Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Keyboard loggers and credit cards

  • 19-02-2007 5:35pm
    #1
    probe
    Closed Accounts Posts: 2,055 ✭✭✭


    A friend of mine used a hotel foyer internet terminal (regular windows XP PC setup) to reserve a room in another hotel for the following night, and during the SSL/TLS https reservation transaction gave a credit card number to guarantee the reservation. When the party mentioned that they had used a public internet facility with their credit card I suggested that they watch their card account every day (they have online banking*). Fraudulent transactions began to appear on the credit card statement within a few days. About 2000 € worth so far. (Under EU law the retailer is liable). It seems to me that there was a keyboard logger running in the hotel’s public internet terminal(s). This is a ***** establishment where one would expect them to take guest security seriously and run software to check for keyboard loggers and prevent the installation of unauthorized software.

    The card in question is an EMV (chip) card issued by a British bank (the person lives in England). The brain dead bank immediately stopped all transactions on the card account – leaving the cardholder without a method of paying for hotels and meals for the rest of the trip, virtually penniless!

    If your card details are compromised on the internet, the bank can stop all CNP (customer not present – ie internet type transactions). And still leave the card working for PIN authenticated transactions at ATMs and retail establishments where the cardholder can enter their PIN, until the cardholder gets home and can pick up their new card with a different card number.

    There is no connection in terms of security risk between your card number getting into the wild on the internet (risk type A) and the cardholder’s card and PIN being stolen (risk type B). Every transaction presenting itself across the Visa and MasterCard system can be segregated accordingly. One wonders if the Irish banks are as dumb as the British banks and don’t really understand the benefits of issuing payment cards with chips!?

    .probe


    *PS Don’t dream of using a public internet access terminal to access your bank account unless you have a user login that changes every time you access your account details. Ideally don’t use online banking at all unless the bank provides a continuously changing user login system to you. The PC you are using this minute could have a keyboard logger! Obviously the same applies to corporate e-mail access and your company’s remote desktop access, etc. etc.


Comments

  • #2
    biko
    Registered Users, Registered Users 2 Posts: 81,220 ✭✭✭✭biko


    probe wrote:
    When the party mentioned that they had used a public internet facility with their credit card I suggested that they watch their card account every day (they have online banking*).
    Sound advice. It's very easy to install keyloggers on public computers in hotels, hostels and internet cafees unfortunately.


  • #3
    Random
    Closed Accounts Posts: 19,080 ✭✭✭✭Random


    They should all adapt the reboot system where each time a user goes to it they're presented with a fresh install of windows. Can't remember what it's called, live CDs I guess ..


Advertisement