As I work in an eCommerce role, and also shop online a lot myself, I like to keep on top of what’s happening in the field. One of the things that I do is keep abreast of security issues.
I regularly review www.antiphishing.org to see what new “phishing” scams are out there. (Phishing is when someone emails you and says “I’m your bank and I’ve forgotten your card number, what is it again please?”, so you tell them, and suddenly mysterious people are syphoning cash from your account).
An awful lot of the scams in the archive are aimed at the US market specifically (targetting customers of US banks) but some try to get your ebay log in, or paypal password, which of course applies to more people.
I’ve noticed when perusing the details of scams that they often ask for a suspicious amount of information, including your PIN (the number used to get cash from an ATM). I would’ve thought that this is useless to a scammer - the PIN is used (in the UK, anyway) purely in transactions where the card is present - ATMs and at checkouts. It’s not used for phone banking or shopping online or similar.
Does anyone know of any use of the PIN other than card-present transactions? Are the scammers simply trying to get as much information as they can because, well, why not?
As I work in an eCommerce role, and also shop online a lot myself, I like to keep on top of what’s happening in the field. One of the things that I do is keep abreast of security issues.
I regularly review www.antiphishing.org to see what new “phishing” scams are out there. (Phishing is when someone emails you and says “I’m your bank and I’ve forgotten your card number, what is it again please?”, so you tell them, and suddenly mysterious people are syphoning cash from your account).
An awful lot of the scams in the archive are aimed at the US market specifically (targetting customers of US banks) but some try to get your ebay log in, or paypal password, which of course applies to more people.
I’ve noticed when perusing the details of scams that they often ask for a suspicious amount of information, including your PIN (the number used to get cash from an ATM). I would’ve thought that this is useless to a scammer - the PIN is used (in the UK, anyway) purely in transactions where the card is present - ATMs and at checkouts. It’s not used for phone banking or shopping online or similar.
Does anyone know of any use of the PIN other than card-present transactions? Are the scammers simply trying to get as much information as they can because, well, why not?
Many of these scammers run fairly sophisticated operations. They have all the equipment they need to create a forged credit card, complete with magnetic stripe, that looks and feels just like the one in your pocket. So, armed with a fake card and your PIN, they can wipe out your account before you realize it.
I wondered if this might be the case, but I’ve never come across it when I bank online. I suppose each bank is different though, so there’s nothing to stop them doing it. Do you happen to know how widespread this usage is?
My only thought would be that they own a store/know someone who owns a store and are keying in your CC number. A PIN is one of the methods used to prove that they person was present during the transaction. Although when a card is keyed in, the person is supposed to manually swipe the care to make a carbon copy of it (or a photocopy) to prove that it was actually there. So basically I assume they are just asking for the PIN so that, if applicable, they can use it and it makes proving that the card number was stolen that much harder. The same goes for the CID on the back.
The scammer can create a counterfeit card with the information. At least where I work, it’s impossible to key a debit card number into the cash register by hand. The card must be swiped, and I suspect a similar limitation exists on other debit card systems.
I kinda figured that but I didn’t feel like walking out to one of my registers and trying it. But now that you mention a counterfeit card, I never thought of that. You can buy magnetic strip reader/WRITERS, and then take that to an ATM or a store and do it that way.
In case this thread now seems to take on a surreal quality, consider that there were two identical OP’s, with replies. I just merged them. Posts from the two threads are integrated in timestamp order.
I’m wondering if the Pin referred to in the OP is actually the security code from the back of the card? There’s certainly (non-internet) scams which involved tricking people into divulging those three digits, which make it much easier to use the card details online.
Depends where you bank. The password I use for Internet banking is different from the PIN I use for telephone banking, and both are different from the PIN I use when I physically stick my card in a bank machine or run it through a reader at a store.
The scams I’ve seen ask for both the PIN and the number on the back of the card (CV2, CVV2 etc). Often they say “ATM PIN - the number used at cash machines” or similar.
I’ve also always found that I have a different number for phone banking, online banking, and card-present transactions. It seems like card copying is the scammer’s most likely intention.
Oh, and sorry for the duplicate threads… my connection timed out posting it, so I clicked “submit” again… rookie mistake! :smack: