View original (French)

Bank ticket information

Max -  
 Margot -
Hello,

We are increasingly aware of online credit card fraud. But I’ve heard about something much older, equally damaging, and especially simpler concerning credit card fraud.

When you pay with a credit card at a restaurant, for example, your receipt contains quite confidential data. I’ve understood that it notably shows the expiration date and even allows for decrypting, for instance, the card number. It would then be easy for merchants to hack the card via online payment sites...
Is this true and is it that simple? Because since then I always make sure to keep my receipts safe!

Thanks in advance,
Max
Configuration: Windows Vista Internet Explorer 7.0

4 réponses

Réponse 1 / 4
momonj Posted messages 978 Status Membre 111
 
now the numbers are no longer complete on the form
example:
xxxxx47565686xxxxx
30
imod11
 
Hello,

Following some research, I came across this forum. I can assure you that not all merchants display the numbers on their credit card receipts as you indicated. I actually have a merchant's receipt (the seller made a mistake when handing over the payment receipt; he gave me the merchant's copy instead of the customer’s) on which my complete card number is printed (except for the icon on the back of the card) as well as the expiration date!!!!!!!

If you have a specific law text regarding this matter, I would kindly ask you to send it to me by email.

Thank you in advance

Best regards
Dominique
0
CARTOmancienne
 
@momonj : NO, IT'S FALSE!

As imod11 points out: only the customer receipt is incomplete. The merchant receipt is complete and often poorly protected. Furthermore, if a dubious employee is on the merchant side, they can, in a legitimate (authenticity check), innocuous (card swiping that doesn't work the first time) or even without additional action (card inserted in the machine on the other side of the cash register and mirror to not return) look at the three digits on the back, memorize them, and pay on all sites without SMS verification.

Moreover, not all sites require the 3 digits on the back: many hotel booking sites allow you to skip this requirement, as do some other "reservations". Certainly, this case in France often limits itself to the guarantee taken by a hotelier (and not the actual payment), but if no one shows up at the hotel, the damage is there. On some foreign sites (American, for example), the numbers on the back may not be required for purchases of tangible goods!

More surprisingly: the digits on the back (the 3), check on your card that they cannot be seen through pseudo-transparency from the other side! I don't know if it's transparency or a consequence of mechanical constraints in manufacturing, but on many cards, with strong adapted light, by turning the card in all directions, you can end up seeing them! Tested with cards from multiple banks and credit organizations, Visa and Mastercard. Conclusion of my test: concerns the majority of cards from all manufacturers: 1 "Morpho" concerned out of 1 tested, 2 Gemalto out of 2 tested, and 2 Oberthur out of 3 (ah, one that resists). For your information, the manufacturer's name is above the magnetic stripe, very small, at the top right of the "back".

For customer receipts, however, in the majority of cases, there are no risks; in some cases, risks remain because there are too many numbers (for many "banks"), you remember the look and type of the card, and you can find 4 to 8 numbers from the beginning. A VISA Accord = very often 4971 XYZT (and XYZT varies little...). If only 1 number is missing on a card, an algorithm can guess it. In other words: with only 7 numbers at the end + the look of the card, the entire number can sometimes be guessed without rolling dice... With 6, there is a 1 in 10 chance; true security consists in reducing risks to much less... Not to mention that by accumulating several receipts (or an SNCF ticket which shows some numbers), it is sometimes possible to obtain additional information. In short, consider any ticket that has more than the last 4 digits as something to be treated cautiously.
0
nicodenice Posted messages 2 Status Membre
 
I confirm it's a scam... I myself am a merchant in hospitality (bed and breakfast...) so I have 3 card terminals and there is no security for your cards in any business, whether it's a small merchant or large retailers like Carrefour... for the merchant receipt, there will always be your card number in full and the date, just the CVV won't be there. (so any cashier can have your number...). Why do many online booking sites no longer require the CVV now? It's normal: it's the only part that can't be calculated by the script that checks if the provided card is correct (I am also an IT professional...) and from experience, often the person will give a fake CVV, which comes back to bite us because what people forget is that the card terminal calls a number starting with 08 for the transaction... which ultimately fails... so in short, like most hoteliers since 2009 at least for me, I found a way to process the transaction without the CVV and miraculously there are never any declined payments, which has reduced my phone bill. The moral of this story is that anyone can hack a bank account as long as we pay by card at a merchant...
0