Identify Theft at Tesco Store

Storck

geordie joe - on The Real Hustle once they showed someone swiping a customers card in a shop and their friend using the new card within minutes. As some as they have your details it takes no time at all to put them onto a blank card.

geordie_joe

Storck wrote: »

geordie joe - on The Real Hustle once they showed someone swiping a customers card in a shop and their friend using the new card within minutes. As some as they have your details it takes no time at all to put them onto a blank card.

The Real Hustle is not actually real! They don't show you the hours, days, weeks and months they cut out.

It may be possible to clone a card, and use it in less than 2 hours. But the main reason why card fraud is not investigated as it should be is because it is too hard to find out who/where the card details were stolen. This is because there is a long time between the details being stolen and the cloned card being used. They can't figure out who/where the card was cloned.

If Jane on checkout 11 at Tescos Leadwatsit was stealing card details and the cloned cards were being used within 2 hours the coppers would have their biggest clue ever. They would have complaints all naming her as the last place the card was used.

This is why the people who steal the card details don't use them straight away, so the card owners all have a chance to use their cards in other places and there is no one place that links them all.

Markie11

First of all congratulations Geordie Joe on winnign the XFactor LOL.

On a serious issue and the matter in hand, it seems to me that a lot of assumptions and accusations are being made.

I worked on an IT project for the company I work for when we introduced ChipNPin some years ago. I would just repeat what one previous entry said 'it is the chip reader in the machine that is at fault'. This is very true, if this happens a number of times then it is the pin reader at fault. Every so often secure datasets are issued from the card acquirers i.e. BMS, AMEX, etc, and these are downloaded usually overnight by a central service onto the individual machines. These are changed every so often to keep them secure ... ish, but shouldn't stop pin reader faults as this is mechanical. Tesco or any other retailer should be replacing these, it would be in their own interests to do so to reduce queue waiting times. If anybody attempts to tamper with a chip machine then it should automically go into a defect mode, the pin reader is than 'Knackered', and canonly be reset by licenced manufacturers.

As part of the project we had to develop secure communciation channels with the pin machine, our own central authorisation request service, the third party suppliers service and the acquirers services. With all this going on, a number of messages are being sent around with a quite important bank card details i.e. card number, expiry, bank card holders name, not PIN. In the production environment these are all secure, though in testing we had to ensure that we knew exactly what was being passed. We have quite a stringent security policy especially with Credit cards but I dare say that there are some retailers who don't have such strong policies. All UK companies are now meant to be PCI compliant (I think it's by now). They have to prove to auditors that they are totally secure.

What I'm suggesting is that somehow card details have been intercepted on certain transactions but not at the POS though possibly more internally within their head offices. I very much doubt it's related to skimming, I can't see how anybody can tamper a pin machine to cause it return 'an incorrect pin code entered' message.

BTW - I had credit card fraud on my card a few years back, never used the card for about 8 months but then a statement turned up one day. One for paypal and one for Tesco Online topup. Not for one minute did I think it was Tesco, but I do think my details were intercepted electronically somewhere down the line and sold to another person.