE UNIONIZED CITY-STATES OF AMERICA. IT INVOLVES PUTTING YOUR ARM ON A SPECIAL TABLE WHERE A SLIDING ROLLER WILL IMPRINT THE NUMBER ON PAPER IMPREGNATED WITH CARBON. THIS WAY ONE CAN AVOID HAVING TO TAKE A PICTURE OF THE CARD NUMBER. [BZT] MULTIVAC OUT, BITCHES."

>>56942788

Lots of people like to use "Save my info for next time" features on all their online shopping sites from Amazon to Steam, safe or not, they like the convenience.

Add in every monthly subscription based services auto renewal and I see these cards taking off literally never in countries like the US because people won't want to update their CVV every time they grab their shit off Amazon or have to resubscribe to Netflix every month.

>>56942950

NFC readers + NFC cards.

Touch to pay, card changes every day?

>>56947681
All CVV numbers for 3 years are already known beforehand, by both bank and the card. No syncing needed.

>>56947715
>All CVV numbers for 3 years are already known beforehand, by both bank and the card

Then they're not random, and a single undetected breach into the server that stores these codes is a financial catastrophe.

>>56947729
Well, a single undetected breach into bank's server is a financial catastrophe even without these codes...

>>56942950
why would you? Whenever I currently do purchases online, my bank sends me a code on my phone by SMS and I input that into the bank's payment confirmation embedded page (the kind that springs up whenever you click PAY NOW) on online shops. To pay my rent, I go onto my bank's website, set up a recurring payment plan, and get sent the SMS code again. It's not like I have to confirm it every month or something. Once it's known that I OK'd it, it's fine until I cancel it. The same would be true for a hypothetical card that changes "bank account number" (the bank needs a unchanging number to know which account is which, so it might be called something else). You OK the recurring transaction once, you no longer have to think about it until you wanna cancel.

>>56947696
NFC is less secure, just more convenient. Now you're just trolling.

>>56947741
I agree, it's like when my family members say "don't leave the keys to your window's lock hanging in the lock on the inside of the window, it's not secure"

Well the window only has a handle to open it on the inside. If a burglar wanted to go through the effort of breaking the window to steal a small key that only opens my window... Isn't the point moot?

>>56947780
Those numbers are not a fora of protection from hacking bank's servers so I have no idea what you're trying to imply here.

>>56944084
I guess its one of these cleverly crafted stenography pictures.

>>56942788
Dayum thats fucking nice.
I love the idea.

I hate it when they can move money without my consent.

>>56946769
I guess someone didn't learn about probability and statistics.
Or he's just trolling.
I'd say its latter.

>>56942788
>Contains lithium battery.

Exploding cards, just what we need.

>>56948070
kekkerino

File: mc-lcd-580x435.jpg (41KB, 580x435px) Image search: [Google]

41KB, 580x435px

>>56942788

Mine looks something like this.

3rd world slav country.

>>56946686
>he doesn't know
Mice try officer, I almost fell for that one.

>>56942788
ITT: People who think credit card companies are dumb.

These companies are nost stupid, they know very well that the system can be and is being exploited. A new and safer system is only introduced when the cost excels that of money lost by operating an unsafe system. It's business. Why change to a safer system for X million when the damages caused by your current system are only a fraction of X?

>>56947780
The point is that you can cut a small hole in the window, reach inside and turn the lock with your hand as opposed to when the key to the lock is stored safely.

>>56942788
How long would the batteries last? There couldn't be a "random" CCV code because if the credit card company receives the incorrect one they'd decline the transaction, I mean this is nice because of skimming machines, but if someone figures out the algorithm for the code changes, especially if the bank uses the same algorithm for each credit card it issues, that could be problematic. Not to mention how much does this card with a battery in it cost the bank? Does it add a few dollars to cards for millions of users, does that offset the fraudulent purchases that happens? I don't think it will, thus it wouldn't be cost effective.

>>56943159
it's probably just oath, like the physical RSA keys
you'd have a hard time getting the seed off of the credit card

>>56950071
The thing is, the system doesn't NEED to be X times better than than the older one, you just need to convince the right people that it is.

>>56950262
Nope, what matters to companies is how secure the systems actually are and how much money they lose on fraud and other abuse. How secure something seems to be is something consumers care about more than anything.

>>56942788
It's a scam. Let me say it again, it's a scam. It may appear secure, but it really fucks you much harder. In case you're wondering where I come from with this, I spent a few years working for the company in charge of all card payments in France.

Let me tell you how this works: to pay with a credit card, you need its pan, expdate, cvv, AND a security check. If there's no security check, payment is invalid and may be contested at any time, and reimbursed on the spot, based on French law only. Banks don't like it and go as far as claim it's a myth, but just insist and you're good. Similar laws exist in many countries.

What's a security check? Traditionally PIN is used for that in France. So basically if someone steals your card data and pays stuff on the internet, you just call your bank and say "wasn't me". Absolutely perfect security, which guarantees every single payment on the internet, and you always win, and banks always lose. Obviously they don't like that.

Now first time they cheated on this, banks claimed you need to own the card to contest a transaction. If it's stolen, you're fucked. That's borderline illegal, but it still flies, and contesting such payments is much harder, because the PIN is the only real security, and theft is something whose responsibility doesn't necessarily lie with you. So they said "we'll send you a security code on your phone", and it became a new security check, but the same thing applies: phone is stolen, you're fucked, because your phone like 99% of phones shows received texts even when it's locked, and there's no contestation.

Then RFID payment was introduced: no PIN, no check, infinite contestation, but if it's stolen, you're even more fucked, and contesting it is even harder. Then you could pay with your phone, and receive confirmation on this same phone.

This is the next step: this will be considered a security check, and if card is stolen, there'll be no contestation. Don't get that shit, check the law.

>>56942788
I'm pretty sure the CVV isn't required to make an actual transaction, it's only used to verify the credit card. Many sites will only require a CVV for the first transaction to make sure your card is real. Some don't require it at all. This would be way more work than it's worth imo unless you change the entire purpose of the CVV.

>>56947741
>Well, a single undetected breach into bank's server is a financial catastrophe even without these codes...
Correct. Now if you're tapping directly into some bank accounts, you'll be spotted, but if you have every single card pay a random amount between $1 and $30 to a hundred different accounts opened in Thailand and Zimbabwe, it's going to take much more time to spot it, and you may just continue for a long time.

Consider the actual crimes, with the logistics and risks of each, and you'll see getting card info is preferable to anything else.

>>56950403
Most websites either don't store card data and ask for CVV everytime, or memorize card data but have you enter CVV again for each payment.

>>56942892
You can't brute force a credit card pin though. After a few unsuccessful pin attempts the card would probably be frozen by the bank.

>>56942892
Tokenization exists: generate temporary card with one day validity, for only a set payment, and only made to a single vendor. That exists in civilized countries such as France and works pretty well. But it's still linked to an actual card whose credentials may be stolen.

>>56950344
I can't see how that statement denies anything I'm saying.

>>56946786

That's bullshit

>>56942892
>given there's only 1000 options.

Why is this wrong?

>>56947695

There will be autorebill functions once verified and putting in a 3 digit code every time isn't that hard.

>>56942788
why not just use debit cards?

credit card countries are third world shitholes

>>56950183

It add pennies to the cost of each card, but the bank will charge $20 for it to make up for increased server processing costs. E-ink doesn't need the battery for display. The crypto seed is the secure part and the on card battery refreshes the code every hour.

https://letstalkpayments.com/digital-dynamic-cvv-codes-for-credit-debit-cards-gaining-traction/

>>56951813

The code changes every hour. You can only try so many codes in an hour before being throttled. Most lockout rates are 5 tries in 5 minutes. That's 60 tries for that hour assuming you start right at the hour. Without some preexisting knowledge of the codes you'll never crack it.

>>56942788
Pretty cool, but then I'd have to pull out my card every time I make an online purchase

>>56942979
Man, all these 3d printed guns just aren't the same since the state department banned them. No one releases files for newer designs. It has stagnated. They have won

>>56952259

Why would you need to make your own guns? You can build ghetto ones with parts from home depot and then you might blow your hands up. Well regulated militias didn't make their own guns.

>>56942788
I always use those temporary e-cards were you set the max limit when you use them. So no nothing would change for me.

>>56952410
These don't show up on metal detectors

>>56952421
Still, it's pretty good if your bank doesn't have this.

>>56942950
You'd just have to verify that the number is correct at the time of the initial transaction and have that be consent to let the company withdraw funds from your account on a regular basis. Wouldn't be very hard I don't think.

>>56952680
Yeah that's true

>>56943316
personally fucking hate the chips, never once has one of these fucking things worked wherever i go, maybe the us version blows cock, but id rather just swipe and be a bit more insecure then wait 5-10 minutes for managers to override shit.

>>56951935
because then your credit score is fucked to my understanding. You are required to use it or you have shit credit, if you cancel it you have shit credit, and depending on the card you are forced to pay fees just to own it so if you get in a bad spot, have no debt, and this is the payment that breaks you, say good bye to that credit score.

>>56951935
bitch my credit card is basically free for what i use it for

>>56947290
they're software fags they can't look into the chips and circuitry on a microscopic level

>>56952137
>New Hour Begins
>CVV Changes to 001
>Fuckin' nailed it.

>>56952137
>60 tries per hour
>1000 possibilities
>5.83% chance of guessing the right CV in 60 tries
>~17 hours in expectation to crack the CV
the company will recognize what you're doing and take other steps before then but at face value, your numbers don't work out

>>56953198
>maybe the us version blows cock
yes you have fucking garbage readers

fucking jews are too cheap pay a tiny bit extra for a better reader to make more money in the long run

File: washbear 22 cal 3d printed gun.png (4MB, 2140x1739px) Image search: [Google]

4MB, 2140x1739px

>>56952259
>they stagnated
Not really. A guy designed a 3D printed double action revolver. He called it the "washbear" for some bizarre reason.

File: 1469656490556.png (14KB, 166x166px) Image search: [Google]

14KB, 166x166px

>>56942788
>someone swipes your pocket with a strong magnet
>credit card is completely ruined

>>56953809
It's not always the readers. Our networking and processing infrastructure is shit as well.

>>56953999
>Call up issuer
>Have new card delivered the same/next day


Or
> Have magstripe writer

>>56953999
Modern cards don't use magnet stripes anymore, only in America.

>>56951935
Debit cards cost more in the long run of you know how to play the game.

>go outside of signal range
>can't use your card

thanks obama

>>56943149
>Get tracked for every single transaction you make

>>56954043
this

>>56954111
Chip cards do not respect your freedom. This is why America still uses magnetic stripe master race.

>>56946786
Kill urself my man

>>56947681
>I am underage and have no idea how TOTP works

>>56947729
an undetected breach into the server would be bad for the bank regardless, it doesn't have anything to do with the (pseudo)random cvv cards

>>56950442
identity theft would be much easier to get fresh cards than hacking into a bank but you don't do it because you have better (legal) things to do

>>56946769
You're a fag.
000 is also a valid number.

>>56948131
You didn't cover the numbers, moron. You just bought a 60" TV.

File: 1475465743454.jpg (86KB, 446x595px) Image search: [Google]

86KB, 446x595px

A company came to my university like 2-3 years ago with stuff just like this. The guy showed me some card with a beefy display that would display your card number to help hide it from on lookers i guess

>>56954474
that's not Pjiotr's card

>>56952152
how often do you make online purchases?

Why not brand people with bank card tattoos and sync an embedded microchip to our bowel movements?

>>56946769
From 000 to 999, so 1000 options, right?

>>56954740
yes

>>56953809
no, they just override the chip check then go for the swipe only, realistically, none of these extra security things on the cards fucking matter, you have a fraudulent purchase on the card, call the company who issued it, and done.

>>56954709
That needs the code on the back, maybe once a month
Sometimes I might go buy something, forget my wallet and punch in the numbers manually

That is fucking retarded.

>>56952663
Go home pajeet

>>56942788
Two-factor should have never taken this long.