So after reporting the initial fraud,Visa told us to call back today.At the time ,we also called Frontier Airlines. Two days ago the original fraudster bought ANOTHER ticket from Frontier.This time Visa finally cancelled the card.
I guess Visa/Frontier didn't do anything the first time we called ??

Perhaps they were trying to catch him/them?

That's possible.Visa wouldn't say.

My thoughts are : to use an airline ticket, the name on the ticket must be the same name as the person travelling.And in Canada at least,the person travelling must at some point show some I.D.

We did report the fraud to the airline,and the airline has the thief's real name.
It shouldn't be too difficult to catch them.

I'm concerned about the RF embedded in Visa (and now Interac). The RF is the anti-thesis of the "chip/PIN" authentication that they added to credit cards, and it is being forced on consumers who receive new or replacement cards.

Chip authentication in credit cards actually increases security; if the merchant has a chip reader and you don't know the PIN, the transaction won't go through. There's workarounds; if it can't read the chip, it will still ask you to swipe and won't require a PIN, so inserting the card backwards will bypass PIN authentication and negate the embedded chip security. Chips add absolutely no value to Interac debit cards.

However, with RF cards, not only can your card be charged simply by being near the reader, the merchant is not required to provide you with a credit card receipt, and your signature is not required. Visa will hold you just as liable for these transactions as if you used the chip and entered your PIN. This raises several security concerns, such as the security of the information in the RFID chips, the possibility of being double-billed due to having multiple RF cards in your wallet, and the risk of malicious individuals skimming your cards simply by being near you. If they implement RF readers in portable credit card terminals, the possibility then exists of drive-by (or walk-by) credit card charges.

The risk becomes even greater when you realize that banks are pushing RF cards in Interac (debit) cards. These cards have always had PIN protection because the money comes directly out of your bank account, and debit cards don't have the same level of consumer protection included with credit cards. So in addition to all the risks of RF credit cards, you don't have the same ability to dispute the transactions as with a CC, and could potentially have your bank account emptied without anybody knowing your PIN.

Does anybody think that my concerns are reasonable? That, by reducing the existing protections against CC and debit card fraud in the guise of "convenience", consumers will be more at risk and payment card fraud will increase?

I saw an investigative journalism show recently (can't recall which one) where they were able to purchase RF card readers for credit cards online, then use them to surreptitiously read credit card numbers by brushing past people with the card reader in a purse/brief case.

Obviously you require more than just the card # to make a transaction or fake a credit card, but the ease with which data could be captured was scary.

perhaps one of these will do the trick

RFID Blocking Wallet (http://www.thinkgeek.com/gadgets/security/8cdd/)

Chip authentication in credit cards actually increases security; if the merchant has a chip reader and you don't know the PIN, the transaction won't go through. There's workarounds; if it can't read the chip, it will still ask you to swipe and won't require a PIN, so inserting the card backwards will bypass PIN authentication and negate the embedded chip security.

Yes doing this will bypass the chip security, but in a case like this the merchant is 100% liable for that transaction. The merchant has to ensure they process any chip cards as PIN authenticated, if swiped instead or bypassed on the terminal they are liable for any chargebacks and/or fraud.



Chips add absolutely no value to Interac debit cards.

You're kidding right? Do you have any idea how much debit card fraud there is in Canada? It is very simple and easy to obtain you magnetic stripe information from your debit card and then creat a new one within minutes. All I need is your PIN to make the newly created card - quite simple to obtain with a properly placed camera in the same store I obtained your swiped card information from a rigged terminal.
CHIP cards cannot be duplicated at this time, but magnetic stripe cards can be within minutes of obtaining the stripe infomation. CHIP adds a litterlally millions of dollars in value to debit cards in reduced fraud.



However, with RF cards, not only can your card be charged simply by being near the reader, the merchant is not required to provide you with a credit card receipt, and your signature is not required. Visa will hold you just as liable for these transactions as if you used the chip and entered your PIN. This raises several security concerns, such as the security of the information in the RFID chips, the possibility of being double-billed due to having multiple RF cards in your wallet, and the risk of malicious individuals skimming your cards simply by being near you. If they implement RF readers in portable credit card terminals, the possibility then exists of drive-by (or walk-by) credit card charges.

You cannot be chrged simply be being "near" the reader. You must be with 6-12" of the reader for it to collect your information as well as the terminal collecting the information must be ready to receive it. If a sale isn't pending for teh RFID reader, it's not active. As well you cannot be double billed if you happen to have two or three cards in your wallet. The reader will pick the one ti receives the information from first or alternatively it will not process as the reader cannot distinguish which card is being read.




The risk becomes even greater when you realize that banks are pushing RF cards in Interac (debit) cards. These cards have always had PIN protection because the money comes directly out of your bank account, and debit cards don't have the same level of consumer protection included with credit cards. So in addition to all the risks of RF credit cards, you don't have the same ability to dispute the transactions as with a CC, and could potentially have your bank account emptied without anybody knowing your PIN.

With RFID transactions on both debit and credit cards, your issuer (bank, credit union or other financial institution) sets limits for the dollar amount allowed for RFID transactions. Interac regulations limit RFID authorizations to $100 per transaction, but most issuers set the limit to $50.

Yes, you could pull RFID information as demonstrated by some news programs, however with only the card number of a debit card it is of no use. The same person would have to find a way to obtain your PIN and then they could create a new mag stripe card and drain your account, however this risk already exists today (see above) at any merchant location that could have a modified point of sale machine.