We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Debit Card Fraud
Comments
-
Yes but can you match a brute forced 16 digit number that matches a brute forced expiry date?eskbanker said:
OP clarified that:born_again said:They are not randomly guessed. They are compromised at some point where the card has been used.
My understanding is that numbers are (sometimes) effectively guessed randomly by brute force number-generating attacks....RG2015 said:
the debit card has never been used and never even been out of a drawer in my house.
It would appear so.0 -
It was the Royal Bank of Scotland.k_man said:Similar discussion here:
https://forums.moneysavingexpert.com/discussion/comment/79633980/#Comment_79633980
While the details may have been compromised elsewhere, the use of Amazon, a retailer that doesn't require CVV, and a card that has never been used online or in person, suggests otherwise.
ETA: so more likely a number generator was used, against a week retailer system to brute force the expiry.
@RG2015, which bank was this with?
My instance was TSB, as was one of the banks in the linked thread, albeit that may just be coincidence.
I absolutely agree that it suggests otherwise and that is the problem.
As Sherlock Holmes says, all the remains is the improbable, however unlikely.
Brute forced 16 digit number and expiry date which is all Amazon require.0 -
Good point.k_man said:Forgot to add, in my instance, card had never been used, including on Amazon. The purchase was on someone else's Amazon account.
I found it on the bank account, as @RG2015 did.
It clearly is not on my Amazon account so it must be someone else's account.
However it is screwing with my brain so much I have just checked my Amazon account. And guess what?
There's nothing there!
1 -
Yes - for any given 16 digit generated card number, there will only be something like 36 to 60 possibilities for current expiry date, so that's not much of a multiplying factor if you're already working with 10^16 options.RG2015 said:
Yes but can you match a brute forced 16 digit number that matches a brute forced expiry date?eskbanker said:
OP clarified that:born_again said:They are not randomly guessed. They are compromised at some point where the card has been used.
My understanding is that numbers are (sometimes) effectively guessed randomly by brute force number-generating attacks....RG2015 said:
the debit card has never been used and never even been out of a drawer in my house.
It would appear so.2 -
Not that you're really working with 10^16 options. The first four (or more) digits indicate Visa/Mastercard etc and the bank, the last is a check digit. I'm sure anyone with an interest (legitimate or otherwise) in the construction of 16 digit card numbers can find the relevant IDs and algorithms easily enough.eskbanker said:
Yes - for any given 16 digit generated card number, there will only be something like 36 to 60 possibilities for current expiry date, so that's not much of a multiplying factor if you're already working with 10^16 options.RG2015 said:
Yes but can you match a brute forced 16 digit number that matches a brute forced expiry date?eskbanker said:
OP clarified that:born_again said:They are not randomly guessed. They are compromised at some point where the card has been used.
My understanding is that numbers are (sometimes) effectively guessed randomly by brute force number-generating attacks....RG2015 said:
the debit card has never been used and never even been out of a drawer in my house.
It would appear so.
Eco Miser
Saving money for well over half a century0 -
While it's true that the first six (BIN) digits do indeed denote the actual product ranges (which are published), they do still exist, but yes, if you're looking to generate card numbers specifically within a given BIN then you've reduced the number of options down to 10^9 (allowing for check digit). However, my point was that if you're already having to generate valid numbers from quadrillions, trillions or even billions of options, a further multiplier of 36-60 is unlikely to be a significant deterrent....Eco_Miser said:
Not that you're really working with 10^16 options. The first four (or more) digits indicate Visa/Mastercard etc and the bank, the last is a check digit. I'm sure anyone with an interest (legitimate or otherwise) in the construction of 16 digit card numbers can find the relevant IDs and algorithms easily enough.eskbanker said:
Yes - for any given 16 digit generated card number, there will only be something like 36 to 60 possibilities for current expiry date, so that's not much of a multiplying factor if you're already working with 10^16 options.RG2015 said:
Yes but can you match a brute forced 16 digit number that matches a brute forced expiry date?eskbanker said:
OP clarified that:born_again said:They are not randomly guessed. They are compromised at some point where the card has been used.
My understanding is that numbers are (sometimes) effectively guessed randomly by brute force number-generating attacks....RG2015 said:
the debit card has never been used and never even been out of a drawer in my house.
It would appear so.0
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 352.2K Banking & Borrowing
- 253.6K Reduce Debt & Boost Income
- 454.3K Spending & Discounts
- 245.2K Work, Benefits & Business
- 600.9K Mortgages, Homes & Bills
- 177.5K Life & Family
- 259.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards